Aaron Haymore

by Aaron Haymore, Iain Smart, Viktor Gazdag, Divya Natesan, and Jennifer Fernick Mainstream appreciation for cyberattacks targeting continuous integration and continuous delivery/continuous deployment (CI/CD) pipelines has been gaining momentum. Attackers and defenders increasingly understand that build pipelines are highly-privileged targets with a substantial attack surface. But what are the potential…

This month, members of NCC Group will be presenting their work at the following conferences: Matt Lewis (NCC Group) Mark McFadden, “Show me the numbers: Workshop on Analyzing IETF Data (AID)”, to be presented at the IETF Internet Architecture Board Workshop on Analyzing IETF Data 2021 (November 29 – December…

Pepijn Hack, Cybersecurity Analyst, Fox-IT, part of NCC Group Zong-Yu Wu, Threat Analyst, Fox-IT, part of NCC Group Abstract Organizations worldwide continue to face waves of digital extortion in the form of targeted ransomware. Digital extortion is now classified as the most prominent form of cybercrime and the most devastating…

This month, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick David Wheeler (Linux Foundation), “Keynote: Securing Open Source Software”, to be presented at The Linux Foundation Member Summit (November 2-4 2021) Brian Hong, “Sleight of ARM: Demystifying Intel Houdini”, to be presented at…

This month, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick external panelists, “Threatscape 2023 and Beyond: AI, Deep Fakes and Other Unexpected Challenges”, to be presented at MapleSec (Oct 6 2021) Damon Small, “Which security role is right for me?”, to be presented at Shellcon …

This month, members of NCC Group will be presenting their work at the following conferences: Javed Samuel, “Overview of Open-Source Cryptography Vulnerabilities”, to be presented at the International Cryptographic Module Conference 2021 (Virtual – Sept 3 2021) Robert Seacord, “Secure Coding”, to be presented at Auto ISAC Analysts (Virtual –…

This month, members of NCC Group will be presenting their work at the following conferences: Sourya Biswas, “Psychology of the Phish: Leveraging the Seven Principles of Influence”, to be presented at ISACA Conference North America (Virtual – May 5 2021) Sourya Biswas, “Cybersecurity is War: Lessons from Historical Conflicts”, to…

Introduction This blog post discusses two vulnerabilities discovered by NCC Group consultants during research undertaken on privilege elevation via COM local services. The first of these vulnerabilities (CVE-2019-1405) is a logic error in a COM service and allows local unprivileged users to execute arbitrary commands as a LOCAL SERVICE user. The second…

[Editor’s note: Originally published by Ollie Whitehouse on the original nccgroup.com blog in 2018.] tl;dr NCC Group develops exploits against publicly known bugs for use in our red-team and penetration testing engagements whilst allowing us to stay current on exploit techniques. The former gives our clients a real-world view of…

Introducing opinel: Scout2’s favorite tool 03 Aug 2015 – Loïc Simon With boto3 being stable and generally available1, NCC took the opportunity to migrate Scout2 and AWS-recipes to boto3. As part of that migration effort, we decided to publish the formerly-known-as AWSUtils repository – used by Scout2 and AWS-recipes –…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. IAM user management strategy (part 2) 09 Jun 2015 – Loïc Simon The previous [IAM user management strategy] (/aws/2015/02/24/iam_user_management.html) post discussed how usage of IAM groups enables AWS administrators…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iSEC audit of MediaWiki 21 Apr 2015 – Valentin Leon iSEC Partners is happy to announce the public release of our latest project with the Open Technology Fund: the review…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Work daily with enforced MFA-protected API access 03 Apr 2015 – Loïc Simon AWS Security Token Service The AWS Security Token Service (STS) is the gateway used to create…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Use and enforce Multi-Factor Authentication 02 Apr 2015 – Loïc Simon What is Multi-Factor Authentication? When enabled, Multi-Factor Authentication (MFA) provides strong defense-in-depth against…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iSEC reviews SecureDrop 23 Mar 2015 – Valentin Leon As part of our projects with the Open Technology Fund, such as the review of TrueCrypt, iSEC Partners audited Freedom of the Press’…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Recognizing and Preventing TOCTOU Whitepaper 03 Mar 2015 – Christopher Hacking Time-Of-Check-to-Time-Of-Use (TOCTOU) vulnerabilities have been known for decades, but are still frequently discovered…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. IAM user management strategy 24 Feb 2015 – Loïc Simon Use IAM groups When granting privileges to IAM users, AWS account administrators should avoid use of user-specific policies. Instead,…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Do not use your AWS root account 23 Feb 2015 – Loïc Simon What is the AWS root account? The AWS root account is the account that was used…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Announcing the AWS blog post series 22 Feb 2015 – Loïc Simon Starting this month, iSEC Partners will start a series of blog posts related to AWS. The goal…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. CA Alternative Whitepapers 11 Feb 2015 – Braden Hollembaek Academic co-authors Adam Bates, Joe Pletcher, Tyler Nichols, Dave Tian and iSEC engineer Braden Hollembaek…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Calculating SQL Permissions 09 Feb 2015 – Peter Oehlert iSEC Partners is happy to announce the availability of a tool to help those wishing to better secure their database applications and…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Vulnerability Overview: Ghost (CVE-2015-0235) 27 Jan 2015 – Valentin Leon, Jeremiah Blatz Executive Summary An alert about a severe vulnerability discovered by the Qualys security team was issued on Tuesday, January…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Jailbreak, updated and open-sourced 19 Jan 2015 – Jason Copenhaver Jailbreak allows a user to export certificates from Microsoft certificate stores even if the certificate has been marked as…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. A Simple DLL Injection Utility 29 Oct 2014 – Nicolas Guigo NCLoader is a simple command-line DLL injection tool for windows. It takes a PID or process name as…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Shellshock Advisory 25 Sep 2014 – iSEC Partners Executive Summary Immediate patches are required to fix a vulnerability in bash that allows arbitrary code execution from unauthenticated users. The…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Perfect Forward Security Whitepaper 04 Sep 2014 – Pratik Guha Sarkar Encrypted communication channels were created so nobody could read confidential communications – this…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Tor Browser Research Report Released 13 Aug 2014 – Tom Ritter, Andy Grant As part of our work with the Open Technology Fund, we recently…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. ZigTools: An Open Source 802.15.4 Framework 04 Aug 2014 – Mike Warner ZigTools is a Python framework, which was developed to reduce the complexity in writing additional functionality in…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Tool Release: You’ll Never (Ever) Take Me Alive! 09 May 2014 – Tom Ritter A year ago, we released You’ll Never Take Me Alive — a tool that helps protects Full…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. SSLyze v 0.9 released – Heartbleed edition 16 Apr 2014 – Alban Diquet A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. DIBF Tool Suite 16 Apr 2014 – Nicolas Guigo Introducing iSEC Partners’ Windows driver testing suite. The source, binaries and example output are available at https://github.com/iSECPartners/DIBF under the GPLv2 license. Currently…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iSEC Completes TrueCrypt Audit 14 Apr 2014 – Tom Ritter Is TrueCrypt Audited Yet? Yes, in part! For nearly a decade, tens of millions of users have been trusting the…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Heartbleed (CVE-2014-0160) Advisory 10 Apr 2014 – Andy Grant, Justin Engler, Aaron Grattafiori News of a major widespread vulnerability discovered by Neel Mehta came out Monday, April 7 2014.…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Cryptopocalypse Reference Paper 20 Mar 2014 – Javed Samuel Alex Stamos, Tom Ritter and Javed Samuel presented “Preparing for the Cryptopocalypse” at Black Hat…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. AWS environment security assessment with Scout2 19 Feb 2014 – Loïc Simon Security engineers at iSEC Partners are regularly involved in projects that require assessing the security of an…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iOS certificate pinning code updated for iOS 7 01 Feb 2014 – Alban Diquet We’ve updated the iOS certificate pinning code which is part of iSEC’s SSL Conservatory project on…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Announcing the Release of RtspFuzzer 07 Jan 2014 – Michael Lynch iSEC Partners is pleased to announce the release of RtspFuzzer, an open-source fuzzer for the real-time streaming protocol…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iOS 7 tool updates 02 Jan 2014 – Alban Diquet With the availability of the evasi0n7 jailbreak and the subsequent release two days ago of Cydia Substrate with support for iOS…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. SSLyze v0.8 released 30 Dec 2013 – Alban Diquet A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Fuzzing RTSP to discover an exploitable vulnerability in VLC 30 Dec 2013 – Michael Lynch In this post, we will describe the bug iSEC recently discovered in the Live555…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iSEC Engages in TrueCrypt Audit 23 Dec 2013 – Tom Ritter Is TrueCrypt audited yet? It’s finally happening. For the past few months, there has been much ado about…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Login Service Security 17 Dec 2013 – Rachel Engel Web application login services are deceptively simple to develop, leading application developers to repeat the…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. SSL pinning bypass and other Android tools 13 Dec 2013 – Marc Blanchou iSEC is releasing several Cydia Substrate extensions to facilitate the black box testing…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Blackbox Android App Analysis with Introspy 13 Dec 2013 – Marc Blanchou Alban Diquet As previously announced during our Ruxcon presentation, we’re now releasing Introspy for Android. The final version of…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Browser Extension Password Managers 05 Nov 2013 – Paul Youn Advancements in password cracking and frequent theft of password databases endanger single-factor password authentication…

This research was originally presented at: Ruxcon 2013 Ruxcon 2013 – Introspy Presentation Slides 27 Oct 2013 – Alban Diquet Update: Introspy for Android is now available; we’ve also updated the slides with additional information regarding the tool. The slides for the Introspy: Security Profiling for Blackbox iOS and Android presentation from Ruxcon 2013 are…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iOS Secure State Preservation 18 Sep 2013 – Tom Daniels iOS 6 introduced the concept of application state preservation. The purpose of state preservation is to hide unexpected application…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Redirecting traffic with dnsRedir.py 05 Sep 2013 – Tim Newsham Often while performing network protocol testing, we want to be able to redirect traffic going to a legitimate server…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Blackbox iOS App Analysis with Introspy 21 Aug 2013 – Tom Daniels Alban Diquet In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Man-in-the-Middling Non-Proxy Aware Wi-Fi Devices with a Pineapple 21 Aug 2013 – Anson Gomes Every security professional has to Man-in-the-Middle (MitM) network communication at some point in their career.…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity iOS SSL Kill Switch v0.5 Released 20 Aug 2013 – Alban Diquet Version 0.5 of the iOS SSL Kill Switch is now available. iOS SSL Kill Switch is a tool to…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Black Hat 2013 – Femtocell Presentation Slides, Videos and App 19 Aug 2013 – Tom Ritter We’re back from Las Vegas, rested, and finally ready to release…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Working with the Open Technology Fund 14 Oct 2013 – Tom Ritter Over the past year, iSEC Partners has worked with the Open Technology Fund on several of their supported projects.…

SSLyze v0.7 Released 14 Aug 2013 – Alban Diquet A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. Changelog Complete rewrite of the OpenSSL wrapper as a C extension SSLyze is now statically linked with the…

This research was originally presented at Black Hat 2013 Black Hat 2013 – Bluetooth Smart Presentation Available 06 Aug 2013 – Mike Ryan The slides for the Bluetooth Smart presentation from Black Hat 2013 are now available. The presentation was given by Mike Ryan and looks into Bluetooth “Smart” (also known as…

This research was originally presented at Black Hat 2013 Black Hat 2013 – Cryptopocalypse Presentation Available 06 Aug 2013 – iSEC Partners The slides for the Preparing for the Cryptopocalypse presentation from Black Hat 2013 are now available. The group presentation was given by Alex Stamos, Tom Ritter, Javed Samuel and Thomas…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Tool Release: PeachFarmer 14 Jun 2013 – Michael Lynch Cloud-based Fuzzing with Peach Several of the consultants here at iSEC perform fuzz testing using the Peach fuzzing framework. One of…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. An Introduction to Authenticated Encryption 29 Apr 2013 – Shawn Fitzgerald Historically, independent encryption and message authentication codes (MAC) have been used to provide…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Tool Release: YoNTMA 18 Mar 2013 – Michael Lynch You’re a responsible defender of your data. You keep all of your disks encrypted. You hibernate your laptop when you’re…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Tool Release: tcpprox 21 Feb 2013 – Tim Newsham Tcpprox is a simple command line tcp proxy written in Python. It is designed to have very minimal requirements – it…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Exploring SSL Pinning on iOS 19 Feb 2013 – Alban Diquet When an iOS app only needs to communicate to a well-defined set of servers over SSL, the security…