NCC Group Research Home

  • Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks

    March 30, 2020 by

    DNS over HTTPS (DoH) is a new protocol to perform DNS resolution over HTTPS. It has been in the news recently as Google and Mozilla have both implemented DoH in Chrome and Firefox respectively. DoH encrypts DNS traffic using HTTPS. This prevents internet service providers and anybody in a privileged network position to observe the… Read more

  • Tool Release – ScoutSuite 5.8.0

    March 28, 2020 by

    Quick note to say we’ve released ScoutSuite 5.8.0 on Github with the following features: Improved support for AWS Added support for KMS Added basic support for Secrets Manager Simplified evaluation of IAM policies in multiple rules Improved support for Azure Added support for App Service Web Apps Added support for Security Center Compliance Results Added… Read more

  • Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

    March 26, 2020 by

    By Aleksandar Kircanski and Terence Tarvis A good amount of effort has been dedicated to surveying and systematizing Ethereum smart contract security bug classes. There is, however, a gap in literature when it comes to surveying implementation-level security bugs that commonly occur in basic PoW blockchain node implementations, discovered during the first decade of Bitcoin’s… Read more

  • Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns

    March 24, 2020 by

    Running smart contracts in a Trusted Execution Environment (TEE) such as Intel Software Guard Extensions (SGX) to preserve the confidentiality of blockchain transactions is a novel and not widely understood technique. In this blog post, we point out several bug classes that we observed in confidential smart contract designs and implementations in our recent client… Read more

  • LDAPFragger: Bypassing network restrictions using LDAP attributes

    March 19, 2020 by

    Introduction A while back during a penetration test of an internal network, we encountered physically segmented networks. These networks contained workstations joined to the same Active Directory domain, however only one network segment could connect to the internet. To control workstations in both segments remotely with Cobalt Strike, we built a tool that uses the… Read more

  • Threat Actors: exploiting the pandemic

    March 19, 2020 by

    Last Update: Marc 19th, 2020 at 11:26 UTC Overview Threat actors attempting to capitalize on current events, pandemics and global anxiety is nothing new, as was previously seen with malicious campaigns related to the 2019 climate strikes and demonstrations as well as the 2018 FIFA World Cup tournament. By relying on basic social engineering –… Read more

  • A Survey of Istio’s Network Security Features

    March 4, 2020 by

    Istio is a service mesh, which, in general, exist as a compliment to container orchestrators (e.g. Kubernetes) in order to provide additional, service-centric features surrounding traffic management, security, and observability. Istio is arguably the most popular service mesh (using GitHub stars as a metric). This blog post assumes working familiarity with Kubernetes and microservices, but… Read more

  • Conference Talks – March 2020

    February 28, 2020 by

    This month, members of NCC Group will be presenting their work at the following conferences: Adam Rudderman, “Bug Bounty: Why is this happening?” presented at Nullcon Goa (Goa, India – March 3-7 2020) Rob Wood, “[Panel]: CSIS Security Panel Discussion,” presented at OCP Global Summit (San Jose, CA – March 4-5 2020) Rory McCune, “[Training]:… Read more

  • Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review

    February 26, 2020 by

    In December 2019, MobileCoin engaged NCC Group to conduct a review of the AES/GCM and ChaCha20+Poly1305 implementations provided by the RustCrypto/AEADs crates. The intended usage context of these crates includes SGX enclaves, making timing-related side channel attacks relevant to this assessment. Two consultants provided five person-days of effort. The Public Report for this audit may… Read more

  • Reviewing Verifiable Random Functions

    February 24, 2020 by

    While Verifiable Random Functions (VRFs) were first described just over twenty years ago [1], they have recently seen a strong resurgence in popularity due to their usefulness in blockchain applications [2]. This blog post will introduce VRFs in the context of other well-known cryptographic primitives, describe three example use cases, and then highlight over two… Read more

  • Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses

    February 20, 2020 by

    By Sultan Qasim Khan Microcontrollers commonly include features to prevent the readout of sensitive information in internal storage. Such features are commonly referred to as readback protection or readout protection. This paper describes common readback protection implementation flaws, discusses techniques that can be used to defeat readback protection, and provides guidance to implement effective readback… Read more

  • Improving Software Security through C Language Standards

    February 19, 2020 by

    This blog post describes my history with the C Standards Committee, the work standards organizations are currently doing in software security, and the future of NCC Group’s work in improving software security by working with the C Standards Committee and other standardzation efforts. Past I became involved with the C Standards Committee (more formally, ISO/IEC… Read more

  • Deep Dive into Real-World Kubernetes Threats

    February 12, 2020 by

    On Saturday, February 1st, I gave my talk titled “Command and KubeCTL: Real-World Kubernetes Security for Pentesters” at Shmoocon 2020. I’m following up with this post that goes into more details than I could cover in 50 minutes. This will re-iterate the points I attempted to make, walk through the demo, and provide resources for… Read more

View all posts