Introduction In recent years, the gaming industry has grown significantly, especially casino games and sports betting. Online casinos consolidate their position as one of the main sources of entertainment in many countries worldwide, which evidently involves a notable rise in their turnover. For instance, in Spain alone, the gaming industry generated revenue of around €4,567 … Continue reading Online Casino Roulette – A guideline for penetration testers and security researchers
In this post we explore how to use the extensible nature of Thinkst Canary to build a high interaction honeypot.
This month, NCC Group researchers will be presenting their work at the following conferences: Rami McCarthy, "AWS Security: Easy Wins and Enterprise Scale," to be presented at BSides Boston (Virtual - September 26 2020)Dirk-Jan Mollema, "Walking Your Dog in Multiple Forests: Breaking AD Trust Boundaries through Kerberos Vulnerabilities," to be presented at Black Hat Asia … Continue reading Conference Talks – September 2020
wolfSSL is a C-language-based SSL/TLS library targeted at IoT, embedded, and RTOS environments. wolfSSL incorrectly implements the TLS 1.3 client state machine. This allows attackers in a privileged network position to completely impersonate any TLS 1.3 servers and read or modify potentially sensitive information between clients using the wolfSSL library and these TLS servers.
Multiple HTML injection vulnerabilities were found in several KaiOS mobile applications that are pre-installed on KaiOS mobile devices. The following vulnerabilities affected multiple KaiOS mobile devices: KaiOS Email Application HTML Injection (CVE-2019-14756)KaiOS Contacts Application HTML Injection (CVE-2019-14757)KaiOS File Manager Application HTML Injection (CVE-2019-14758)KaiOS Recorder Application HTML Injection (CVE-2019-14760)KaiOS Note Application HTML Injection (CVE-2019-14761)KaiOS FM Radio … Continue reading Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications
In December 2019 we launched this new technical security research blog site. As part of its launch we had cause to revisit our old blog website and found a myriad of forgotten whitepapers and conference presentations spanning NCC Group's history (formation in 1999). Deeply nested on our old blog site we found over 200 whitepapers … Continue reading Immortalising 20 Years of Epic Research
This is the last of three code-centric blog posts on pairing based cryptography. Support for these operations in an Ethereum precompiled contract has been proposed , and support for a related pairing configuration in precompiled contracts is already in operation [2, 3]. The first post  covered modular arithmetic, finite fields, the embedding degree, and … Continue reading Pairing over BLS12-381, Part 3: Pairing!
Yesterday, the Microsoft Security Response Center announced their Most Valuable Security Researchers for 2020 (MVRs). This honour, awarded annually by Microsoft during Black Hat USA, is a part of MSRC's Researcher Recognition program, and recognizes the top security researchers globally based upon the volume, accuracy, and impact of their vulnerability reports to Microsoft over the … Continue reading NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020
Preface During the Covid-19 pandemic, the battle to secure and protect businesses as well as consumers changed from the office environment to our homes, but this did not stop us from working on research projects aimed at contributing to the creation of a safer online world. Working from home, this research was carried out to … Continue reading Lights, Camera, HACKED! An insight into the world of popular IP Cameras