Conferences

Aaron Adams presented this talk at HITB Phuket on the 24th August 2023. The talk detailed how NCC Exploit Development Group (EDG) in Pwn2Own 2022 Toronto was able to exploit two different PostScript vulnerabilities in Lexmark printers. The presentation is a good primer for those interested in further researching the…

After a brief interlude, filled with several articles from the Cryptography Services team, we’re back with our final thoughts from this year’s Real World Cryptography Conference. In case you missed it, check out Part I for more insights. Interoperability in E2EE Messaging A specter is haunting Europe – the specter…

Last month I was lucky enough to attend Eurocrypt 2023, which took place in Lyon, France. It was my first chance to attend an academic cryptography conference and the experience sat somewhere in between the familiar cryptography of the Real World Crypto conference and the abstract world of black holes…

The annual Real World Cryptography Conference organized by the IACR recently took place in Tokyo, Japan. On top of 3 days of excellent talks, RWC was preceded by the 2nd annual FHE.org Conference and the Real World Post-Quantum Cryptography Workshop and followed by the High Assurance Crypto Software Workshop. Nearly…

In 2015 Raphael Mudge released an article [1] that detailed that versions of mimikatz released after 8th of October, 2015 had a new module that was utilising certain types of external USB devices to flash lights in different colours if mimikatz was executed. The technique presented in the article required…

Throughout September and October, members of NCC Group will be presenting their work at SANS CyberThreat, 44CON, ResponderCon, BSides St John’s, ICMC, DevOps World, RootCon, Hexacon, and Hardwear.io NL. Please join us! Enterprise IR: Live free, live large Ollie Whitehouse Eric Shamper SANS CyberThreat 22 September 12-13, 2022Abstract forthcoming. Mastering…

This year, NCC Group researchers will be presenting at least five presentations at Black Hat USA and DEF CON 30. A guide to these presentations (abstracts, dates, and links) is included below. We will also update this post with any additional presentations as they are accepted and announced. Virtually or…

This month, members of NCC Group will be presenting their technical work training courses at the following conferences: NCC Group, “Training: Mastering Container Security,” to be presented at 44CON (June 13-15 2022) NCC Group, “Training: Google Cloud Platform (GCP) Security Review,” to be presented at 44CON (June 13-16 2022) Jennifer…

This month, members of NCC Group will be presenting their work at the following conferences: Please join us! Microsoft 365 APIs Edge Cases for Fun and ProfitJuan GarridoRootedCon March 17-18 2022 Madrid, Spain In this talk we describe and demonstrate multiple techniques for circumventing existing Microsoft 365 application security controls…

This month, members of NCC Group will be presenting their work at the following conferences: Matt Lewis (NCC Group) Mark McFadden, “Show me the numbers: Workshop on Analyzing IETF Data (AID)”, to be presented at the IETF Internet Architecture Board Workshop on Analyzing IETF Data 2021 (November 29 – December…

This month, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick David Wheeler (Linux Foundation), “Keynote: Securing Open Source Software”, to be presented at The Linux Foundation Member Summit (November 2-4 2021) Brian Hong, “Sleight of ARM: Demystifying Intel Houdini”, to be presented at…

This month, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick external panelists, “Threatscape 2023 and Beyond: AI, Deep Fakes and Other Unexpected Challenges”, to be presented at MapleSec (Oct 6 2021) Damon Small, “Which security role is right for me?”, to be presented at Shellcon …

This month, members of NCC Group will be presenting their work at the following conferences: Javed Samuel, “Overview of Open-Source Cryptography Vulnerabilities”, to be presented at the International Cryptographic Module Conference 2021 (Virtual – Sept 3 2021) Robert Seacord, “Secure Coding”, to be presented at Auto ISAC Analysts (Virtual –…

This year, NCC Group researchers will be presenting 10 presentations at Black Hat USA (2 Briefings, 2 Arsenal tools, and 6 training sessions), and 7 presentations at DEF CON 29 (2 main track talks, 3 Demo Labs, and 2 Village talks). A guide to these presentations (abstracts, dates, and links)…

This month, members of NCC Group will be presenting their work at the following conferences: Dirk-Jan Mollema, “Walking your dog in multiple forests – Breaking AD Trust Boundaries Through Kerberos Vulnerabilities”, to be presented in a Black Hat Webcast (Virtual, June 3 2021) Michael Gough, “Incident Response Fails – What…

This month, members of NCC Group will be presenting their work at the following conferences: Sourya Biswas, “Psychology of the Phish: Leveraging the Seven Principles of Influence”, to be presented at ISACA Conference North America (Virtual – May 5 2021) Sourya Biswas, “Cybersecurity is War: Lessons from Historical Conflicts”, to…

NCC Group will be presenting 4 different training courses at Black Hat USA 2021. Below you will find high level details about each course, as well as a link to a detailed course description and course registration details on the Black Hat website. Join us! Mastering Container Security V5 –…

Throughout February and March, members of NCC Group will be presenting their work at the following conferences: Jennifer Fernick (NCC Group), Rao Lakkakula (JPMorgan Chase), Christopher Robinson (Red Hat), Kay Williams (Microsoft), “Frontiers in Securing the Open Source Ecosystem,” to be presented at FOSS Backstage (Virtual – February 10-12 2021)…

Earlier this month, our Cryptography Services team got together and attended (virtually) the IACR’s annual Real World Cryptography (RWC) conference. RWC is a fantastic venue for the latest results in real world cryptography from industry and academia. Holding this conference virtually inevitably introduced some changes: to accommodate as many time…

In this recording of a presentation by NCC Group’s Damon Small at Hou.Sec.Con in October 2020, he outlines the evolution of the Purdue Reference Model in ICS/OT security, which draws the security boundaries between users, ICS networks, and business networks, and shows the dramatic ways in which these boundaries have…

Editor’s note: Updated December 14th 2020 to include CCC presentation and December 16th 2020 to include No cON Name presentation. This month, members of NCC Group will be presenting their work at the following conferences: Jon Szymaniak, “Guiding Engineering Teams Toward a More Secure Usage of U-Boot,” to be presented…

This month, members of NCC Group will be presenting their work at the following conferences: Sourya Biswas, “Cybersecurity is War: Lessons from Historical Conflicts,” to be presented at BSidesCT (Virtual – November 14 2020) Ian Coldwater (Independent), Duffie Cooley, Brad Geesaman (Darkbit), and Rory McCune (NCC Group), “Keynote: SIG-Honk AMA…

This month, members of NCC Group will be presenting their work at the following conferences: Dirk-Jan Mollema, “Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities,” to be presented at Black Hat Asia 2020 (Virtual – October 1 2020) Sanne Maasakkers, “Improve Security Awareness Campaigns by…

This month, NCC Group researchers will be presenting their work at the following conferences: Rami McCarthy, “AWS Security: Easy Wins and Enterprise Scale,” to be presented at BSides Boston (Virtual – September 26 2020) Dirk-Jan Mollema, “Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities,” to…

In December 2019 we launched this new technical security research blog site. As part of its launch we had cause to revisit our old blog website and found a myriad of forgotten whitepapers and conference presentations spanning NCC Group’s history (formation in 1999). Deeply nested on our old blog site…

This month, NCC Group researchers will be presenting their work at the following conferences: Dirk-Jan Mollema, “ROADtools and ROADrecon,” to be presented at Black Hat USA 2020 (Virtual – August 1-6 2020) Chris Nevin, “Carnivore: Microsoft External Attack Tool” to be presented at Black Hat USA 2020 (Virtual – August…

This month, members of NCC Group will be presenting their work at the following conferences: Adam Rudderman, “Bug Bounty: Why is this happening?” presented at Nullcon Goa (Goa, India – March 3-7 2020) Rob Wood, “[Panel]: CSIS Security Panel Discussion,” presented at OCP Global Summit (San Jose, CA – March…

Written by Cedric Halbronn On Saturday 15th February, I gave a talk titled “How CVE-2018-8611 Can be Exploited to Achieve Privilege Escalation on Windows 10 1809 (RS5) and Earlier”. This research was done by Aaron Adams and myself and was presented by Aaron at POC2019 at the end of last…

On Saturday, February 1st, I gave my talk titled “Command and KubeCTL: Real-World Kubernetes Security for Pentesters” at Shmoocon 2020. I’m following up with this post that goes into more details than I could cover in 50 minutes. This will re-iterate the points I attempted to make, walk through the…

This month, members of NCC Group will be giving the following 6 conference presentations: Mark Manning, “Command and KubeCTL: Real-World Kubernetes Security for Pentesters” presented at Shmoocon (Washington, DC – January 31-February 2 2020) Clint Gibler, “How to 10X Your Company’s Security (Without a Series D),” presented at BSidesSF (San Francisco, CA…

This month, in addition to the several dozen technical talks and trainings our researchers will offer at our internal conferences, NCC CON US and NCC CON Europe, two NCC Group researchers will also be presenting work publicly: Clint Gibler, “DevSecOps State of the Union v2.0,” presented at AppSec Cali (Santa…

Earlier this month NCC Group held NCC Con Europe, boasting 500 attendees and more than 120 talks – all hosted in the beautiful city of Madrid. During the three day conference we saw both technical, sales and other support teams come together and share information through talks, workshops and demonstrations.…

In the first week of 2017, more than 500 NCC Group consultants and colleagues attended the Group’s annual internal conference, otherwise known as NCC CON, in Dublin, Ireland. The event welcomed team members from all over the world, with representation from our European, Canadian, Australian and US offices. NCC Group…

This week more than 300 NCC Group consultants and colleagues gathered in Dublin for NCC Con Europe 2016. People came from all over the world for the event, including from the Group’s European, Canadian, Australian, and even US offices. The internal conference began with two days of training provided for…

Digital Audio Broadcasting (DAB) radio receivers can be found in many new cars and are often integrated into what has become known as the “infotainment system” – typically a large screen in the dashboard that the vehicle occupants interact with to control anything from what music is playing, to making…

This research was originally presented at Black Hat 2013 Black Hat 2013 – Bluetooth Smart Presentation Available 06 Aug 2013 – Mike Ryan The slides for the Bluetooth Smart presentation from Black Hat 2013 are now available. The presentation was given by Mike Ryan and looks into Bluetooth “Smart” (also known as…

This research was originally presented at Black Hat 2013 Black Hat 2013 – Cryptopocalypse Presentation Available 06 Aug 2013 – iSEC Partners The slides for the Preparing for the Cryptopocalypse presentation from Black Hat 2013 are now available. The group presentation was given by Alex Stamos, Tom Ritter, Javed Samuel and Thomas…