IAM user management strategy

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. IAM user management strategy 24 Feb 2015 - Loïc Simon Use IAM groups When granting privileges to IAM users, AWS account administrators should avoid use of user-specific policies. Instead, create groups whose name explicitly … Continue reading IAM user management strategy

Announcing the AWS blog post series

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Announcing the AWS blog post series 22 Feb 2015 - Loïc Simon Starting this month, iSEC Partners will start a series of blog posts related to AWS. The goal of these blog posts will … Continue reading Announcing the AWS blog post series

Whitepaper: CA Alternative

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. CA Alternative Whitepapers 11 Feb 2015 - Braden Hollembaek Academic co-authors Adam Bates, Joe Pletcher, Tyler Nichols, Dave Tian and iSEC engineer Braden Hollembaek had a pair of interesting … Continue reading Whitepaper: CA Alternative

Tool Release: Calculating SQL Permissions

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Calculating SQL Permissions 09 Feb 2015 - Peter Oehlert iSEC Partners is happy to announce the availability of a tool to help those wishing to better secure their database applications and users. It is a simple … Continue reading Tool Release: Calculating SQL Permissions

Vulnerability Overview: Ghost (CVE-2015-0235)

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Vulnerability Overview: Ghost (CVE-2015-0235) 27 Jan 2015 - Valentin Leon, Jeremiah Blatz Executive Summary An alert about a severe vulnerability discovered by the Qualys security team was issued on Tuesday, January 27 2015. This vulnerability allows … Continue reading Vulnerability Overview: Ghost (CVE-2015-0235)

Jailbreak, updated and open-sourced

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Jailbreak, updated and open-sourced 19 Jan 2015 - Jason Copenhaver Jailbreak allows a user to export certificates from Microsoft certificate stores even if the certificate has been marked as non-exportable; this can be useful … Continue reading Jailbreak, updated and open-sourced

Tool Release: A Simple DLL Injection Utility

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. A Simple DLL Injection Utility 29 Oct 2014 - Nicolas Guigo NCLoader is a simple command-line DLL injection tool for windows. It takes a PID or process name as parameter and accounts for systems … Continue reading Tool Release: A Simple DLL Injection Utility

Shellshock Advisory

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Shellshock Advisory 25 Sep 2014 - iSEC Partners Executive Summary Immediate patches are required to fix a vulnerability in bash that allows arbitrary code execution from unauthenticated users. The full impact of vulnerable vectors … Continue reading Shellshock Advisory

Whitepaper: Perfect Forward Security

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Perfect Forward Security Whitepaper 04 Sep 2014 - Pratik Guha Sarkar Encrypted communication channels were created so nobody could read confidential communications - this means not only during the … Continue reading Whitepaper: Perfect Forward Security