Archive

Real World Cryptography Conference 2022

The IACR’s annual Real World Cryptography (RWC) conference took place in Amsterdam a few weeks ago. It remains the best venue for highlights of cryptographic constructions and attacks for the real world. While the conference was fully remote last year, this year it was a 3-day hybrid event, live-streamed from a conference center in charming … Continue reading Real World Cryptography Conference 2022

Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark

As one of the proud contributors to the newest version of the CIS Google Cloud Platform Foundation Benchmark, I wanted to raise awareness about the new version release of this benchmark [1] by the Center for Internet Security (CIS) and how it can help a company to set a strong security baseline or foundation for … Continue reading Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark

Public Report – Google Enterprise API Security Assessment

During the autumn of 2021, Google engaged NCC Group to perform a review of the Android 12 Enterprise API to evaluate its compliance with the Security Technical Implementation Guides (STIG) matrix provided by Google. This assessment was also performed with reference to the Common Criteria Protection Profile for Mobile Device Fundamentals (PPMDF), from which the … Continue reading Public Report – Google Enterprise API Security Assessment

Whitepaper – Double Fetch Vulnerabilities in C and C++

Double fetch vulnerabilities in C and C++ have been known about for a number of years. However, they can appear in multiple forms and can have varying outcomes. As much of this information is spread across various sources, this whitepaper draws the knowledge together into a single place, in order to better describe the different … Continue reading Whitepaper – Double Fetch Vulnerabilities in C and C++

Mining data from Cobalt Strike beacons

Since we published about identifying Cobalt Strike Team Servers in the wild just over three years ago, we’ve collected over 128,000 beacons from over 24,000 active Team Servers. Today, RIFT is making this extensive beacon dataset publicly available in combination with the open-source release of dissect.cobaltstrike, our Python library for studying and parsing Cobalt Strike … Continue reading Mining data from Cobalt Strike beacons

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)

This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.

Tool Release – ScoutSuite 5.11.0

We’re proud to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)! The most significant improvements and features added include: CoreImproved CLI options, test coverage and some dependenciesAWSAdded new findings for multiple servicesBug fixesAdded ARNs for all resourcesAzureAdded new findingsBug fixesGCPNew ruleset for GCP CIS version 1.1Added support … Continue reading Tool Release – ScoutSuite 5.11.0