NCC Group Research Home

  • Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review

    February 26, 2020 by

    In December 2019, MobileCoin engaged NCC Group to conduct a review of the AES/GCM and ChaCha20+Poly1305 implementations provided by the RustCrypto/AEADs crates. The intended usage context of these crates includes SGX enclaves, making timing-related side channel attacks relevant to this assessment. Two consultants provided five person-days of effort. The Public Report for this audit may… Read more

  • Reviewing Verifiable Random Functions

    February 24, 2020 by

    While Verifiable Random Functions (VRFs) were first described just over twenty years ago [1], they have recently seen a strong resurgence in popularity due to their usefulness in blockchain applications [2]. This blog post will introduce VRFs in the context of other well-known cryptographic primitives, describe three example use cases, and then highlight over two… Read more

  • Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses

    February 20, 2020 by

    Microcontrollers commonly include features to prevent the readout of sensitive information in internal storage. Such features are commonly referred to as readback protection or readout protection. This paper describes common readback protection implementation flaws, discusses techniques that can be used to defeat readback protection, and provides guidance to implement effective readback protection, written by Sultan… Read more

  • Improving Software Security through C Language Standards

    February 19, 2020 by

    This blog post describes my history with the C Standards Committee, the work standards organizations are currently doing in software security, and the future of NCC Group’s work in improving software security by working with the C Standards Committee and other standardzation efforts. Past I became involved with the C Standards Committee (more formally, ISO/IEC… Read more

  • Deep Dive into Real-World Kubernetes Threats

    February 12, 2020 by

    On Saturday, February 1st, I gave my talk titled “Command and KubeCTL: Real-World Kubernetes Security for Pentesters” at Shmoocon 2020. I’m following up with this post that goes into more details than I could cover in 50 minutes. This will re-iterate the points I attempted to make, walk through the demo, and provide resources for… Read more

  • Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)

    February 11, 2020 by

    Summary: PlaySMS is an open source SMS gateway, which has a web management portal written in PHP. PlaySMS supports a custom PHP templating system, called tpl ( PlaySMS double processes a server-side template, resulting in unauthenticated user control of input to the PlaySMS template engine. The template engine’s implementation then permits arbitrary code execution. Location:… Read more

  • Interfaces.d to RCE

    February 10, 2020 by

    Several months ago, I was having a poke at the Mozilla WebThings IoT gateway. The gateway essentially allows a user to host their own IoT cloud from a device (such as a Raspberry Pi) on their local network. It creates a tunnel to a personal subdomain of for managing a user’s devices from the… Read more

  • Properly Signed Certificates on CPE Devices

    February 4, 2020 by

    During late January 2020, a hot topic surfaced between security professionals on an issue that has historically had different proposed solutions. This blog post seeks to explore these solutions and identify pragmatic approaches to risk reduction on this specific issue concerning Customer Premises Equipment (CPE) security. Two security researchers (Tom Pohl and Nick Starke) analysed… Read more

  • Conference Talks – February 2020

    January 31, 2020 by

    This month, members of NCC Group will be giving the following 6 conference presentations: Mark Manning, “Command and KubeCTL: Real-World Kubernetes Security for Pentesters” presented at Shmoocon (Washington, DC – January 31-February 2 2020) Clint Gibler, “How to 10X Your Company’s Security (Without a Series D),” presented at BSidesSF (San Francisco, CA – February 22-24 2020) Clint… Read more

  • Tool Release – Collaborator++

    January 28, 2020 by

    When testing for out-of-band vulnerabilities, Collaborator has been an invaluable tool since its initial release in 2015. By acting as a HTTP, DNS and SMTP server, Collaborator allows researchers to identify complex out-of-band interactions between target applications and external services aiding in the discovery of vulnerabilities such as server-side request forgery (SSRF), XML external entity… Read more

  • Tool Release – Enumerating Docker Registries with go-pillage-registries

    January 24, 2020 by

    Containerization solutions are becoming increasingly common throughout the industry due to their vast applications in logically separating and packaging processes to run consistently across environments. Docker represents these processes as images by packaging a base filesystem and initialization instructions for the runtime environment. Developers can use common base images and instruct Docker to execute a… Read more

  • Conference Talks – January 2020

    January 2, 2020 by

    This month, in addition to the several dozen technical talks and trainings our researchers will offer at our internal conferences, NCC CON US and NCC CON Europe, two NCC Group researchers will also be presenting work publicly: Clint Gibler, “DevSecOps State of the Union v2.0,” presented at AppSec Cali (Santa Monica, CA – January 22-24… Read more

View all posts