ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks

In this recording of a presentation by NCC Group's Damon Small at Hou.Sec.Con in October 2020, he outlines the evolution of the Purdue Reference Model in ICS/OT security, which draws the security boundaries between users, ICS networks, and business networks, and shows the dramatic ways in which these boundaries have blurred in recent years, necessitating … Continue reading ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks

Conference Talks – December 2020

Editor's note: Updated December 14th 2020 to include CCC presentation and December 16th 2020 to include No cON Name presentation. This month, members of NCC Group will be presenting their work at the following conferences: Jon Szymaniak, "Guiding Engineering Teams Toward a More Secure Usage of U-Boot," to be presented at the Open Source Firmware … Continue reading Conference Talks – December 2020

Conference Talks – November 2020

This month, members of NCC Group will be presenting their work at the following conferences: Sourya Biswas, "Cybersecurity is War: Lessons from Historical Conflicts," to be presented at BSidesCT (Virtual - November 14 2020) Ian Coldwater (Independent), Duffie Cooley, Brad Geesaman (Darkbit), and Rory McCune (NCC Group), "Keynote: SIG-Honk AMA Panel: Hacking and Hardening in … Continue reading Conference Talks – November 2020

Conference Talks – October 2020

This month, members of NCC Group will be presenting their work at the following conferences: Dirk-Jan Mollema, "Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities," to be presented at Black Hat Asia 2020 (Virtual - October 1 2020)Sanne Maasakkers, "Improve Security Awareness Campaigns by Applying Phishing Research," to be presented … Continue reading Conference Talks – October 2020

Conference Talks – September 2020

This month, NCC Group researchers will be presenting their work at the following conferences: Rami McCarthy, "AWS Security: Easy Wins and Enterprise Scale," to be presented at BSides Boston (Virtual - September 26 2020)Dirk-Jan Mollema, "Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities," to be presented at Black Hat Asia … Continue reading Conference Talks – September 2020

Immortalising 20 Years of Epic Research

In December 2019 we launched this new technical security research blog site. As part of its launch we had cause to revisit our old blog website and found a myriad of forgotten whitepapers and conference presentations spanning NCC Group's history (formation in 1999). Deeply nested on our old blog site we found over 200 whitepapers … Continue reading Immortalising 20 Years of Epic Research

Conference Talks – August 2020

This month, NCC Group researchers will be presenting their work at the following conferences: Dirk-Jan Mollema, "ROADtools and ROADrecon," to be presented at Black Hat USA 2020 (Virtual - August 1-6 2020)Chris Nevin, "Carnivore: Microsoft External Attack Tool" to be presented at Black Hat USA 2020 (Virtual - August 1-6 2020)Rory McCune, "Mastering Container Security … Continue reading Conference Talks – August 2020

Conference Talks – March 2020

This month, members of NCC Group will be presenting their work at the following conferences: Adam Rudderman, "Bug Bounty: Why is this happening?" presented at Nullcon Goa (Goa, India - March 3-7 2020) Rob Wood, "[Panel]: CSIS Security Panel Discussion," presented at OCP Global Summit (San Jose, CA - March 4-5 2020) Rory McCune, "[Training]: … Continue reading Conference Talks – March 2020

CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation

Written by Cedric Halbronn On Saturday 15th February, I gave a talk titled "How CVE-2018-8611 Can be Exploited to Achieve Privilege Escalation on Windows 10 1809 (RS5) and Earlier". This research was done by Aaron Adams and myself and was presented by Aaron at POC2019 at the end of last year. The OffensiveCon slides are … Continue reading CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation

Deep Dive into Real-World Kubernetes Threats

On Saturday, February 1st, I gave my talk titled “Command and KubeCTL: Real-World Kubernetes Security for Pentesters” at Shmoocon 2020. I’m following up with this post that goes into more details than I could cover in 50 minutes. This will re-iterate the points I attempted to make, walk through the demo, and provide resources for … Continue reading Deep Dive into Real-World Kubernetes Threats