Introduction The work presented in this blog post is that of Ewan Alexander Miles (former UCL MSci student) and explores the expansion of scope for using machine learning models on PE (portable executable) header files to identify and classify malware. It is built on work previously presented by NCC Group, in conjunction with UCL’S Centre … Continue reading Machine Learning for Static Analysis of Malware – Expansion of Research Scope
Author: Matt Lewis
Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)
Overview RFCs have played a pivotal role in helping to formalise ideas and requirements for much of the Internet's design and engineering. They have facilitated peer review amongst engineers, researchers and computer scientists, which in turn has resulted in specification of key Internet protocols and their behaviours so that developers can implement those protocols in … Continue reading Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)
Immortalising 20 Years of Epic Research
In December 2019 we launched this new technical security research blog site. As part of its launch we had cause to revisit our old blog website and found a myriad of forgotten whitepapers and conference presentations spanning NCC Group's history (formation in 1999). Deeply nested on our old blog site we found over 200 whitepapers … Continue reading Immortalising 20 Years of Epic Research
Exploring DeepFake Capabilities & Mitigation Strategies with University College London
Overview NCC Group is an industry partner for University College London’s (UCL) Centre for Doctoral Training in Data Intensive Science (CDT in DIS). The UCL CDT in DIS encompasses a wide range of areas in the field of 'big-data' including the collection, storage and analysis of large datasets, as well as the use of complex … Continue reading Exploring DeepFake Capabilities & Mitigation Strategies with University College London
CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation
Written by Cedric Halbronn On Saturday 15th February, I gave a talk titled "How CVE-2018-8611 Can be Exploited to Achieve Privilege Escalation on Windows 10 1809 (RS5) and Earlier". This research was done by Aaron Adams and myself and was presented by Aaron at POC2019 at the end of last year. The OffensiveCon slides are … Continue reading CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation
Properly Signed Certificates on CPE Devices
During late January 2020, a hot topic surfaced between security professionals on an issue that has historically had different proposed solutions. This blog post seeks to explore these solutions and identify pragmatic approaches to risk reduction on this specific issue concerning Customer Premises Equipment (CPE) security. Two security researchers (Tom Pohl and Nick Starke) analysed … Continue reading Properly Signed Certificates on CPE Devices
Compromising a Hospital Network for £118 (Plus Postage & Packaging)
TL; DR We bought a medical infusion pump device from eBay and from it, forensically retrieved the WPA key and server authentication credentials for a real-world hospital’s wireless network and medical pump management server. In the wrong hands, such capability could be life-threatening given the level of network-based access this information would present to attackers … Continue reading Compromising a Hospital Network for £118 (Plus Postage & Packaging)
Getting Shell with XAMLX Files
Introduction In our blog post on ASP.NET resource files and deserialization issues [1], we showed how to run code by abusing deserialization features when uploading a RESX or RESOURCES file. In this blog post, similarly we show abuse of XAMLX file capabilities to run commands on a server when such files can be uploaded within … Continue reading Getting Shell with XAMLX Files
Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation
Introduction During a recent Active Directory assessment we had access as a low-privilege user to a fully-patched and secured domain workstation. After trying a number of different approaches to elevate privileges locally, we came across the blog post “Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory” [1] from Elad Shamir. One of … Continue reading Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation
Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps
After 400 days of research, the Project Ava team round up their conclusions on whether machine learning could ever be harnessed to complement current pentesting capabilities. Read more to uncover the team’s verdict on whether this will ever be possible in the near future... Overview Having spent almost 400 people days of research effort on … Continue reading Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps