10 real-world stories of how we’ve compromised CI/CD pipelines

by Aaron Haymore, Iain Smart, Viktor Gazdag, Divya Natesan, and Jennifer Fernick Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum. Attackers and defenders increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. But what are the potential weak points in a CI/CD … Continue reading 10 real-world stories of how we’ve compromised CI/CD pipelines

Conference Talks – December 2021

This month, members of NCC Group will be presenting their work at the following conferences: Matt Lewis (NCC Group) & Mark McFadden, “Show me the numbers: Workshop on Analyzing IETF Data (AID)”, to be presented at the IETF Internet Architecture Board Workshop on Analyzing IETF Data 2021 (November 29 - December 1 2021)Michael Gough, "ARTHIR: … Continue reading Conference Talks – December 2021

“We wait, because we know you.” Inside the ransomware negotiation economics.

Pepijn Hack, Cybersecurity Analyst, Fox-IT, part of NCC Group Zong-Yu Wu, Threat Analyst, Fox-IT, part of NCC Group Abstract Organizations worldwide continue to face waves of digital extortion in the form of targeted ransomware. Digital extortion is now classified as the most prominent form of cybercrime and the most devastating and pervasive threat to functioning … Continue reading “We wait, because we know you.” Inside the ransomware negotiation economics.

Conference Talks – November 2021

This month, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick & David Wheeler (Linux Foundation), "Keynote: Securing Open Source Software", to be presented at The Linux Foundation Member Summit (November 2-4 2021)Brian Hong, "Sleight of ARM: Demystifying Intel Houdini", to be presented at Ekoparty (November 2-6 2021)Sanne Maasakkers, … Continue reading Conference Talks – November 2021

Conference Talks – October 2021

This month, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick & external panelists, “Threatscape 2023 and Beyond: AI, Deep Fakes and Other Unexpected Challenges”, to be presented at MapleSec (Oct 6 2021)Damon Small, “Which security role is right for me?", to be presented at Shellcon  (Oct 8 2021)Brian Hong , “Sleight of … Continue reading Conference Talks – October 2021

Conference Talks – September 2021

This month, members of NCC Group will be presenting their work at the following conferences: Javed Samuel, "Overview of Open-Source Cryptography Vulnerabilities", to be presented at the International Cryptographic Module Conference 2021 (Virtual - Sept 3 2021)Robert Seacord, "Secure Coding", to be presented at Auto ISAC Analysts (Virtual - Sept 7 2021)Erik Steringer, "Automating AWS … Continue reading Conference Talks – September 2021

Conference Talks – May 2021

This month, members of NCC Group will be presenting their work at the following conferences: Sourya Biswas, "Psychology of the Phish: Leveraging the Seven Principles of Influence", to be presented at ISACA Conference North America (Virtual - May 5 2021)Sourya Biswas, "Cybersecurity is War: Lessons from Historical Conflicts", to be presented at Secure360 (Virtual - … Continue reading Conference Talks – May 2021

CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service

Introduction This blog post discusses two vulnerabilities discovered by NCC Group consultants during research undertaken on privilege elevation via COM local services. The first of these vulnerabilities (CVE-2019-1405) is a logic error in a COM service and allows local unprivileged users to execute arbitrary commands as a LOCAL SERVICE user. The second vulnerability (CVE-2019-1322) is a simple … Continue reading CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service

NCC Group’s Exploit Development Capability: Why and What

[Editor's note: Originally published by Ollie Whitehouse on the original nccgroup.com blog in 2018.] tl;dr NCC Group develops exploits against publicly known bugs for use in our red-team and penetration testing engagements whilst allowing us to stay current on exploit techniques. The former gives our clients a real-world view of how compromises happen and the … Continue reading NCC Group’s Exploit Development Capability: Why and What

Tool Release: Introducing opinel: Scout2’s favorite tool

Introducing opinel: Scout2's favorite tool 03 Aug 2015 - Loïc Simon With boto3 being stable and generally available1, NCC took the opportunity to migrate Scout2 and AWS-recipes to boto3. As part of that migration effort, we decided to publish the formerly-known-as AWSUtils repository – used by Scout2 and AWS-recipes – as a python package required … Continue reading Tool Release: Introducing opinel: Scout2’s favorite tool