Cedric Halbronn, Aaron Adams, Alex Plaskett and Catalin Visinescu presented two talks at NCC Con Europe 2022. NCC Con is NCC Group's annual private internal conference for employees. We have decided to publish these 2 internal presentations as it is expected that the wider security community could benefit from understanding both the approach and methodology … Continue reading NCC Con Europe 2022 – Pwn2Own Austin Presentations
This blog post describes an unchecked return value vulnerability found and exploited in September 2021 by Alex Plaskett, Cedric Halbronn and Aaron Adams working at the Exploit Development Group (EDG) of NCC Group. We successfully exploited it at Pwn2Own 2021 competition in November 2021 when targeting the Western Digital PR4100.
This blog post describes a stack-based overflow vulnerability found and exploited in September 2021 in the Netgear R6700v3
Slides Alex Plaskett presented "Pwning the Windows 10 Kernel with NTFS and WNF" at Power Of Community (POC) on the 11th of November 2021
We look at exploitation without the CVE-2021-31955 information disclosure, enabling better exploit primitives through PreviousMode, reliability, stability and exploit clean-up and well as thoughts on detection
NCC Group's Exploit Development Group look at exploiting CVE-2021-31956 - the Windows Kernel (NTFS with WNF)