Research Blog

Insights and research from our global cybersecurity team.

Filter Content

Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call

Vendor: Sonos Vendor URL: https://www.sonos.com/ Versions affected: * Confirmed 73.0-42060 Systems Affected: Sonos Era 100 Author: Ilya Zhuravlev Advisory URL: Not provided by Sonos. Sonos state an update was released on 2023-11-15 which remediated the issue. CVE Identifier: N/A Risk: High Summary Sonos Era 100 is a smart speaker released…

Read more

Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100

Research performed by Ilya Zhuravlev supporting the Exploit Development Group (EDG). The Era 100 is Sonos’s flagship device, released on March 28th 2023 and is a notable step up from the Sonos One. It was also one of the target devices for Pwn2Own Toronto 2023. NCC found multiple security weaknesses…

Read more

Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets

Multiple vulnerabilities identified in Adobe ColdFusion allow an unauthenticated attacker to obtain the service account NTLM password hash, verify the existence of a file or directory on the underlying operating system, and configure central config server settings.

Read more

Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group

Author: Alex Jessop (@ThisIsFineChief) Summary Tl;dr This post will delve into a recent incident response engagement handled by NCC Group’s Cyber Incident Response Team (CIRT) involving the Ransomware-as-a-Service known as NoEscape. Below provides a summary of findings which are presented in this blog post:  NoEscape NoEscape is a new financially…

Read more

The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses

At Fox-IT (part of NCC Group) identifying servers that host nefarious activities is a critical aspect of our threat intelligence. One approach involves looking for anomalies in responses of HTTP servers. Sometimes cybercriminals that host malicious servers employ tactics that involve mimicking the responses of legitimate software to evade detection.…

Read more

Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review

In August 2023, Meta engaged NCC Group’s Cryptography Services practice to perform an implementation review of their Auditable Key Directory (AKD) library, which provides an append-only directory of public keys mapped to user accounts and a framework for efficient cryptographic validation of this directory by an auditor. The library is…

Read more

November 14, 2023

1 min read

Read more

Don’t throw a hissy fit; defend against Medusa

Unveiling the Dark Side: A Deep Dive into Active Ransomware Families  Author: Molly Dewis  Intro  Our technical experts have written a blog series focused on Tactics, Techniques and Procedures (TTP’s) deployed by four ransomware families recently observed during NCC Group’s incident response engagements.    In case you missed it, our last…

Read more

Demystifying Cobalt Strike’s “make_token” Command

Introduction If you are a pentester and enjoy tinkering with Windows, you have probably come across the following post by Raphael Mudge: Windows Access Tokens and Alternate Credentials In this post, he explains how the Windows program runas works and how the netonly flag allows the creation of processes where…

Read more

Tool Release: Magisk Module – Conscrypt Trust User Certs

Overview Android 14 introduced a new feature which allows to remotely install CA certificates. This change implies that instead of using the /system/etc/security/cacerts directory to check the trusted CA’s, this new feature uses the com.android.conscrypt APEX module, and reads the certificates from the directory /apex/com.android.conscrypt/cacerts. Inspired by this blog post by Tim Perry,…

Read more

November 8, 2023

3 mins read

Read more

Post-exploiting a compromised etcd – Full control over the cluster and its nodes

Kubernetes is essentially a framework of various services that make up its typical architecture, which can be divided into two roles: the control-plane, which serves as a central control hub and hosts most of the components, and the nodes or workers, where containers and their respective workloads are executed. Within…

Read more

November 7, 2023

11 mins read

Read more

No Results Found :(

Call us before you need us.

Our experts will help you.

Get in touch