Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses

By Sultan Qasim Khan Microcontrollers commonly include features to prevent the readout of sensitive information in internal storage. Such features are commonly referred to as readback protection or readout protection. This paper describes common readback protection implementation flaws, discusses techniques that can be used to defeat readback protection, and provides guidance to implement effective readback … Continue reading Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses

Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)

Vendor: playSMS Vendor URL: https://playsms.org/ Versions affected: Before 1.4.3 Systems Affected: All Author: Lucas Rosevear Advisory URL / CVE Identifier: CVE-2020-8644 Risk: Critical Summary: PlaySMS is an open source SMS gateway, which has a web management portal written in PHP. PlaySMS supports a custom PHP templating system, called tpl (https://github.com/antonraharja/tpl). PlaySMS double processes a server-side … Continue reading Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)

Conference Talks – February 2020

This month, members of NCC Group will be giving the following 6 conference presentations: Mark Manning, "Command and KubeCTL: Real-World Kubernetes Security for Pentesters" presented at Shmoocon (Washington, DC - January 31-February 2 2020)Clint Gibler, "How to 10X Your Company’s Security (Without a Series D)," presented at BSidesSF (San Francisco, CA - February 22-24 2020) Clint Gibler, … Continue reading Conference Talks – February 2020

Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit

In October 2019, the Electric Coin Company engaged NCC Group to conduct a review of two Zcash improvement proposals (ZIP 213 and ZIP 221) and of the implementation of ZIP 208 within the Zcash node implementation. ZIP 213 proposes a change to consensus rules to allow coinbase transactions to target shielded addresses.  ZIP 221 describes … Continue reading Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit

Conference Talks – January 2020

This month, in addition to the several dozen technical talks and trainings our researchers will offer at our internal conferences, NCC CON US and NCC CON Europe, two NCC Group researchers will also be presenting work publicly: Clint Gibler, "DevSecOps State of the Union v2.0," presented at AppSec Cali (Santa Monica, CA - January 22-24 … Continue reading Conference Talks – January 2020

Public Report – Android Cloud Backup/Restore

In the summer of 2018, Google engaged NCC Group to conduct a security assessment of the Android Cloud Backup/Restore feature, which premiered in Android Pie. This engagement focused on a threat model that included attacks by rogue Google employees (or other malicious insiders) with privileges up to and including root-in-production. The Android backup/restore feature is only one … Continue reading Public Report – Android Cloud Backup/Restore

Public Report – Matrix Olm Cryptographic Review

In September 2016, Matrix, along with financial support from the Open Technology Fund, engaged NCC Group’s Cryptography Services Practice to perform a targeted review of their cryptographic library Olm. The review covered two major components of the Olm library: the double ratchet used for peer-to-peer communications, and Megolm, the group ratchetingmechanism. Matrix has produced several … Continue reading Public Report – Matrix Olm Cryptographic Review

Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques

by Timothy D. Morgan and Omar Al Ibrahim The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation … Continue reading Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques