Archive

Whitepaper – Double Fetch Vulnerabilities in C and C++

Double fetch vulnerabilities in C and C++ have been known about for a number of years. However, they can appear in multiple forms and can have varying outcomes. As much of this information is spread across various sources, this whitepaper draws the knowledge together into a single place, in order to better describe the different … Continue reading Whitepaper – Double Fetch Vulnerabilities in C and C++

Mining data from Cobalt Strike beacons

Since we published about identifying Cobalt Strike Team Servers in the wild just over three years ago, we’ve collected over 128,000 beacons from over 24,000 active Team Servers. Today, RIFT is making this extensive beacon dataset publicly available in combination with the open-source release of dissect.cobaltstrike, our Python library for studying and parsing Cobalt Strike … Continue reading Mining data from Cobalt Strike beacons

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)

This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.

Tool Release – ScoutSuite 5.11.0

We’re proud to announce the release of a new version of our open-source, multi-cloud auditing tool ScoutSuite (on Github)! The most significant improvements and features added include: CoreImproved CLI options, test coverage and some dependenciesAWSAdded new findings for multiple servicesBug fixesAdded ARNs for all resourcesAzureAdded new findingsBug fixesGCPNew ruleset for GCP CIS version 1.1Added support … Continue reading Tool Release – ScoutSuite 5.11.0

Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)

Vendor: Apple Vendor URL: https://www.apple.com/ Systems Affected: macOS Monterey before 12.3, macOS Big Sur before 11.6.5 and macOS 10.15 Catalina before Security Update 2022-003 Author: Richard Warren <richard.warren[at]nccgroup[dot]trust> Advisory URLs: https://support.apple.com/en-us/HT213183, https://support.apple.com/en-us/HT213185, https://support.apple.com/en-gw/HT213185 CVE Identifier: CVE-2022-22582 Risk: 5.0 Medium CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N Summary In October 2021, Apple released a fix for CVE-2021-30833. This was an arbitrary file-write … Continue reading Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)

Microsoft announces the WMIC command is being retired, Long Live PowerShell

Category:  Detection and Threat Hunting What is WMIC? The Windows Management Instrumentation (WMI) Command-Line Utility (WMIC) is a command-line utility that allows users to perform WMI operations from a command prompt. WMI is an interface providing a variety of Windows management functions. Applications and WMI scripts can be deployed to automate administrative tasks on remote … Continue reading Microsoft announces the WMIC command is being retired, Long Live PowerShell

SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store

Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especially Android banking malware. Within the Threat Intelligence team of NCC Group we're looking closely to several of these malware families to provide valuable information to our … Continue reading SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store

Conference Talks – March 2022

This month, members of NCC Group will be presenting their work at the following conferences: Juan Garrido, "Microsoft 365 APIs Edge Cases for Fun and Profit," to be presented at RootedCon (March 10-12 2022) Jennifer Fernick (NCC Group), Christopher Robinson (Intel), & Anne Bertucio (Google), "Preparing for Zero-Day: Vulnerability Disclosure in Open Source Software," to … Continue reading Conference Talks – March 2022

Hardware & Embedded Systems: A little early effort in security can return a huge payoff

Editor's note: This piece was originally published by embedded.com There’s no shortage of companies that need help configuring devices securely, or vendors seeking to remediate vulnerabilities. But from our vantage point at NCC Group, we mostly see devices when working directly with OEMs confronting security issues in their products — and by this point, it’s … Continue reading Hardware & Embedded Systems: A little early effort in security can return a huge payoff