Vendor: Dell / PC-Doctor Vendor URL: https://www.dell.com/support/contents/en-uk/article/product-support/self-support-knowledgebase/software-and-downloads/supportassist Versions affected: SupportAssist for Windows version 3.7 or higher, between 2020-08-28 and 2020-10-22 Systems Affected: Windows Author: richard.warren[at]nccgroup[dot]com Advisory URL: https://www.dell.com/support/kbdoc/000184012 CVE Identifier: CVE-2021-21518 Risk: CVSSv3.1: 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) Summary When running PC-Doctor modules, the Dell SupportAssist service attempted to load DLLs from a world-writable directory. Furthermore, it did … Continue reading Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)
Archive
Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches
Multiple vulnerabilities were found in Netgear ProSafe Plus JGS516PE switches that may pose a serious risk to their users. The most critical vulnerability could allow unauthenticated users to gain arbitrary code execution. The following vulnerabilities were the most relevant identified during the internal research: Unauthenticated Remote Code Execution (CVE-2020-26919)NSDP Authentication Bypass (CVE-2020-35231)Unauthenticated Firmware Update Mechanism … Continue reading Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches
Deception Engineering: exploring the use of Windows Service Canaries against ransomware
We prototyped a Windows Service Canary to help detect and respond to certain pre-ransomware trade craft. The ultimate goal being to alert and minimize the impact of ransomware deployments.
Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes
Wubes is like Qubes but for Microsoft Windows. The idea is to leverage the Windows Sandbox technology to spawn applications in isolation. We currently support spawning a Windows Sandbox for the Firefox browser, with other applications easily added.
Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)
Current Vendor: Gigaset Vendor URL: https://www.gigaset.com/es_es/gigaset-dx600a-isdn/ Versions affected: V41.00-175.00.00-SATURN-175.00 Systems Affected: DX600A Authors: Manuel Ginés - manuel.gines[at]nccgroup[dot]com Admin Service Weak Authentication CVE Identifier: CVE-2021-25309 Risk: 8.8 (High) - AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H AT Command Buffer Overflow CVE Identifier: CVE-2021-25306 Risk: 4.5 (Medium) - AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Summary According to the oficial documentation, the Gigaset DX600A is a high-end ISDN desktop … Continue reading Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)
Cryptopals: Exploiting CBC Padding Oracles
This is a write-up of the classic padding oracle attack on CBC-mode block ciphers. If you've done the Cryptopals cryptography challenges, you'll remember it as challenge 17. This is a famous and elegant attack. With it, we will see how even a small data leak (in this case, the presence of a "padding oracle" - … Continue reading Cryptopals: Exploiting CBC Padding Oracles
Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)
Overview RFCs have played a pivotal role in helping to formalise ideas and requirements for much of the Internet's design and engineering. They have facilitated peer review amongst engineers, researchers and computer scientists, which in turn has resulted in specification of key Internet protocols and their behaviours so that developers can implement those protocols in … Continue reading Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)
NCC Group’s 2020 Annual Research Report
In this post, we summarize our security research findings from across the nearly 200 conference publications, blog posts, and tool releases published by researchers at NCC Group between January 1 2020 and December 31 2020. We present our findings and their impact in context, with links to the associated research papers, recorded conference presentations, publicly … Continue reading NCC Group’s 2020 Annual Research Report
Conference Talks – February/March 2021
Throughout February and March, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick (NCC Group), Rao Lakkakula (JPMorgan Chase), Christopher Robinson (Red Hat), & Kay Williams (Microsoft), "Frontiers in Securing the Open Source Ecosystem," to be presented at FOSS Backstage (Virtual - February 10-12 2021)Robert Seacord (NCC Group) & … Continue reading Conference Talks – February/March 2021
Software Verification and Analysis Using Z3
We provide a technical introduction on how to leverage the Z3 Theorem Prover to reason about the correctness of cryptographic software, protocols and otherwise, and to identify potential security vulnerabilities. We cover two distinct use cases: modeling and analysis of an algorithm documented in an old version of the QUIC Transport protocol IETF draft; modeling of specific finite field arithmetic operations for elliptic curve cryptography, with integers represented using a uniform saturated limb schedule, to prove equivalence with arbitrary-precision arithmetic, and for test cases generation.