Research Paper – Machine Learning for Static Malware Analysis, with University College London

For the past few years, NCC Group has been an industry partner to the Centre for Doctoral Training in Data Intensive Science (CDT in DIS) at University College London (UCL). CDT is composed of a group of over 80 academics from across UCL in areas such as High Energy Physics, Astrophysics, Atomic and Molecular Physics, … Continue reading Research Paper – Machine Learning for Static Malware Analysis, with University College London

Conference Talks – June 2021

This month, members of NCC Group will be presenting their work at the following conferences: Dirk-Jan Mollema, "Walking your dog in multiple forests - Breaking AD Trust Boundaries Through Kerberos Vulnerabilities", to be presented in a Black Hat Webcast (Virtual, June 3 2021) Michael Gough, "Incident Response Fails – What we see with our clients, … Continue reading Conference Talks – June 2021

Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review

During April 2021, Protocol Labs engaged NCC Group’s Cryptography Services team to conduct a cryptography and implementation review of the Groth16 proof aggregation functionality in the bellperson and two other related GitHub repositories. This code utilizes inner product arguments to efficiently aggregate existing Groth16 proofs while re-using existing powers of tau ceremony transcripts. Full source … Continue reading Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review

Public Report – Dell Secured Component Verification

During February 2021, Dell engaged NCC Group to conduct a security assessment of their supply chain security functionality and related and supportive foundational security functionality on 14th and 15th generation Dell servers. Documentation and source code was provided as well as access to a running lab server via network access, with access to both the … Continue reading Public Report – Dell Secured Component Verification

NCC Group’s Upcoming Trainings at Black Hat USA 2021

NCC Group will be presenting 4 different training courses at Black Hat USA 2021. Below you will find high level details about each course, as well as a link to a detailed course description and course registration details on the Black Hat website. Join us! Mastering Container Security V5 - Black Hat edition (August 2-3 … Continue reading NCC Group’s Upcoming Trainings at Black Hat USA 2021

Public Report – VPN by Google One: Technical Security & Privacy Assessment

During the fourth calendar quarter of 2020 and the first calendar quarter of 2021, NCC Group conducted an in-depth review of the VPN by Google One virtual private network system. The focus of the engagement was to assess the product’s technical security properties and review its associated privacy claims. The public report for this assessment … Continue reading Public Report – VPN by Google One: Technical Security & Privacy Assessment

NCC Group’s 2020 Annual Research Report

In this post, we summarize our security research findings from across the nearly 200 conference publications, blog posts, and tool releases published by researchers at NCC Group between January 1 2020 and December 31 2020. We present our findings and their impact in context, with links to the associated research papers, recorded conference presentations, publicly … Continue reading NCC Group’s 2020 Annual Research Report

Conference Talks – February/March 2021

Throughout February and March, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick (NCC Group), Rao Lakkakula (JPMorgan Chase), Christopher Robinson (Red Hat), & Kay Williams (Microsoft), "Frontiers in Securing the Open Source Ecosystem," to be presented at FOSS Backstage (Virtual - February 10-12 2021)Robert Seacord (NCC Group) & … Continue reading Conference Talks – February/March 2021

Public Report – BLST Cryptographic Implementation Review

In October 2020, Supranational, Protocol Labs and the Ethereum Foundation engaged NCC Group’s Cryptography Services team to conduct a cryptographic implementation review of the BLST library. This library implements support for the draft IETF specifications on Hashing to Elliptic Curves and BLS Signatures. The latter specification uses advanced cryptographic-pairing operations to feature aggregation properties for … Continue reading Public Report – BLST Cryptographic Implementation Review

ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks

In this recording of a presentation by NCC Group's Damon Small at Hou.Sec.Con in October 2020, he outlines the evolution of the Purdue Reference Model in ICS/OT security, which draws the security boundaries between users, ICS networks, and business networks, and shows the dramatic ways in which these boundaries have blurred in recent years, necessitating … Continue reading ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks