Vulnerability Overview: Ghost (CVE-2015-0235)

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Vulnerability Overview: Ghost (CVE-2015-0235) 27 Jan 2015 - Valentin Leon, Jeremiah Blatz Executive Summary An alert about a severe vulnerability discovered by the Qualys security team was issued on Tuesday, January 27 2015. This vulnerability allows … Continue reading Vulnerability Overview: Ghost (CVE-2015-0235)

Jailbreak, updated and open-sourced

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Jailbreak, updated and open-sourced 19 Jan 2015 - Jason Copenhaver Jailbreak allows a user to export certificates from Microsoft certificate stores even if the certificate has been marked as non-exportable; this can be useful … Continue reading Jailbreak, updated and open-sourced

Tool Release: A Simple DLL Injection Utility

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. A Simple DLL Injection Utility 29 Oct 2014 - Nicolas Guigo NCLoader is a simple command-line DLL injection tool for windows. It takes a PID or process name as parameter and accounts for systems … Continue reading Tool Release: A Simple DLL Injection Utility

Shellshock Advisory

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Shellshock Advisory 25 Sep 2014 - iSEC Partners Executive Summary Immediate patches are required to fix a vulnerability in bash that allows arbitrary code execution from unauthenticated users. The full impact of vulnerable vectors … Continue reading Shellshock Advisory

Whitepaper: Perfect Forward Security

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Perfect Forward Security Whitepaper 04 Sep 2014 - Pratik Guha Sarkar Encrypted communication channels were created so nobody could read confidential communications - this means not only during the … Continue reading Whitepaper: Perfect Forward Security

Tor Browser Research Report Released

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Tor Browser Research Report Released 13 Aug 2014 - Tom Ritter, Andy Grant As part of our work with the Open Technology Fund, we recently worked with the Tor Project to … Continue reading Tor Browser Research Report Released

ZigTools: An Open Source 802.15.4 Framework

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. ZigTools: An Open Source 802.15.4 Framework 04 Aug 2014 - Mike Warner ZigTools is a Python framework, which was developed to reduce the complexity in writing additional functionality in communicating with a Freakduino (a … Continue reading ZigTools: An Open Source 802.15.4 Framework

Tool Release: You’ll Never (Ever) Take Me Alive!

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Tool Release: You'll Never (Ever) Take Me Alive! 09 May 2014 - Tom Ritter A year ago, we released You’ll Never Take Me Alive — a tool that helps protects Full Disk Encrypted Windows computers from … Continue reading Tool Release: You’ll Never (Ever) Take Me Alive!

Tool Release: SSLyze v 0.9 released – Heartbleed edition

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. SSLyze v 0.9 released - Heartbleed edition 16 Apr 2014 - Alban Diquet A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server by … Continue reading Tool Release: SSLyze v 0.9 released – Heartbleed edition

Tool Release: DIBF Tool Suite

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. DIBF Tool Suite 16 Apr 2014 - Nicolas Guigo Introducing iSEC Partners’ Windows driver testing suite. The source, binaries and example output are available at https://github.com/iSECPartners/DIBF under the GPLv2 license. Currently three tools are included: DIBF … Continue reading Tool Release: DIBF Tool Suite