This page contains all published blog posts.
- Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks
- Tool Release – ScoutSuite 5.8.0
- Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
- Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns
- LDAPFragger: Bypassing network restrictions using LDAP attributes
- Threat Actors: exploiting the pandemic
- A Survey of Istio’s Network Security Features
- Conference Talks – March 2020
- Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review
- Reviewing Verifiable Random Functions
- CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation
- Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses
- Improving Software Security through C Language Standards
- Whitepaper – A Tour of Curve 25519 in Erlang
- Deep Dive into Real-World Kubernetes Threats
- Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)
- Interfaces.d to RCE
- Properly Signed Certificates on CPE Devices
- Conference Talks – February 2020
- Tool Release – Collaborator++
- Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit
- Tool Release – Enumerating Docker Registries with go-pillage-registries
- Conference Talks – January 2020
- Passive Decryption of Ethereum Peer-to-Peer Traffic
- On Linux’s Random Number Generation
- Demystifying AWS’ AssumeRole and sts:ExternalId
- Welcome to the new NCC Group Global Research blog