By Eric Schorn An introduction to elliptic curve cryptography theory alongside a practical implementation in Erlang. This whitepaper may be downloaded below. A Tour of Curve25519 in ErlangDownload
Vendor: playSMS Vendor URL: https://playsms.org/ Versions affected: Before 1.4.3 Systems Affected: All Author: Lucas Rosevear Advisory URL / CVE Identifier: CVE-2020-8644 Risk: Critical Summary: PlaySMS is an open source SMS gateway, which has a web management portal written in PHP. PlaySMS supports a custom PHP templating system, called tpl (https://github.com/antonraharja/tpl). PlaySMS double processes a server-side … Continue reading Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)
This month, members of NCC Group will be giving the following 6 conference presentations: Mark Manning, "Command and KubeCTL: Real-World Kubernetes Security for Pentesters" presented at Shmoocon (Washington, DC - January 31-February 2 2020)Clint Gibler, "How to 10X Your Company’s Security (Without a Series D)," presented at BSidesSF (San Francisco, CA - February 22-24 2020) Clint Gibler, … Continue reading Conference Talks – February 2020
In October 2019, the Electric Coin Company engaged NCC Group to conduct a review of two Zcash improvement proposals (ZIP 213 and ZIP 221) and of the implementation of ZIP 208 within the Zcash node implementation. ZIP 213 proposes a change to consensus rules to allow coinbase transactions to target shielded addresses. ZIP 221 describes … Continue reading Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit
This month, in addition to the several dozen technical talks and trainings our researchers will offer at our internal conferences, NCC CON US and NCC CON Europe, two NCC Group researchers will also be presenting work publicly: Clint Gibler, "DevSecOps State of the Union v2.0," presented at AppSec Cali (Santa Monica, CA - January 22-24 … Continue reading Conference Talks – January 2020
Welcome to the new NCC Group Global Research blog. Here we will share blog posts on a range of technical topics that our consultants are thinking about, and on NCC Group's research projects, papers, presentations, and tools from around the globe.