Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)

Overview RFCs have played a pivotal role in helping to formalise ideas and requirements for much of the Internet's design and engineering. They have facilitated peer review amongst engineers, researchers and computer scientists, which in turn has resulted in specification of key Internet protocols and their behaviours so that developers can implement those protocols in … Continue reading Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)

Immortalising 20 Years of Epic Research

In December 2019 we launched this new technical security research blog site. As part of its launch we had cause to revisit our old blog website and found a myriad of forgotten whitepapers and conference presentations spanning NCC Group's history (formation in 1999). Deeply nested on our old blog site we found over 200 whitepapers … Continue reading Immortalising 20 Years of Epic Research

Exploring DeepFake Capabilities & Mitigation Strategies with University College London

Overview  NCC Group is an industry partner for University College London’s (UCL) Centre for Doctoral Training in Data Intensive Science (CDT in DIS). The UCL CDT in DIS encompasses a wide range of areas in the field of 'big-data' including the collection, storage and analysis of large datasets, as well as the use of complex … Continue reading Exploring DeepFake Capabilities & Mitigation Strategies with University College London

CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation

Written by Cedric Halbronn On Saturday 15th February, I gave a talk titled "How CVE-2018-8611 Can be Exploited to Achieve Privilege Escalation on Windows 10 1809 (RS5) and Earlier". This research was done by Aaron Adams and myself and was presented by Aaron at POC2019 at the end of last year. The OffensiveCon slides are … Continue reading CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation

Properly Signed Certificates on CPE Devices

During late January 2020, a hot topic surfaced between security professionals on an issue that has historically had different proposed solutions. This blog post seeks to explore these solutions and identify pragmatic approaches to risk reduction on this specific issue concerning Customer Premises Equipment (CPE) security. Two security researchers (Tom Pohl and Nick Starke) analysed … Continue reading Properly Signed Certificates on CPE Devices

Compromising a Hospital Network for £118 (Plus Postage & Packaging)

TL; DR We bought a medical infusion pump device from eBay and from it, forensically retrieved the WPA key and server authentication credentials for a real-world hospital’s wireless network and medical pump management server. In the wrong hands, such capability could be life-threatening given the level of network-based access this information would present to attackers … Continue reading Compromising a Hospital Network for £118 (Plus Postage & Packaging)

Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation

Introduction During a recent Active Directory assessment we had access as a low-privilege user to a fully-patched and secured domain workstation. After trying a number of different approaches to elevate privileges locally, we came across the blog post “Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory” [1] from Elad Shamir. One of … Continue reading Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps

After 400 days of research, the Project Ava team round up their conclusions on whether machine learning could ever be harnessed to complement current pentesting capabilities. Read more to uncover the team’s verdict on whether this will ever be possible in the near future... Overview Having spent almost 400 people days of research effort on … Continue reading Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 9: Adventures with Expert Systems

In the penultimate blog of the Project Ava series, our research team take a look at expert systems to test for Cross-Site Scripting (XSS) vulnerabilities, develop a proof of concept, and discuss whether machine learning could ever be harnessed to complement currenting pentesting capabilities.  Overview Penetration testing can sometimes be repetitive and tedious. This suggests … Continue reading Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 9: Adventures with Expert Systems