Conference Talks – October 2021

This month, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick & external panelists, “Threatscape 2023 and Beyond: AI, Deep Fakes and Other Unexpected Challenges”, to be presented at MapleSec (Oct 6 2021)Damon Small, “Which security role is right for me?", to be presented at Shellcon  (Oct 8 2021)Brian Hong , “Sleight of … Continue reading Conference Talks – October 2021

Conference Talks – September 2021

This month, members of NCC Group will be presenting their work at the following conferences: Javed Samuel, "Overview of Open-Source Cryptography Vulnerabilities", to be presented at the International Cryptographic Module Conference 2021 (Virtual - Sept 3 2021)Robert Seacord, "Secure Coding", to be presented at Auto ISAC Analysts (Virtual - Sept 7 2021)Erik Steringer, "Automating AWS … Continue reading Conference Talks – September 2021

Conference Talks – May 2021

This month, members of NCC Group will be presenting their work at the following conferences: Sourya Biswas, "Psychology of the Phish: Leveraging the Seven Principles of Influence", to be presented at ISACA Conference North America (Virtual - May 5 2021)Sourya Biswas, "Cybersecurity is War: Lessons from Historical Conflicts", to be presented at Secure360 (Virtual - … Continue reading Conference Talks – May 2021

Tool Release: Introducing opinel: Scout2’s favorite tool

Introducing opinel: Scout2's favorite tool 03 Aug 2015 - Loïc Simon With boto3 being stable and generally available1, NCC took the opportunity to migrate Scout2 and AWS-recipes to boto3. As part of that migration effort, we decided to publish the formerly-known-as AWSUtils repository – used by Scout2 and AWS-recipes – as a python package required … Continue reading Tool Release: Introducing opinel: Scout2’s favorite tool

IAM user management strategy (part 2)

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. IAM user management strategy (part 2) 09 Jun 2015 - Loïc Simon The previous [IAM user management strategy] (/aws/2015/02/24/iam_user_management.html) post discussed how usage of IAM groups enables AWS administrators to consistently grant privileges and … Continue reading IAM user management strategy (part 2)

iSEC audit of MediaWiki

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iSEC audit of MediaWiki 21 Apr 2015 - Valentin Leon iSEC Partners is happy to announce the public release of our latest project with the Open Technology Fund: the review of Wikimedia Foundation’s MediaWiki. The Open … Continue reading iSEC audit of MediaWiki

Work daily with enforced MFA-protected API access

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Work daily with enforced MFA-protected API access 03 Apr 2015 - Loïc Simon AWS Security Token Service The AWS Security Token Service (STS) is the gateway used to create sessions when MFA-protected API access … Continue reading Work daily with enforced MFA-protected API access

Use and enforce Multi-Factor Authentication

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Use and enforce Multi-Factor Authentication 02 Apr 2015 - Loïc Simon What is Multi-Factor Authentication? When enabled, Multi-Factor Authentication (MFA) provides strong defense-in-depth against compromises of credentials. MFA-enabled users … Continue reading Use and enforce Multi-Factor Authentication

iSEC reviews SecureDrop

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iSEC reviews SecureDrop 23 Mar 2015 - Valentin Leon As part of our projects with the Open Technology Fund, such as the review of TrueCrypt, iSEC Partners audited Freedom of the Press’ SecureDrop. SecureDrop is an open-source … Continue reading iSEC reviews SecureDrop

Whitepaper: Recognizing and Preventing TOCTOU

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Recognizing and Preventing TOCTOU Whitepaper 03 Mar 2015 - Christopher Hacking Time-Of-Check-to-Time-Of-Use (TOCTOU) vulnerabilities have been known for decades, but are still frequently discovered in modern code. This diverse … Continue reading Whitepaper: Recognizing and Preventing TOCTOU