Intel® Software Guard Extensions (SGX): A Researcher’s Primer

tl;dr Intel SGX is a trusted execution environment which provides a reverse sandbox. It’s not yet available but those who have had access to the technology have shown some powerful applications in cloud use cases that on the face of it dramatically enhance security without the performance constraints of homomorphic encryption. However, there is enough … Continue reading Intel® Software Guard Extensions (SGX): A Researcher’s Primer

Heartbleed OpenSSL vulnerability

Previous current event – v1.8 of post This was a current event and as such the blog post was subject to change over the course of a couple of days as we performed further supplementary research and analysis. 1.8: Update to include Bro detection and further analysis. This is likely final public release – private … Continue reading Heartbleed OpenSSL vulnerability

Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond

Introduction We’ve seen a sharp rise in the last five years or so in the amount of security assurance and research activities we’re asked to undertake in the embedded system space. This has naturally led us to working increasingly with the Internet of Things (IoT) in a variety of different guises. In response to this … Continue reading Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond

Introduction to Anti-Fuzzing: A Defence in Depth Aid

tl;dr Anti-Fuzzing is a set of concepts and techniques that are designed to slowdown and frustrate threat actors looking to fuzz test software products by deliberately misbehaving, misdirecting, misinforming and otherwise hindering their efforts. The goal is to drive down the return of investment seen in fuzzing today by virtue of making it more expensive … Continue reading Introduction to Anti-Fuzzing: A Defence in Depth Aid

Non Obvious PE Parsers – The .NET runtime – Part 1

tl;dr The Windows program loader isn’t the only PE parser in Windows. The .NET runtime has its own used for loading modules as well. We can find yester years code for on the Internet for the implementation which shows some interesting defensive properties. Examples include obvious defences against import, entry point and base location mischief. … Continue reading Non Obvious PE Parsers – The .NET runtime – Part 1

Windows DACLs & Why There Is Still Room for Interest

The tools So I've been re-writing an old private tool in the glare of GitHub with a number of improvements under the catchy moniker of the 'Windows DACL Enum Project'.So far I've completed (the planned list for future tools is quite long so I'll spare you): Process and thread permissions with the following functionality: Process name, … Continue reading Windows DACLs & Why There Is Still Room for Interest

Grepify – a Small Tool for Code Reviewers

A quick post to announce NCC Group's first tool has been pushed to our Github repo at https://github.com/nccgroup/. So what is Grepify? It's basically a regex engine with a Windows GUI with some short cuts and pre-defined profiles to aid in security focused code reviews. It's not very clever but for often repeated tasks performed across … Continue reading Grepify – a Small Tool for Code Reviewers

Advice for security decision makers contemplating the value of Antivirus

Over the last 12 months there has been an increasing amount of analysis on the effectiveness of desktop AntiVirus and its ability to detect and stop the reality of targeted attacks (I refuse to use the APT banner). This critique has been covered in pieces such as: The death of antivirus software (Infosec Island, January 2012)Is … Continue reading Advice for security decision makers contemplating the value of Antivirus