This is a write-up of the classic padding oracle attack on CBC-mode block ciphers. If you've done the Cryptopals cryptography challenges, you'll remember it as challenge 17. This is a famous and elegant attack. With it, we will see how even a small data leak (in this case, the presence of a "padding oracle" - … Continue reading Cryptopals: Exploiting CBC Padding Oracles
Archive
Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)
Overview RFCs have played a pivotal role in helping to formalise ideas and requirements for much of the Internet's design and engineering. They have facilitated peer review amongst engineers, researchers and computer scientists, which in turn has resulted in specification of key Internet protocols and their behaviours so that developers can implement those protocols in … Continue reading Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)
NCC Group’s 2020 Annual Research Report
In this post, we summarize our security research findings from across the nearly 200 conference publications, blog posts, and tool releases published by researchers at NCC Group between January 1 2020 and December 31 2020. We present our findings and their impact in context, with links to the associated research papers, recorded conference presentations, publicly … Continue reading NCC Group’s 2020 Annual Research Report
Conference Talks – February/March 2021
Throughout February and March, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick (NCC Group), Rao Lakkakula (JPMorgan Chase), Christopher Robinson (Red Hat), & Kay Williams (Microsoft), "Frontiers in Securing the Open Source Ecosystem," to be presented at FOSS Backstage (Virtual - February 10-12 2021)Robert Seacord (NCC Group) & … Continue reading Conference Talks – February/March 2021
Software Verification and Analysis Using Z3
We provide a technical introduction on how to leverage the Z3 Theorem Prover to reason about the correctness of cryptographic software, protocols and otherwise, and to identify potential security vulnerabilities. We cover two distinct use cases: modeling and analysis of an algorithm documented in an old version of the QUIC Transport protocol IETF draft; modeling of specific finite field arithmetic operations for elliptic curve cryptography, with integers represented using a uniform saturated limb schedule, to prove equivalence with arbitrary-precision arithmetic, and for test cases generation.
Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)
Current Vendor: Belkin (Linksys) Vendor URL: https://www.linksys.com/sg/p/P-WRT160NL/ Versions affected: 1.0.04 build 2 (FW_WRT160NL_1.0.04.002_US_20130619_code.bin) Systems Affected: Linksys WRT160NL Authors: Manuel Ginés - Manuel.Gines[at]nccgroup[dot]com && Diego Gómez Marañón – Diego.GomezMaranon[at]nccgroup[dot]com CVE Identifier: CVE-2021-25310 Risk: 8.8 (High) - AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Summary The Linksys WRT160NL is a switch device initially owned by Cisco and, after the sale of its respective … Continue reading Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)
Real World Cryptography Conference 2021: A Virtual Experience
Earlier this month, our Cryptography Services team got together and attended (virtually) the IACR's annual Real World Cryptography (RWC) conference. RWC is a fantastic venue for the latest results in real world cryptography from industry and academia. Holding this conference virtually inevitably introduced some changes: to accommodate as many time zones as possible, the daily … Continue reading Real World Cryptography Conference 2021: A Virtual Experience
RIFT: Analysing a Lazarus Shellcode Execution Method
NCC Group's Research and Intelligence Fusion Team analyze a recent shellcode execution method used by Lazarus Group
MSSQL Lateral Movement
Using discovered credentials to move laterally in an environment is a common goal for the NCC Group FSAS team. The ability to quickly and reliably use a newly gained set of credentials is essential during time-constrained operations. This blog post explains how to automate lateral movement via MSSQL CLR without touching disk* or requiring XP_CMDSHELL and how this can be prevented and detected.
Public Report – BLST Cryptographic Implementation Review
In October 2020, Supranational, Protocol Labs and the Ethereum Foundation engaged NCC Group’s Cryptography Services team to conduct a cryptographic implementation review of the BLST library. This library implements support for the draft IETF specifications on Hashing to Elliptic Curves and BLS Signatures. The latter specification uses advanced cryptographic-pairing operations to feature aggregation properties for … Continue reading Public Report – BLST Cryptographic Implementation Review