NCC Group Research Home

  • Public Report – Dell Secured Component Verification

    May 5, 2021 by

    During February 2021, Dell engaged NCC Group to conduct a security assessment of their supply chain security functionality and related and supportive foundational security functionality on 14th and 15th generation Dell servers. Documentation and source code was provided as well as access to a running lab server via network access, with access to both the… Read more

  • RM3 – Curiosities of the wildest banking malware

    by fumik0_ & the RIFT TL:DR Our Research and Intelligence Fusion Team have been tracking the Gozi variant RM3 for close to 30 months. In this post we provide some history, analysis and observations on this most pernicious family of banking malware targeting Oceania, the UK, Germany and Italy.  We’ll start with an overview of its origins and current operations before providing a deep dive technical analysis… Read more

  • Conference Talks – May 2021

    April 30, 2021 by

    This month, members of NCC Group will be presenting their work at the following conferences: Sourya Biswas, “Psychology of the Phish: Leveraging the Seven Principles of Influence”, to be presented at ISACA Conference North America (Virtual – May 5 2021) Sourya Biswas, “Cybersecurity is War: Lessons from Historical Conflicts”, to be presented at Secure360 (Virtual… Read more

  • NCC Group’s Upcoming Trainings at Black Hat USA 2021

    April 13, 2021 by

    NCC Group will be presenting 4 different training courses at Black Hat USA 2021. Below you will find high level details about each course, as well as a link to a detailed course description and course registration details on the Black Hat website. Join us! Mastering Container Security V5 – Black Hat edition (August 2-3… Read more

  • Tool Release – Principal Mapper v1.1.0 Update

    March 29, 2021 by

    Principal Mapper, or PMapper, is a tool and library for in-depth analysis with AWS Identity and Access Management, as well as AWS Organizations. PMapper stores data about AWS accounts and organizations, then provides options to query, visualize, and analyze that data. The library, written in Python, enables users to extend PMapper’s functionality for other use-cases.… Read more

  • SAML XML Injection

    March 29, 2021 by

    The Single Sign-On (SSO) approach to authentication controls and identity management was quickly adopted by both organizations and large online services for its convenience and added security. The benefits are clear; for end-users, it is far easier to authenticate to a single service and gain access to all required applications. And for administrators, credentials and… Read more

  • The Future of C Code Review

    March 23, 2021 by

    I gave a short talk on the Future of C Code Review at our internal (Not) NCC Con Conference this year (held virtually due to Covid-19) and recorded it for posterity. In this short talk, I focus on optimizations resulting from pointer provenance-based alias analysis that can modify the behavior of code with undefined behaviors.… Read more

  • Tool Release – Solitude: A privacy analysis tool

    March 17, 2021 by

    Created by Dan Hastings and Emanuel Flores Solitude is an open source privacy analysis tool that enables you to conduct your own privacy investigations into where your private data goes once it leaves your web browser or mobile device. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating an… Read more

  • Lending a hand to the community – Covenant v0.7 Updates

    Introduction Covenant [1] is an open source .NET command and control framework to support Red Team operations, similar in many ways to the well-known Cobalt Strike threat emulation software. Covenant is an ASP.NET Core, cross-platform application that includes a web-based interface that allows for multi-user collaboration. It has two main agents/payloads: The Grunt, which is… Read more

  • Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)

    March 10, 2021 by

    Summary When running PC-Doctor modules, the Dell SupportAssist service attempted to load DLLs from a world-writable directory. Furthermore, it did not validate the signature of libraries loaded from this directory, leading to a “DLL Hijacking” vulnerability. Impact Successful exploitation of this issue would allow a low privileged user to execute arbitrary code with SYSTEM privileges.… Read more

View all posts