iSEC Engages in TrueCrypt Audit

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iSEC Engages in TrueCrypt Audit 23 Dec 2013 - Tom Ritter Is TrueCrypt audited yet? It’s finally happening. For the past few months, there has been much ado about TrueCrypt, the popular open-source encryption … Continue reading iSEC Engages in TrueCrypt Audit

White Paper: Login Service Security

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Login Service Security 17 Dec 2013 - Rachel Engel Web application login services are deceptively simple to develop, leading application developers to repeat the mistakes of the past. Learning … Continue reading White Paper: Login Service Security

Tool Release: SSL pinning bypass and other Android tools

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. SSL pinning bypass and other Android tools 13 Dec 2013 - Marc Blanchou iSEC is releasing several Cydia Substrate extensions to facilitate the black box testing of Android applications: Android-SSL-TrustKiller This … Continue reading Tool Release: SSL pinning bypass and other Android tools

Tool Release: Blackbox Android App Analysis with Introspy

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Blackbox Android App Analysis with Introspy 13 Dec 2013 - Marc Blanchou & Alban Diquet As previously announced during our Ruxcon presentation, we’re now releasing Introspy for Android. The final version of the tool was demonstrated … Continue reading Tool Release: Blackbox Android App Analysis with Introspy

White Paper: Browser Extension Password Managers

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Browser Extension Password Managers 05 Nov 2013 - Paul Youn Advancements in password cracking and frequent theft of password databases endanger single-factor password authentication systems. Password managers are one … Continue reading White Paper: Browser Extension Password Managers

Ruxcon 2013 – Introspy Presentation Slides

This research was originally presented at: Ruxcon 2013 Ruxcon 2013 - Introspy Presentation Slides 27 Oct 2013 - Alban Diquet Update: Introspy for Android is now available; we’ve also updated the slides with additional information regarding the tool. The slides for the Introspy: Security Profiling for Blackbox iOS and Android presentation from Ruxcon 2013 are now available. The presentation was … Continue reading Ruxcon 2013 – Introspy Presentation Slides

Tool Release: iOS Secure State Preservation

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. iOS Secure State Preservation 18 Sep 2013 - Tom Daniels iOS 6 introduced the concept of application state preservation. The purpose of state preservation is to hide unexpected application termination from users. Regardless of … Continue reading Tool Release: iOS Secure State Preservation

Tool Release: Redirecting traffic with dnsRedir.py

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Redirecting traffic with dnsRedir.py 05 Sep 2013 - Tim Newsham Often while performing network protocol testing, we want to be able to redirect traffic going to a legitimate server to a server of our … Continue reading Tool Release: Redirecting traffic with dnsRedir.py

Tool Release: Blackbox iOS App Analysis with Introspy

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Blackbox iOS App Analysis with Introspy 21 Aug 2013 - Tom Daniels & Alban Diquet In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming tasks - especially when … Continue reading Tool Release: Blackbox iOS App Analysis with Introspy

Man-in-the-Middling Non-Proxy Aware Wi-Fi Devices with a Pineapple

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Man-in-the-Middling Non-Proxy Aware Wi-Fi Devices with a Pineapple 21 Aug 2013 - Anson Gomes Every security professional has to Man-in-the-Middle (MitM) network communication at some point in their career. This can be challenging in … Continue reading Man-in-the-Middling Non-Proxy Aware Wi-Fi Devices with a Pineapple