Archive

This page contains all published blog posts.

• Tool Release – ICPin, an integrity-check and anti-debug detection pintool
• Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record
• Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)
• Online Casino Roulette – A guideline for penetration testers and security researchers
• Extending a Thinkst Canary to become an interactive honeypot
• StreamDivert: Relaying (specific) network connections
• Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review
• Machine learning from idea to reality: a PowerShell case study
• Conference Talks – September 2020
• Whitepaper – Exploring the Security of KaiOS Mobile Applications
• Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)
• Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications
• Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application
• Immortalising 20 Years of Epic Research
• Pairing over BLS12-381, Part 3: Pairing!
• Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit
• NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020
• Lights, Camera, HACKED! An insight into the world of popular IP Cameras
• Conference Talks – August 2020
• Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments
• Tool Release: Sinking U-Boots with Depthcharge
• Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera
• Public Report – Qredo Apache Milagro MPC Cryptographic Assessment
• Pairing over BLS12-381, Part 2: Curves
• Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902
• RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence
• An offensive guide to the Authorization Code grant
• Technical Advisory – KwikTag Web Admin Authentication Bypass
• Pairing over BLS12-381, Part 1: Fields
• RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence
• Experiments in Extending Thinkst Canary – Part 1
• Tool Release – ScoutSuite 5.9.0
• Technical Advisory – macOS Installer Local Root Privilege Escalation (CVE-2020-9817)
• Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often
• How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension
• Tool: WStalker – an easy proxy to support Web API assessments
• Security Considerations of zk-SNARK Parameter Multi-Party Computation
• WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
• Tool Release – Socks Over RDP Now Works With Citrix
• Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability
• Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption
• Cyber Security of New Space Paper
• In-depth analysis of the new Team9 malware family
• Common Insecure Practices with Configuring and Extending Salesforce
• Exploring DeepFake Capabilities & Mitigation Strategies with University College London
• Game Security
• Exploring macOS Calendar Alerts: Part 2 – Exfiltrating data (CVE-2020-3882)
• Research Report – Zephyr and MCUboot Security Assessment
• CVE-2018-8611 Exploiting Windows KTM Part 5/5 – Vulnerability detection and a better read/write primitive
• CVE-2018-8611 Exploiting Windows KTM Part 4/5 – From race win to kernel read and write primitive
• Using SharePoint as a Phishing Platform
• Public Report – Coda Cryptographic Review
• Shell Arithmetic Expansion and Evaluation Abuse
• CVE-2018-8611 Exploiting Windows KTM Part 3/5 – Triggering the race condition and debugging tricks
• Tool Release – Socks Over RDP
• Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code
• CVE-2018-8611 Exploiting Windows KTM Part 2/5 – Patch analysis and basic triggering
• Practical Machine Learning for Random (Filename) Detection
• Curve9767 and Fast Signature Verification
• CVE-2018-8611 Exploiting Windows KTM Part 1/5 – Introduction
• The Extended AWS Security Ramp-Up Guide
• Code Patterns for API Authorization: Designing for Security
• Order Details Screens and PII
• How cryptography is used to monitor the spread of COVID-19
• Rise of the Sensors: Securing LoRaWAN Networks
• CVE-2019-1381 and CVE-2020-0859 – How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability
• C Language Standards Update – Zero-size Reallocations are Undefined Behavior
• IETF Draft: Indicators of Compromise and Their Role in Attack and Defen[c|s]e
• Exploring Verifiable Random Functions in Code
• Crave the Data: Statistics from 1,300 Phishing Campaigns
• Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks
• Tool Release – ScoutSuite 5.8.0
• Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
• Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns
• LDAPFragger: Bypassing network restrictions using LDAP attributes
• Threat Actors: exploiting the pandemic
• A Survey of Istio’s Network Security Features
• Conference Talks – March 2020
• Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review
• Reviewing Verifiable Random Functions
• CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation
• Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses
• Improving Software Security through C Language Standards
• Whitepaper – A Tour of Curve 25519 in Erlang
• Deep Dive into Real-World Kubernetes Threats
• Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)
• Interfaces.d to RCE
• Properly Signed Certificates on CPE Devices
• Conference Talks – February 2020
• Tool Release – Collaborator++
• Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit
• Tool Release – Enumerating Docker Registries with go-pillage-registries
• Conference Talks – January 2020
• Passive Decryption of Ethereum Peer-to-Peer Traffic
• On Linux’s Random Number Generation
• Demystifying AWS’ AssumeRole and sts:ExternalId
• Welcome to the new NCC Group Global Research blog
• Technical Advisory – Authorization Bypass Allows for Pinboard Corruption
• Technical Advisory – DelTek Vision – Arbitrary SQL Execution (SQLi)
• Technical Advisory – Bomgar Remote Support – Local Privilege Escalation
• Technical Advisory – Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability
• Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques
• Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
• Technical Advisory – HTC IQRD Android Permission Leakage
• Technical Advisory – libraptor – XXE in RDF/XML File Interpretation
• Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
• Technical Advisory – VMware Tools Multiple Vulnerabilities
• Technical Advisory – Apple HFS+ Information Disclosure Vulnerability
• Technical Advisory – OpenOffice.org Multiple Memory Corruption Vulnerabilities
• Technical Advisory – Citrix Access Gateway Command Injection Vulnerability
• Technical Advisory – Linux RDS Protocol Local Privilege Escalation
• Technical Advisory – Coda Filesystem Kernel Memory Disclosure
• Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable
• Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks
• Research Paper – Recovering deleted data from the Windows registry
• Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in