SCOMplicated? – Decrypting SCOM “RunAs” credentials

This post will detail how it is possible to compromise a System Center Operations Manager (SCOM) server and extract the plaintext RunAs credentials from the database. We will also provide tips on how to detect such attacks. What are RunAs credentials? In brief, when creating a SCOM workflow, RunAs profiles (and in turn RunAs accounts) … Continue reading SCOMplicated? – Decrypting SCOM “RunAs” credentials

Berserko: Kerberos Authentication for Burp Suite

We’ve released a new tool called Berserko, which is a Burp Suite extension to perform Kerberos authentication. We use Burp Suite for web application security assessments and it gives us excellent results. However, anyone that has experience in pen testing in enterprise environments will be able to tell you that it's increasingly common to find … Continue reading Berserko: Kerberos Authentication for Burp Suite

Public Report – Matrix Olm Cryptographic Review

In September 2016, Matrix, along with financial support from the Open Technology Fund, engaged NCC Group’s Cryptography Services Practice to perform a targeted review of their cryptographic library Olm. The review covered two major components of the Olm library: the double ratchet used for peer-to-peer communications, and Megolm, the group ratchetingmechanism. Matrix has produced several … Continue reading Public Report – Matrix Olm Cryptographic Review

A Peek Behind the Great Firewall of Russia

KGB jokeInterrogation of a native Siberian tribesman: Where is the gold?Translator: Where is the gold?Tribesman: Won’t tell!Translator: He won’t tell.KGB interrogator: If you won’t tell, we’ll kill you.Translator: If you won’t tell, they’ll kill you.Tribesman: It’s hidden by the yurt’s entrance.Translator: He says “Go ahead, I won’t tell!” What the law actually says As part … Continue reading A Peek Behind the Great Firewall of Russia

A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext

Introduction One of our clients recently approached us for assistance with recovering data from a laptop hard drive which had been encrypted using TrueCrypt. A hardware repair gone wrong had led to problems booting the operating system and a variety of attempted fixes had been unsuccessful. They had already sent the drive to a specialist … Continue reading A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext

SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities

Previous current event This is a current event and as such this blog post is subject to change over the course of the next couple of days as we perform further supplementary research and analysis. 1.0: Initial version.1.1: Revised to include further vulnerable software, alpha signature and small clarifications.1.2: Added additional analysis from NCC Group’s … Continue reading SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities