OAuth is the widely used standard for access delegation, enabling many of the "Sign in with X" buttons and "Connect your Calendar" features of modern Internet software. OAuth 2.0 is the most common and recent version of this specification, which defines four grant types (as well as various extensions), specifically suited for different use cases. … Continue reading An offensive guide to the Authorization Code grant
A local macOS user or process may be able to modify or replace files executed by Installer. This could allow a low-privileged user or process to gain arbitrary code execution with root privileges, effectively leading to a full system compromise.
The secure generation of parameters for zk-SNARKs is a crucial step in the trustworthiness of the resulting proof system. By highlighting some potential pitfalls and important security considerations of these implementations, NCC Group hopes to provide helpful pointers to all implementers and avoid the introduction of vulnerabilities detrimental to the confidence users have in the different applications of these systems.
Authors: Nikolaos Pantazopoulos, Stefano Antenucci (@Antelox), Michael Sandee and in close collaboration with NCC’s RIFT. About the Research and Intelligence Fusion Team (RIFT):RIFT leverages our strategic analysis, data science, and threat hunting capabilities to create actionable threat intelligence, ranging from IOCs and detection capabilities to strategic reports on tomorrow's threat landscape. Cyber security is an … Continue reading WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
Introduction A month ago, we released a new tool that made it possible to tunnel traffic over an existing Remote Desktop Connection without the need to alter the configuration of the environment. This tool enables penetration testers to conduct their assessments over Windows-based jump boxes. Remote Access technologies are quite diversified, although Remote Desktop Services … Continue reading Tool Release – Socks Over RDP Now Works With Citrix
This vulnerability applied to a 5 year old end of life version of CobaltStrike and is being published in the spirit of archaeological interest in the vulnerability. tl;dr This blog looks at some of the communication and encryption internals of Cobalt Strike between Beacons and the Team Server in the 3.5 family. We then explore … Continue reading Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability
Vendor: ARM Vendor URL: https://os.mbed.com/ Versions affected: Prior to 5.15.2 Systems Affected: ARM Mbed OS Author: Ilya Zhuravlev Risk: High Summary: The ARM Mbed operating system contains a USB Mass Storage driver (USBMD), which allows emulation of a mass storage device over USB. This driver contains a three (3) memory safety vulnerabilities, allowing adversaries with … Continue reading Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption
Publicly discovered in late April 2020, the Team9 malware family (also known as ‘Bazar’) appears to be a new malware being developed by the group behind Trickbot. Even though the development of the malware appears to be recent, the developers have already developed two components with rich functionality. The purpose of this blog post is to describe the functionality of the two components, the loader and the backdoor.
This blog post provides an overview of cheating and anti-cheat methods in electronic games. NCC Group has previously looked at cheating, and found ways to bypass anti-cheat, but this is more of an overview. It doesn’t contain details on particular games or companies. Cheats are specific to individual games and individual game companies handle cheat … Continue reading Game Security
Using a carefully crafted calendar event, an attacker can retrieve semi-arbitrary files from a target victim’s macOS system, all the victim has to do is click on an invite.