Research Paper – Machine Learning for Static Malware Analysis, with University College London

For the past few years, NCC Group has been an industry partner to the Centre for Doctoral Training in Data Intensive Science (CDT in DIS) at University College London (UCL). CDT is composed of a group of over 80 academics from across UCL in areas such as High Energy Physics, Astrophysics, Atomic and Molecular Physics, … Continue reading Research Paper – Machine Learning for Static Malware Analysis, with University College London

Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)

Overview RFCs have played a pivotal role in helping to formalise ideas and requirements for much of the Internet's design and engineering. They have facilitated peer review amongst engineers, researchers and computer scientists, which in turn has resulted in specification of key Internet protocols and their behaviours so that developers can implement those protocols in … Continue reading Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)

Double-odd Elliptic Curves

This post is about some new (or sort of new) elliptic curves for use in cryptographic protocols. They were made public in mid-December 2020, on a dedicated Web site: https://doubleodd.group/There is also a complete whitepaper, full of mathematical demonstrations, and several implementations. Oh noes, more curves! Will this never end? It is true that there … Continue reading Double-odd Elliptic Curves

Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record

Elliptic curves are commonly used to implement asymmetric cryptographic operations such as key exchange and signatures. These operations are used in many places, in particular to initiate secure network connections within protocols such as TLS and Noise. However, they are relatively expensive in terms of computing resources, especially for low-end embedded systems, which run on … Continue reading Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record

Immortalising 20 Years of Epic Research

In December 2019 we launched this new technical security research blog site. As part of its launch we had cause to revisit our old blog website and found a myriad of forgotten whitepapers and conference presentations spanning NCC Group's history (formation in 1999). Deeply nested on our old blog site we found over 200 whitepapers … Continue reading Immortalising 20 Years of Epic Research

Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often

tl;dr Today we've released a whitepaper on the key techniques that continue to enable us to breach the largest and most sophisticated organisations on the planet. Organisations that prioritize these areas, and the mitigations we outline, will thwart attacks while making threat actors work harder and ultimately fail more often. Objective The purpose of this … Continue reading Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often

Exploring DeepFake Capabilities & Mitigation Strategies with University College London

Overview  NCC Group is an industry partner for University College London’s (UCL) Centre for Doctoral Training in Data Intensive Science (CDT in DIS). The UCL CDT in DIS encompasses a wide range of areas in the field of 'big-data' including the collection, storage and analysis of large datasets, as well as the use of complex … Continue reading Exploring DeepFake Capabilities & Mitigation Strategies with University College London

Research Report – Zephyr and MCUboot Security Assessment

Over the years, NCC Group has audited countless embedded devices for our customers. Through these security assessments, we have observed that IoT devices are typically built using a hodgepodge of chipset vendor board support packages (BSP), bootloaders, SDKs, and an established Real Time Operating System (RTOS) such as Mbed or FreeRTOS. However, we have recently … Continue reading Research Report – Zephyr and MCUboot Security Assessment

Curve9767 and Fast Signature Verification

This post is about elliptic curves as they are used in cryptography, in particular for signatures. There are many ways to define specific elliptic curves that strive to offer a good balance between security and performance; here, I am talking about specific contributions of mine: a new curve definition, and some algorithmic improvements that target … Continue reading Curve9767 and Fast Signature Verification

Blind Return Oriented Programming

tl;dr In 2014 a paper [http://www.scs.stanford.edu/brop/bittau-brop.pdf] which introduces Blind Return Oriented Programming (BROP), a state-of-the-art exploitation technique, was released by researchers from Stanford University. The paper discusses a general approach in which BROP is used to exploit services which are both vulnerable to stack-based buffer overflows and automatically recover after a crash. What is best … Continue reading Blind Return Oriented Programming