R.Rivera

Public Report – AWS Nitro System API & Security Claims Italian

In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The Public Report in Italian this review may be downloaded…

Read more
R.Rivera
Public Reports

March 4, 2024

1 min read

Read more

Public Report – AWS Nitro System API & Security Claims French

In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The Public Report in French this review may be downloaded…

Read more
R.Rivera
Public Reports

March 4, 2024

1 min read

Read more

Public Report – AWS Nitro System API & Security Claims Spanish

In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The Public Report in Spanish for this review may be…

Read more
R.Rivera
Public Reports

March 4, 2024

1 min read

Read more

Public Report – AWS Nitro System API & Security Claims German

In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The Public Report in German for this review may be…

Read more
R.Rivera
Public Reports

March 4, 2024

1 min read

Read more

Technical Advisory: Mosquitto Broker DoS through a Memory Leak vulnerability

Vendor: Eclipse MosquittoVendor URL: https://mosquitto.org/Versions affected: <= 1.4.15Systems Affected: Mosquitto BrokerAuthor: Daniel Romero – daniel.romero[at]nccgroup[dot]trustAdvisory URL / CVE Identifier: CVE-2017-7654Risk: High (The memory leak vulnerability can lead to a Denial of Service) Summary A Memory Leak vulnerability was found within the Mosquitto Broker. Unauthenticated clients can send crafted CONNECT packets…

Read more
R.Rivera
protocol_name

August 29, 2018

4 mins read

Read more

NCC Group WhitepaperUnderstanding and HardeningLinux ContainersJune 29, 2016 – Version 1.1

Read more
R.Rivera
Whitepapers

June 29, 2016

1 min read

Read more

Symantec Messaging Gateway Out of band stored XSS delivered by email

Summary Name: Symantec Messaging Gateway – Out-of-band stored-XSS delivered by emailRelease Date: 30 November 2012Reference: NGS00268Discoverer: Ben WilliamsVendor: SymantecVendor Reference:Systems Affected: Symantec Messaging Gateway 9.5.3-3Risk: CriticalStatus: Published TimeLine Discovered: 17 April 2012Released: 17 April 2012Approved: 29 April 2012Reported: 30 April 2012Fixed: 27 August 2012Published: 30 November 2012 Description I. VULNERABILITY…

Read more
R.Rivera
Uncategorized

November 5, 2015

2 mins read

Read more

Time Trial: Racing Towards Practical Remote Timing Attacks

Daniel Mayer (daniel@matasano.com)Joel Sandin (jsandin@matasano.com)August 7, 2014

Read more
R.Rivera
Whitepapers

August 7, 2014

1 min read

Read more