With Coronavirus still active across the world, life is far from settled, but the uptake of remote working is surely here to stay. From a security standpoint, organisations[1] may feel less comfortable at the moment simply because staff are working out of sight. Whether that feeling is justified will depend on the technical measures put … Continue reading Salesforce Security with Remote Working
Archive
Tool Release – ScoutSuite 5.10
We’re proud to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)! Notable improvements and features include: CoreBreaking change: support for Python 3.5 has been deprecatedMoved unit tests from nose to pytest & improved coverageBug fixes and improved error handlingAWSCreated a ruleset for the AWS CIS Benchmark version 1.2Can … Continue reading Tool Release – ScoutSuite 5.10
Conference Talks – October 2020
This month, members of NCC Group will be presenting their work at the following conferences: Dirk-Jan Mollema, "Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities," to be presented at Black Hat Asia 2020 (Virtual - October 1 2020)Sanne Maasakkers, "Improve Security Awareness Campaigns by Applying Phishing Research," to be presented … Continue reading Conference Talks – October 2020
Tool Release – ICPin, an integrity-check and anti-debug detection pintool
by Nicolas Guigo ICPin is an Intel pintool leveraging the framework's JIT mode designed to track a binary's integrity checks. It records all reads and all writes performed by the target executable or dynamically loaded library on its text section and outputs a human readable text file describing each memory access with its type (R|W) … Continue reading Tool Release – ICPin, an integrity-check and anti-debug detection pintool
Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record
Elliptic curves are commonly used to implement asymmetric cryptographic operations such as key exchange and signatures. These operations are used in many places, in particular to initiate secure network connections within protocols such as TLS and Noise. However, they are relatively expensive in terms of computing resources, especially for low-end embedded systems, which run on … Continue reading Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record
Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)
Vendor: Lansweeper Software Vendor URL: https://www.lansweeper.com/ Versions affected: 8.0.130.17 known affected versions, others likely Systems Affected: Windows 10 Authors: Joshua Dow <joshua.dow@nccgroup.com>, Daniel King <daniel.king@nccgroup.com> Advisory URL / CVE Identifier: CVE-2020-13658 Risk: High Summary: Lansweeper is an application that gathers hardware and software information of computers and other devices on a computer network for management … Continue reading Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)
Online Casino Roulette – A guideline for penetration testers and security researchers
Introduction In recent years, the gaming industry has grown significantly, especially casino games and sports betting. Online casinos consolidate their position as one of the main sources of entertainment in many countries worldwide, which evidently involves a notable rise in their turnover. For instance, in Spain alone, the gaming industry generated revenue of around €4,567 … Continue reading Online Casino Roulette – A guideline for penetration testers and security researchers
Extending a Thinkst Canary to become an interactive honeypot
In this post we explore how to use the extensible nature of Thinkst Canary to build a high interaction honeypot.
StreamDivert: Relaying (specific) network connections
Author: Jelle Vergeer The first part of this blog will be the story of how this tool found it's way into existence, the problems we faced and the thought process followed. The second part will be a more technical deep dive into the tool itself, how to use it, and how it works. Storytime About … Continue reading StreamDivert: Relaying (specific) network connections
Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review
In June 2020, the Electric Coin Company engaged NCC Group to conduct a security review of the six Zcash Improvement Proposals (ZIPs) that constitute the core of the upcoming Canopy (https://z.cash/upgrade/canopy/) upgrade (also called "NU4") to the Zcash network. This upgrade coincides with the first Zcash halving and will initiate a new development fund for … Continue reading Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review