NCC Group Research Home

  • Exploring Verifiable Random Functions in Code

    April 3, 2020 by

    Verifiable Random Functions (VRFs) have recently seen a strong surge in popularity due to their usefulness in blockchain applications. Earlier I wrote about what VRFs are, where they can be used, and a few dozen things to consider when reviewing them. In this follow-on blog post, I am pleased to introduce actual working code that… Read more

  • Crave the Data: Statistics from 1,300 Phishing Campaigns

    April 3, 2020 by

    tl;dr 1,300 phishing campaigns were analysed involving over 360,000 users Targets in Charities to be over 3 times more likely to click than the Health Sector However once clicked half of all targets were likely to supply credentials regardless Best case 1/10 of targets will click a link Best case 1/20 of targets will supply… Read more

  • Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks

    March 30, 2020 by

    DNS over HTTPS (DoH) is a new protocol to perform DNS resolution over HTTPS. It has been in the news recently as Google and Mozilla have both implemented DoH in Chrome and Firefox respectively. DoH encrypts DNS traffic using HTTPS. This prevents internet service providers and anybody in a privileged network position to observe the… Read more

  • Tool Release – ScoutSuite 5.8.0

    March 28, 2020 by

    Quick note to say we’ve released ScoutSuite 5.8.0 on Github with the following features: Improved support for AWS Added support for KMS Added basic support for Secrets Manager Simplified evaluation of IAM policies in multiple rules Improved support for Azure Added support for App Service Web Apps Added support for Security Center Compliance Results Added… Read more

  • Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

    March 26, 2020 by

    By Aleksandar Kircanski and Terence Tarvis A good amount of effort has been dedicated to surveying and systematizing Ethereum smart contract security bug classes. There is, however, a gap in literature when it comes to surveying implementation-level security bugs that commonly occur in basic PoW blockchain node implementations, discovered during the first decade of Bitcoin’s… Read more

  • Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns

    March 24, 2020 by

    Running smart contracts in a Trusted Execution Environment (TEE) such as Intel Software Guard Extensions (SGX) to preserve the confidentiality of blockchain transactions is a novel and not widely understood technique. In this blog post, we point out several bug classes that we observed in confidential smart contract designs and implementations in our recent client… Read more

  • LDAPFragger: Bypassing network restrictions using LDAP attributes

    March 19, 2020 by

    Introduction A while back during a penetration test of an internal network, we encountered physically segmented networks. These networks contained workstations joined to the same Active Directory domain, however only one network segment could connect to the internet. To control workstations in both segments remotely with Cobalt Strike, we built a tool that uses the… Read more

  • Threat Actors: exploiting the pandemic

    Last Update: Marc 19th, 2020 at 11:26 UTC Overview Threat actors attempting to capitalize on current events, pandemics and global anxiety is nothing new, as was previously seen with malicious campaigns related to the 2019 climate strikes and demonstrations as well as the 2018 FIFA World Cup tournament. By relying on basic social engineering –… Read more

  • A Survey of Istio’s Network Security Features

    March 4, 2020 by

    Istio is a service mesh, which, in general, exist as a compliment to container orchestrators (e.g. Kubernetes) in order to provide additional, service-centric features surrounding traffic management, security, and observability. Istio is arguably the most popular service mesh (using GitHub stars as a metric). This blog post assumes working familiarity with Kubernetes and microservices, but… Read more

  • Conference Talks – March 2020

    February 28, 2020 by

    This month, members of NCC Group will be presenting their work at the following conferences: Adam Rudderman, “Bug Bounty: Why is this happening?” presented at Nullcon Goa (Goa, India – March 3-7 2020) Rob Wood, “[Panel]: CSIS Security Panel Discussion,” presented at OCP Global Summit (San Jose, CA – March 4-5 2020) Rory McCune, “[Training]:… Read more

  • Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review

    February 26, 2020 by

    In December 2019, MobileCoin engaged NCC Group to conduct a review of the AES/GCM and ChaCha20+Poly1305 implementations provided by the RustCrypto/AEADs crates. The intended usage context of these crates includes SGX enclaves, making timing-related side channel attacks relevant to this assessment. Two consultants provided five person-days of effort. The Public Report for this audit may… Read more

  • Reviewing Verifiable Random Functions

    February 24, 2020 by

    While Verifiable Random Functions (VRFs) were first described just over twenty years ago [1], they have recently seen a strong resurgence in popularity due to their usefulness in blockchain applications [2]. This blog post will introduce VRFs in the context of other well-known cryptographic primitives, describe three example use cases, and then highlight over two… Read more

  • Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses

    February 20, 2020 by

    By Sultan Qasim Khan Microcontrollers commonly include features to prevent the readout of sensitive information in internal storage. Such features are commonly referred to as readback protection or readout protection. This paper describes common readback protection implementation flaws, discusses techniques that can be used to defeat readback protection, and provides guidance to implement effective readback… Read more

View all posts