Archive

This page contains all published blog posts.

• RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence
• An offensive guide to the Authorization Code grant
• Technical Advisory – KwikTag Web Admin Authentication Bypass
• Pairing over BLS12-381, Part 1: Fields
• RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence
• Experiments in Extending Thinkst Canary – Part 1
• Tool Release – ScoutSuite 5.9.0
• Technical Advisory – macOS Installer Local Root Privilege Escalation (CVE-2020-9817)
• Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often
• How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension
• Tool: WStalker – an easy proxy to support Web API assessments
• Security Considerations of zk-SNARK Parameter Multi-Party Computation
• WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
• Tool Release – Socks Over RDP Now Works With Citrix
• Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability
• Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption
• Cyber Security of New Space Paper
• In-depth analysis of the new Team9 malware family
• Common Insecure Practices with Configuring and Extending Salesforce
• Exploring DeepFake Capabilities & Mitigation Strategies with University College London
• Game Security
• Exploring macOS Calendar Alerts: Part 2 – Exfiltrating data (CVE-2020-3882)
• Research Report – Zephyr and MCUboot Security Assessment
• CVE-2018-8611 Exploiting Windows KTM Part 5/5 – Vulnerability detection and a better read/write primitive
• CVE-2018-8611 Exploiting Windows KTM Part 4/5 – From race win to kernel read and write primitive
• Using SharePoint as a Phishing Platform
• Public Report – Coda Cryptographic Review
• Shell Arithmetic Expansion and Evaluation Abuse
• CVE-2018-8611 Exploiting Windows KTM Part 3/5 – Triggering the race condition and debugging tricks
• Tool Release – Socks Over RDP
• Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code
• CVE-2018-8611 Exploiting Windows KTM Part 2/5 – Patch analysis and basic triggering
• Practical Machine Learning for Random (Filename) Detection
• Curve9767 and Fast Signature Verification
• CVE-2018-8611 Exploiting Windows KTM Part 1/5 – Introduction
• The Extended AWS Security Ramp-Up Guide
• Code Patterns for API Authorization: Designing for Security
• Order Details Screens and PII
• How cryptography is used to monitor the spread of COVID-19
• Rise of the Sensors: Securing LoRaWAN Networks
• CVE-2019-1381 and CVE-2020-0859 – How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability
• C Language Standards Update – Zero-size Reallocations are Undefined Behavior
• IETF Draft: Indicators of Compromise and Their Role in Attack and Defen[c|s]e
• Exploring Verifiable Random Functions in Code
• Crave the Data: Statistics from 1,300 Phishing Campaigns
• Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks
• Tool Release – ScoutSuite 5.8.0
• Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
• Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns
• LDAPFragger: Bypassing network restrictions using LDAP attributes
• Threat Actors: exploiting the pandemic
• A Survey of Istio’s Network Security Features
• Conference Talks – March 2020
• Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review
• Reviewing Verifiable Random Functions
• CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation
• Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses
• Improving Software Security through C Language Standards
• Whitepaper – A Tour of Curve 25519 in Erlang
• Deep Dive into Real-World Kubernetes Threats
• Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)
• Interfaces.d to RCE
• Properly Signed Certificates on CPE Devices
• Conference Talks – February 2020
• Tool Release – Collaborator++
• Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit
• Tool Release – Enumerating Docker Registries with go-pillage-registries
• Conference Talks – January 2020
• Passive Decryption of Ethereum Peer-to-Peer Traffic
• On Linux’s Random Number Generation
• Demystifying AWS’ AssumeRole and sts:ExternalId
• Welcome to the new NCC Group Global Research blog