Conference Talks – January 2020

This month, in addition to the several dozen technical talks and trainings our researchers will offer at our internal conferences, NCC CON US and NCC CON Europe, two NCC Group researchers will also be presenting work publicly: Clint Gibler, "DevSecOps State of the Union v2.0," presented at AppSec Cali (Santa Monica, CA - January 22-24 … Continue reading Conference Talks – January 2020

Public Report – Android Cloud Backup/Restore

In the summer of 2018, Google engaged NCC Group to conduct a security assessment of the Android Cloud Backup/Restore feature, which premiered in Android Pie. This engagement focused on a threat model that included attacks by rogue Google employees (or other malicious insiders) with privileges up to and including root-in-production. The Android backup/restore feature is only one … Continue reading Public Report – Android Cloud Backup/Restore

Public Report – Matrix Olm Cryptographic Review

In September 2016, Matrix, along with financial support from the Open Technology Fund, engaged NCC Group’s Cryptography Services Practice to perform a targeted review of their cryptographic library Olm. The review covered two major components of the Olm library: the double ratchet used for peer-to-peer communications, and Megolm, the group ratchetingmechanism. Matrix has produced several … Continue reading Public Report – Matrix Olm Cryptographic Review

Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques

by Timothy D. Morgan and Omar Al Ibrahim The eXtensible Markup Language (XML) is an extremely pervasive technology used in countless software projects. A core feature of XML is the ability to define and validate document structure using schemas and document type definitions (DTDs). When used incorrectly, certain aspects of these document definition and validation … Continue reading Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques

Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator

by Dan Rosenberg In this paper, we will systematically evaluate the implementation of the Linux kernel SLOB allocator to assess exploitability. We will present new techniques for attacking the SLOB allocator, whose exploitation has not been publicly described. These techniques will apply to exploitation scenarios that become progressively more constrained, starting with an arbitrary length, … Continue reading Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator

Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable

by Timothy D. Morgan In this paper, we compare the security weaknesses and usability limitations of both cookie-­based session management and HTTP digest authentication; demonstrating how digest authentication is clearly the more secure system in practice. We propose several small changes in browser behavior and HTTP standards that will make HTTP authentication schemes, such as … Continue reading Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable

Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks

by Timothy D. Morgan Recent history has proven that web communications security is highly lacking in redundancy. That is, simple breaks in common protocols, such as SSL/TLS or the authentication mechanisms which support it, often lead to catastrophic gaps in security. Recent examples of this fragile architecture abound, and even when protocols and implementations themselves … Continue reading Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks

Research Paper – Recovering deleted data from the Windows registry

by Timothy D. Morgan The Windows registry serves as a primary storage location for system configurations and as such provides a wealth of information to investigators. Numerous researchers have worked to interpret the information stored in the registry from a digital forensic standpoint, but no definitive resource is yet available which describes how Windows deletes … Continue reading Research Paper – Recovering deleted data from the Windows registry

Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in

Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Remote Directory Traversal and File Retrieval Release Date: 2006-02-03 Application: IBM Tivoli Access Manager Version: 5.1.0.10 (other versions untested) Severity: High Author: Timothy D. Morgan <tmorgan (at) vsecurity (dot) com> Vendor Status: Vendor Notified, Fix Available CVE Candidate: CVE-2006-0513 Reference: http://www.vsecurity.com/bulletins/advisories/2006/tam-file-retrieval.txt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Product Description: >From … Continue reading Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in