Jennifer Fernick
So long and thanks for all the 0day
After nearly four years into my role, I am stepping down as NCC Group’s SVP Global Head of Research. In part just for myself, to reflect on a whirlwind few years, and in part as a thank you and celebration of all of the incredible researchers with whom I have…
Check out our new Microcorruption challenges!
New Microcorruption challenges created by Nick Galloway and Davee Morgan Today we are releasing several new challenges for the embedded security CTF, Microcorruption. These challenges highlight types of vulnerabilities that NCC Group’s Hardware and Embedded Systems practice have discovered in real products. The new challenges provide a simple interface to…
October 31, 2022
1 min read
Public Report – IOV Labs powHSM Security Assessment
In June 2022, IOV Labs engaged NCC Group to perform a review of powHSM. Per the project documentation: “Its main role is to safekeep and prevent the unauthorized usage of each of the powPeg’s members’ private keys. powHSM is implemented as a pair of applications for the Ledger Nano S, namely…
Whitepaper – Project Triforce: Run AFL On Everything (2017)
Six years ago, NCC Group researchers Tim Newsham and Jesse Hertz released TriforceAFL – an extension of the American Fuzzy Lop (AFL) fuzzer which supports full-system fuzzing using QEMU – but unfortunately the associated whitepaper for this work was never published. Today, we’re releasing it for the curious reader and…
September 27, 2022
1 min read
Public Report – Penumbra Labs Decaf377 Implementation and Poseidon Parameter Selection Review
During the summer of 2022, Penumbra Labs, Inc. engaged NCC Group to conduct a cryptographic security assessment of two items: (i) the specification and two implementations of the decaf377 group, and (ii) a methodology and implementation of parameter generation for the Poseidon hash function. Decaf377 is a prime-order group obtained…
Tool Release – Monkey365
by Juan Garrido Editor’s note: This tool was originally released at Black Hat USA 2022 (Arsenal) in August 2022, and was created by Juan Garrido (GitHub: @silverhack, Twitter: @tr1ana). Monkey 365 is an Open Source security tool that can be used to easily conduct not only Microsoft 365, but also Azure…
Sharkbot is back in Google Play
Authored by Alberto Segura (main author) and Mike Stokkel (co-author) Editor’s note: This post was originally published on the Fox-IT blog. Introduction After we discovered in February 2022 the SharkBotDropper in Google Play posing as a fake Android antivirus and cleaner, now we have detected a new version of this…
Conference Talks – September/October 2022
Throughout September and October, members of NCC Group will be presenting their work at SANS CyberThreat, 44CON, ResponderCon, BSides St John’s, ICMC, DevOps World, RootCon, Hexacon, and Hardwear.io NL. Please join us! Enterprise IR: Live free, live large Ollie Whitehouse Eric Shamper SANS CyberThreat 22 September 12-13, 2022Abstract forthcoming. Mastering…
NCC Group Research at Black Hat USA 2022 and DEF CON 30
This year, NCC Group researchers will be presenting at least five presentations at Black Hat USA and DEF CON 30. A guide to these presentations (abstracts, dates, and links) is included below. We will also update this post with any additional presentations as they are accepted and announced. Virtually or…
Whitepaper – Practical Attacks on Machine Learning Systems
This paper collects a set of notes and research projects conducted by NCC Group on the topic of the security of Machine Learning (ML) systems. The objective is to provide some industry perspective to the academic community, while collating helpful references for security practitioners, to enable more effective security auditing…
July 6, 2022
1 min read
Flubot: the evolution of a notorious Android Banking Malware
Originally published June 29, 2022 on the Fox-IT blog Authored by Alberto Segura (main author) and Rolf Govers (co-author) Summary Flubot is an Android based malware that has been distributed in the past 1.5 years inEurope, Asia and Oceania affecting thousands of devices of mostly unsuspecting victims.Like the majority of…
Public Report – Threshold ECDSA Cryptography Review
In March 2022, DFINITY engaged NCC Group to conduct a security and cryptography review of a threshold ECDSA implementation, which follows a novel approach described in the reference paper entitled “Design and analysis of a distributed ECDSA signing service” and available on the IACR ePrint archive at https://eprint.iacr.org/2022/506. The threshold ECDSA…
NCC Group’s Jeremy Boone recognized for Highest Quality and Most Eligible Reports through the Intel Circuit Breaker program
Congratulations to NCC Group researcher Jeremy Boone, who was recently recognized for both the Highest Quality Report, as well as the Most Eligible Reports, as an invited researcher to the Intel Circuit Breaker program! From Intel: “This exclusive event invited a select group of security researchers to hunt vulnerabilities in…
Conference Talks – June 2022
This month, members of NCC Group will be presenting their technical work training courses at the following conferences: NCC Group, “Training: Mastering Container Security,” to be presented at 44CON (June 13-15 2022) NCC Group, “Training: Google Cloud Platform (GCP) Security Review,” to be presented at 44CON (June 13-16 2022) Jennifer…
Public Report – Lantern and Replica Security Assessment
From September 28th through October 23rd, 2020, Lantern – in partnership with the Open Technology Fund – engaged NCC Group to conduct a security assessment of the Lantern client. Lantern provides a proxy in order to circumvent internet censorship. This assessment was open ended and time-boxed, providing a best-effort security…
NCC Group’s Juan Garrido named to Microsoft’s MSRC Office Security Researcher Leaderboard
Congratulations to NCC Group researcher Juan Garrido, who was recently named amongst Microsoft’s most valuable security researchers on the MSRC 2022 Q1 Security Researcher Leaderboard! This honour, recognized quarterly by the Microsoft Researcher Recognition Program, is offered to security researchers who have discovered and shared security vulnerabilities in Microsoft products…
Public Report – go-cose Security Assessment
In April and May 2022, NCC Group Cryptography Services engaged in a security and cryptography assessment reviewing Microsoft’s contributions to the go-cose library, a Go library implementing signing and verification for CBOR Object Signing and Encryption (COSE), as specified in RFC 8152. This library focuses on a minimal feature set to enable…
Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks
Summary Many products implement Bluetooth Low Energy (BLE) based proximity authentication, where the product unlocks or remains unlocked when a trusted BLE device is determined to be nearby. Common examples of such products include automotive Phone-as-a-Key systems, residential smart locks, BLE-based commercial building access control systems, and smartphones and laptops…
May 15, 2022
4 mins read
Public Report – Google Enterprise API Security Assessment
During the autumn of 2021, Google engaged NCC Group to perform a review of the Android 12 Enterprise API to evaluate its compliance with the Security Technical Implementation Guides (STIG) matrix provided by Google. This assessment was also performed with reference to the Common Criteria Protection Profile for Mobile Device…
Conference Talks – March 2022
This month, members of NCC Group will be presenting their work at the following conferences: Juan Garrido, “Microsoft 365 APIs Edge Cases for Fun and Profit,” to be presented at RootedCon (March 10-12 2022) Jennifer Fernick (NCC Group), Christopher Robinson (Intel), Anne Bertucio (Google), “Preparing for Zero-Day: Vulnerability Disclosure in…
Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review
During October 2021, O(1) Labs engaged NCC Group’s Cryptography Services team to conduct a cryptography and implementation review of selected components within the main source code repository for the Mina project. Mina implements a cryptocurrency with a lightweight and constant-sized blockchain, where the code is primarily written in OCaml. The…
NCC Group’s 2021 Annual Research Report
Following the popularity of our first Annual Research Report in 2020, we present to you now for the second year, a summary of our public-facing security research findings from across the over 237 conference publications, technical blog posts, advisories, and tool releases published by researchers at NCC Group between January…
On the malicious use of large language models like GPT-3
(Or, “Can large language models generate exploits?”) While attacking machine learning systems is a hot topic for which attacks have begun to be demonstrated, I believe that there are a number of entirely novel, yet-unexplored attack-types and security risks that are specific to large language models (LMs), that may be…
December 31, 2021
28 mins read
Public Report – WhatsApp opaque-ke Cryptographic Implementation Review
In June 2021, WhatsApp engaged NCC Group to conduct a security assessment of the ‘opaque-ke’ library, an open source Rust implementation of the OPAQUE password authenticated key exchange protocol. The protocol is designed to allow password-based authentication in such a way that a server does not actually learn the plaintext…
Public Report – Zendoo Proof Verifier Cryptography Review
During the summer of 2021, Horizen Labs engaged NCC Group to conduct a cryptography review of Zendoo protocol’s proof verifier. This system generates and verifies modified Marlin proofs with a polynomial commitment scheme based on the hardness of the discrete logarithm problem in prime-order groups. The system also provides optimized…
Public Report – Zcash NU5 Cryptography Review
In March 2021, Electric Coin Co. engaged NCC Group to perform a review of the upcoming network protocol upgrade NU5 to the Zcash protocol (codenamed “Orchard”). The review was to be performed over multiple phases: first, the specification document changes and the relevant ZIPs, then, in June 2021, the implementation…
Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment
During the summer of 2021, WhatsApp engaged NCC Group’s Cryptography Services team to conduct an independent security assessment of its End-to-End Encrypted Backups project. End-to-End Encrypted Backups is an hardware security module (HSM) based key vault solution that aims to primarily support encrypted backup of WhatsApp user data. This assessment…
Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)
Summary Garuda is a modern Linux distribution based on Arch Linux with nice blur effects and icons. Garuda Linux performs an insecure user creation and authentication, that allows a local attacker to impersonate a user account while it is being created. The user is created in two steps: First the user is created without…
NCC Group Research at Black Hat USA 2021 and DEF CON 29
This year, NCC Group researchers will be presenting 10 presentations at Black Hat USA (2 Briefings, 2 Arsenal tools, and 6 training sessions), and 7 presentations at DEF CON 29 (2 main track talks, 3 Demo Labs, and 2 Village talks). A guide to these presentations (abstracts, dates, and links)…
NCC Group co-signs the Electronic Frontier Foundation’s Statement on DMCA Use Against Security Researchers
Today, NCC Group alongside a number of security firms and technology organizations co-signed a statement by the Electronic Frontier Foundation in opposition to the use of Section 1201 of the Digital Millennium Copyright Act against security researchers performing research in good faith, including when using third-party security testing tools. We…
Research Paper – Machine Learning for Static Malware Analysis, with University College London
For the past few years, NCC Group has been an industry partner to the Centre for Doctoral Training in Data Intensive Science (CDT in DIS) at University College London (UCL). CDT is composed of a group of over 80 academics from across UCL in areas such as High Energy Physics,…
June 7, 2021
5 mins read
Conference Talks – June 2021
This month, members of NCC Group will be presenting their work at the following conferences: Dirk-Jan Mollema, “Walking your dog in multiple forests – Breaking AD Trust Boundaries Through Kerberos Vulnerabilities”, to be presented in a Black Hat Webcast (Virtual, June 3 2021) Michael Gough, “Incident Response Fails – What…
Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review
During April 2021, Protocol Labs engaged NCC Group’s Cryptography Services team to conduct a cryptography and implementation review of the Groth16 proof aggregation functionality in the bellperson and two other related GitHub repositories. This code utilizes inner product arguments to efficiently aggregate existing Groth16 proofs while re-using existing powers of…
Public Report – Dell Secured Component Verification
During February 2021, Dell engaged NCC Group to conduct a security assessment of their supply chain security functionality and related and supportive foundational security functionality on 14th and 15th generation Dell servers. Documentation and source code was provided as well as access to a running lab server via network access,…
NCC Group’s Upcoming Trainings at Black Hat USA 2021
NCC Group will be presenting 4 different training courses at Black Hat USA 2021. Below you will find high level details about each course, as well as a link to a detailed course description and course registration details on the Black Hat website. Join us! Mastering Container Security V5 –…
Public Report – VPN by Google One: Technical Security & Privacy Assessment
During the fourth calendar quarter of 2020 and the first calendar quarter of 2021, NCC Group conducted an in-depth review of the VPN by Google One virtual private network system. The focus of the engagement was to assess the product’s technical security properties and review its associated privacy claims. The…
NCC Group’s 2020 Annual Research Report
In this post, we summarize our security research findings from across the nearly 200 conference publications, blog posts, and tool releases published by researchers at NCC Group between January 1 2020 and December 31 2020. We present our findings and their impact in context, with links to the associated research…
Conference Talks – February/March 2021
Throughout February and March, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick (NCC Group), Rao Lakkakula (JPMorgan Chase), Christopher Robinson (Red Hat), Kay Williams (Microsoft), “Frontiers in Securing the Open Source Ecosystem,” to be presented at FOSS Backstage (Virtual – February 10-12 2021)…
January 31, 2021
2 mins read
Public Report – BLST Cryptographic Implementation Review
In October 2020, Supranational, Protocol Labs and the Ethereum Foundation engaged NCC Group’s Cryptography Services team to conduct a cryptographic implementation review of the BLST library. This library implements support for the draft IETF specifications on Hashing to Elliptic Curves and BLS Signatures. The latter specification uses advanced cryptographic-pairing operations…
ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks
In this recording of a presentation by NCC Group’s Damon Small at Hou.Sec.Con in October 2020, he outlines the evolution of the Purdue Reference Model in ICS/OT security, which draws the security boundaries between users, ICS networks, and business networks, and shows the dramatic ways in which these boundaries have…
Conference Talks – December 2020
Editor’s note: Updated December 14th 2020 to include CCC presentation and December 16th 2020 to include No cON Name presentation. This month, members of NCC Group will be presenting their work at the following conferences: Jon Szymaniak, “Guiding Engineering Teams Toward a More Secure Usage of U-Boot,” to be presented…
Conference Talks – November 2020
This month, members of NCC Group will be presenting their work at the following conferences: Sourya Biswas, “Cybersecurity is War: Lessons from Historical Conflicts,” to be presented at BSidesCT (Virtual – November 14 2020) Ian Coldwater (Independent), Duffie Cooley, Brad Geesaman (Darkbit), and Rory McCune (NCC Group), “Keynote: SIG-Honk AMA…
Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review
In May 2020, Protocol Labs engaged NCC Group’s Cryptography Services team to conduct a cryptography review of multiple Filecoin code repositories. Filecoin is a decentralized storage and content distribution network developed by Protocol Labs. These repositories implement finite field and group arithmetic, cryptographic pairings, SHA2 via intrinsics, BLS signatures and…
Conference Talks – October 2020
This month, members of NCC Group will be presenting their work at the following conferences: Dirk-Jan Mollema, “Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities,” to be presented at Black Hat Asia 2020 (Virtual – October 1 2020) Sanne Maasakkers, “Improve Security Awareness Campaigns by…
September 30, 2020
8 mins read
Tool Release – ICPin, an integrity-check and anti-debug detection pintool
by Nicolas Guigo ICPin is an Intel pintool leveraging the framework’s JIT mode designed to track a binary’s integrity checks. It records all reads and all writes performed by the target executable or dynamically loaded library on its text section and outputs a human readable text file describing each memory…
Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review
In June 2020, the Electric Coin Company engaged NCC Group to conduct a security review of the six Zcash Improvement Proposals (ZIPs) that constitute the core of the upcoming Canopy (https://z.cash/upgrade/canopy/) upgrade (also called “NU4”) to the Zcash network. This upgrade coincides with the first Zcash halving and will initiate…
Conference Talks – September 2020
This month, NCC Group researchers will be presenting their work at the following conferences: Rami McCarthy, “AWS Security: Easy Wins and Enterprise Scale,” to be presented at BSides Boston (Virtual – September 26 2020) Dirk-Jan Mollema, “Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities,” to…
NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020
Yesterday, the Microsoft Security Response Center announced their Most Valuable Security Researchers for 2020 (MVRs). This honour, awarded annually by Microsoft during Black Hat USA, is a part of MSRC’s Researcher Recognition program, and recognizes the top security researchers globally based upon the volume, accuracy, and impact of their vulnerability…
Conference Talks – August 2020
This month, NCC Group researchers will be presenting their work at the following conferences: Dirk-Jan Mollema, “ROADtools and ROADrecon,” to be presented at Black Hat USA 2020 (Virtual – August 1-6 2020) Chris Nevin, “Carnivore: Microsoft External Attack Tool” to be presented at Black Hat USA 2020 (Virtual – August…
July 31, 2020
6 mins read
Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments
by George Osterweil Winstrument is a modular framework built on top of Frida designed to help testers reverse engineer Windows applications and assess their attack surface. Motivation Winstrument is built on top of Frida, a powerful dynamic instrumentation framework which aids reverse engineering and debugging by injecting into a process…
Public Report – Qredo Apache Milagro MPC Cryptographic Assessment
During the spring of 2020, Qredo engaged NCC Group Cryptography Services to conduct a security assessment of the Apache Milagro MPC library. This library implements the primitives necessary to instantiate the multi-party ECDSA signature scheme provided in Gennaro and Goldfeder’s Fast Multiparty Threshold ECDSA with Fast Trustless Setup. This assessment…
Public Report – Coda Cryptographic Review
During the spring of 2020, O(1) Labs engaged NCC Group to conduct a cryptographic assessment of Coda Protocol. This cryptocurrency leverages state-of-the art cryptographic constructions to provide traditional cryptocurrency applications with a more lightweight blockchain. This assessment focused on the core cryptographic primitives as well as the overlaid protocol. The…
C Language Standards Update – Zero-size Reallocations are Undefined Behavior
[Editor’s Note: Robert Seacord of NCC Group is a longstanding member of the C Standards Committee. In this blog post, he outlines a recently adopted change he proposed to the C Language Standard, to help eliminate double-free vulnerabilities being introduced to C code as a result of zero-sized reallocations of…
Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
By Aleksandar Kircanski and Terence Tarvis A good amount of effort has been dedicated to surveying and systematizing Ethereum smart contract security bug classes. There is, however, a gap in literature when it comes to surveying implementation-level security bugs that commonly occur in basic PoW blockchain node implementations, discovered during…
March 26, 2020
1 min read
Conference Talks – March 2020
This month, members of NCC Group will be presenting their work at the following conferences: Adam Rudderman, “Bug Bounty: Why is this happening?” presented at Nullcon Goa (Goa, India – March 3-7 2020) Rob Wood, “[Panel]: CSIS Security Panel Discussion,” presented at OCP Global Summit (San Jose, CA – March…
February 28, 2020
3 mins read
Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review
In December 2019, MobileCoin engaged NCC Group to conduct a review of the AES/GCM and ChaCha20+Poly1305 implementations provided by the RustCrypto/AEADs crates. The intended usage context of these crates includes SGX enclaves, making timing-related side channel attacks relevant to this assessment. Two consultants provided five person-days of effort. The Public…
Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses
By Sultan Qasim Khan Microcontrollers commonly include features to prevent the readout of sensitive information in internal storage. Such features are commonly referred to as readback protection or readout protection. This paper describes common readback protection implementation flaws, discusses techniques that can be used to defeat readback protection, and provides…
February 20, 2020
1 min read
Whitepaper – A Tour of Curve 25519 in Erlang
By Eric Schorn An introduction to elliptic curve cryptography theory alongside a practical implementation in Erlang. This whitepaper may be downloaded below.
February 17, 2020
1 min read
Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)
Summary: PlaySMS is an open source SMS gateway, which has a web management portal written in PHP. PlaySMS supports a custom PHP templating system, called tpl (https://github.com/antonraharja/tpl). PlaySMS double processes a server-side template, resulting in unauthenticated user control of input to the PlaySMS template engine. The template engine’s implementation then…
February 11, 2020
3 mins read
Conference Talks – February 2020
This month, members of NCC Group will be giving the following 6 conference presentations: Mark Manning, “Command and KubeCTL: Real-World Kubernetes Security for Pentesters” presented at Shmoocon (Washington, DC – January 31-February 2 2020) Clint Gibler, “How to 10X Your Company’s Security (Without a Series D),” presented at BSidesSF (San Francisco, CA…
January 31, 2020
3 mins read
Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit
In October 2019, the Electric Coin Company engaged NCC Group to conduct a review of two Zcash improvement proposals (ZIP 213 and ZIP 221) and of the implementation of ZIP 208 within the Zcash node implementation. ZIP 213 proposes a change to consensus rules to allow coinbase transactions to target…
Conference Talks – January 2020
This month, in addition to the several dozen technical talks and trainings our researchers will offer at our internal conferences, NCC CON US and NCC CON Europe, two NCC Group researchers will also be presenting work publicly: Clint Gibler, “DevSecOps State of the Union v2.0,” presented at AppSec Cali (Santa…
January 2, 2020
2 mins read
Welcome to the new NCC Group Global Research blog
Welcome to the new NCC Group Global Research blog. Here we will share blog posts on a range of technical topics that our consultants are thinking about, and on NCC Group’s research projects, papers, presentations, and tools from around the globe.
Whitepaper – Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm’s TrustZone
Editor’s note: This work was also presented at ACM CCS 2019. Written by Keegan Ryan Trusted Execution Environments (TEEs) such as ARM TrustZone are in widespread usein both mobile and embedded devices, and they are used to protect sensitive secretswhile often sharing the same computational hardware as untrusted code. Althoughthere…
Public Report – Android Cloud Backup/Restore
In the summer of 2018, Google engaged NCC Group to conduct a security assessment of the Android Cloud Backup/Restore feature, which premiered in Android Pie. This engagement focused on a threat model that included attacks by rogue Google employees (or other malicious insiders) with privileges up to and including root-in-production. The Android…
Public Report – Matrix Olm Cryptographic Review
In September 2016, Matrix, along with financial support from the Open Technology Fund, engaged NCC Group’s Cryptography Services Practice to perform a targeted review of their cryptographic library Olm. The review covered two major components of the Olm library: the double ratchet used for peer-to-peer communications, and Megolm, the group…
Project Triforce: Run AFL on Everything!
tl;dr This is a pretty long blogpost, so for those who want to jump right to the code: TriforceAFL: A modified version of AFL that supports fuzzing using QEMU’s full system emulation.TriforceLinuxSyscallFuzzer: A Linux syscall fuzzer built on-top of TriforceAFL. It has already found several bugs: We will be releasing…
Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques
by Timothy D. Morgan and Omar Al Ibrahim The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of…
Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
by Dan Rosenberg In this paper, we will systematically evaluate the implementation of the Linux kernel SLOB allocator to assess exploitability. We will present new techniques for attacking the SLOB allocator, whose exploitation has not been publicly described. These techniques will apply to exploitation scenarios that become progressively more constrained,…
Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable
by Timothy D. Morgan In this paper, we compare the security weaknesses and usability limitations of both cookie-based session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice. We propose several small changes in browser behavior and HTTP standards that will make…
Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks
by Timothy D. Morgan Recent history has proven that web communications security is highly lacking in redundancy. That is, simple breaks in common protocols, such as SSL/TLS or the authentication mechanisms which support it, often lead to catastrophic gaps in security. Recent examples of this fragile architecture abound, and even…
Research Paper – Recovering deleted data from the Windows registry
by Timothy D. Morgan The Windows registry serves as a primary storage location for system configurations and as such provides a wealth of information to investigators. Numerous researchers have worked to interpret the information stored in the registry from a digital forensic standpoint, but no definitive resource is yet available…
Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Remote Directory Traversal and File Retrieval Release Date: 2006-02-03 Application: IBM Tivoli Access Manager Version: 5.1.0.10 (other versions untested) Severity: High Author: Timothy D. Morgan <tmorgan (at) vsecurity (dot) com> Vendor Status: Vendor Notified, Fix Available CVE Candidate: CVE-2006-0513 Reference:…