Tool Release: SSLyze v 0.9 released – Heartbleed edition

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. SSLyze v 0.9 released - Heartbleed edition 16 Apr 2014 - Alban Diquet A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server by … Continue reading Tool Release: SSLyze v 0.9 released – Heartbleed edition →

Tool Release: DIBF Tool Suite

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. DIBF Tool Suite 16 Apr 2014 - Nicolas Guigo Introducing iSEC Partners’ Windows driver testing suite. The source, binaries and example output are available at https://github.com/iSECPartners/DIBF under the GPLv2 license. Currently three tools are included: DIBF … Continue reading Tool Release: DIBF Tool Suite →

iSEC Completes TrueCrypt Audit

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iSEC Completes TrueCrypt Audit 14 Apr 2014 - Tom Ritter Is TrueCrypt Audited Yet? Yes, in part! For nearly a decade, tens of millions of users have been trusting the open source encryption software, TrueCrypt. … Continue reading iSEC Completes TrueCrypt Audit →

Heartbleed (CVE-2014-0160) Advisory

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Heartbleed (CVE-2014-0160) Advisory 10 Apr 2014 - Andy Grant, Justin Engler, Aaron Grattafiori News of a major widespread vulnerability discovered by Neel Mehta came out Monday, April 7 2014. This vulnerability allows a network … Continue reading Heartbleed (CVE-2014-0160) Advisory →

White Paper: Cryptopocalypse Reference Paper

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Cryptopocalypse Reference Paper 20 Mar 2014 - Javed Samuel Alex Stamos, Tom Ritter and Javed Samuel presented “Preparing for the Cryptopocalypse” at Black Hat 2013, looking into the latest … Continue reading White Paper: Cryptopocalypse Reference Paper →

iOS certificate pinning code updated for iOS 7

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iOS certificate pinning code updated for iOS 7 01 Feb 2014 - Alban Diquet We’ve updated the iOS certificate pinning code which is part of iSEC’s SSL Conservatory project on Github. This new version brings … Continue reading iOS certificate pinning code updated for iOS 7 →

Tool Release: Announcing the Release of RtspFuzzer

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Announcing the Release of RtspFuzzer 07 Jan 2014 - Michael Lynch iSEC Partners is pleased to announce the release of RtspFuzzer, an open-source fuzzer for the real-time streaming protocol (RTSP). RTSP is a text-based … Continue reading Tool Release: Announcing the Release of RtspFuzzer →

iOS 7 tool updates

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iOS 7 tool updates 02 Jan 2014 - Alban Diquet With the availability of the evasi0n7 jailbreak and the subsequent release two days ago of Cydia Substrate with support for iOS 7 and ARM64, a full-blown … Continue reading iOS 7 tool updates →

Tool Release: SSLyze v0.8 released

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. SSLyze v0.8 released 30 Dec 2013 - Alban Diquet A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. Changelog … Continue reading Tool Release: SSLyze v0.8 released →

Fuzzing RTSP to discover an exploitable vulnerability in VLC

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Fuzzing RTSP to discover an exploitable vulnerability in VLC 30 Dec 2013 - Michael Lynch In this post, we will describe the bug iSEC recently discovered in the Live555 library (CVE-2013-6933, CVE-2013-6934). This yielded … Continue reading Fuzzing RTSP to discover an exploitable vulnerability in VLC →