Max Groot & Ruud van Luijk TL;DR A recently uncovered malware sample dubbed ‘Saitama’ was uncovered by security firm Malwarebytes in a weaponized document, possibly targeted towards the Jordan government. This Saitama implant uses DNS as its sole Command and Control channel and utilizes long sleep times and (sub)domain randomization to evade detection. As no … Continue reading Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study
Introduction Last weekend (July 30th) a truly incredible piece of mathematical/cryptanalysis research was put onto eprint. Wouter Castryck and Thomas Decru of KU Leuven published a paper "An efficient key recovery attack on SIDH (preliminary version)" describing a new attack on the Supersingular Isogeny Diffie-Hellman (SIDH) protocol together with a corresponding proof-of-concept implementation. SIDH is … Continue reading Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath
by Michael Mathews Ransomware has been a concern for everyone over the past several years because of its impact to organisations with the added pressure of extortion and regulatory involvement. However, the question always arises as to how we prevent it. Prevention is better than cure and hindsight is a virtue. This blog post aims … Continue reading Top of the Pops: Three common ransomware entry techniques
This year, NCC Group researchers will be presenting at least five presentations at Black Hat USA and DEF CON 30. A guide to these presentations (abstracts, dates, and links) is included below. We will also update this post with any additional presentations as they are accepted and announced. Virtually or in-person, we hope you will … Continue reading NCC Group Research at Black Hat USA 2022 and DEF CON 30
The following vulnerabilities were found as part of a research project looking at the state of security of the different Nuki (smart lock) products. The main goal was to look for vulnerabilities which could affect to the availability, integrity or confidentiality of the different devices, from hardware to software. Eleven vulnerabilities were discovered. Below are … Continue reading Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)
Last week, NIST announced some algorithms selected for standardization as part of their Post-Quantum Cryptography project. This is a good opportunity to recall the history of this process, observe its current state, and comment on the selected algorithms. It is important to remember that the process is not finished: round 4 has started, and should … Continue reading NIST Selects Post-Quantum Algorithms for Standardization
In the Threat Pulse released in November 2021 we touched on Everest Ransomware group. This latest blog documents the TTPs employed by a group who were observed deploying Everest ransomware during a recent incident response engagement.
We recently published "Practical Attacks on Machine Learning Systems", which has a very large references section - possibly too large - so we've boiled down the list to five papers that are absolutely essential in this area. If you're beginning your journey in ML security, and have the very basics down, these papers are a … Continue reading Five Essential Machine Learning Security Papers
This paper collects a set of notes and research projects conducted by NCC Group on the topic of the security of Machine Learning (ML) systems. The objective is to provide some industry perspective to the academic community, while collating helpful references for security practitioners, to enable more effective security auditing and security-focused code review of ML systems. Details of specific practical attacks and common security problems are described. Some general background information on the broader subject of ML is also included, mostly for context, to ensure that explanations of attack scenarios are clear, and some notes on frameworks and development processes are provided.
Originally published June 29, 2022 on the Fox-IT blog Authored by Alberto Segura (main author) and Rolf Govers (co-author) Summary Flubot is an Android based malware that has been distributed in the past 1.5 years inEurope, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims.Like the majority of Android banking malware, Flubot abuses … Continue reading Flubot: the evolution of a notorious Android Banking Malware