Announcing NCC Group’s Cryptopals Guided Tour!

Hello and welcome to NCC Group's Cryptopals guided tour! This post is the first in a series of eight installments covering the solutions to the Cryptopals Crypto Challenges. These have been a long time coming, and we're excited to finally start bringing them to you. For those who don't know, Cryptopals is a series of … Continue reading Announcing NCC Group’s Cryptopals Guided Tour!

Why IoT Security Matters

Introduction Internet of Things security can mean any number of things for your product and its users. This will depend largely on the context of the product and its deployment, and can include specific requirements, such as integrity, confidentiality, availability, safety, privacy, consent, authenticity, and more. Understanding how security fits into the product’s threat modelling … Continue reading Why IoT Security Matters

An Illustrated Guide to Elliptic Curve Cryptography Validation

Elliptic Curve Cryptography (ECC) has become the de facto standard for protecting modern communications. ECC is widely used to perform asymmetric cryptography operations, such as to establish shared secrets or for digital signatures. However, insufficient validation of public keys and parameters is still a frequent cause of confusion, leading to serious vulnerabilities, such as leakage … Continue reading An Illustrated Guide to Elliptic Curve Cryptography Validation

Lending a hand to the community – Covenant v0.7 Updates

Introduction Covenant [1] is an open source .NET command and control framework to support Red Team operations, similar in many ways to the well-known Cobalt Strike threat emulation software. Covenant is an ASP.NET Core, cross-platform application that includes a web-based interface that allows for multi-user collaboration. It has two main agents/payloads: The Grunt, which is … Continue reading Lending a hand to the community – Covenant v0.7 Updates

Cryptopals: Exploiting CBC Padding Oracles

This is a write-up of the classic padding oracle attack on CBC-mode block ciphers. If you've done the Cryptopals cryptography challenges, you'll remember it as challenge 17. This is a famous and elegant attack. With it, we will see how even a small data leak (in this case, the presence of a "padding oracle" - … Continue reading Cryptopals: Exploiting CBC Padding Oracles

Domestic IoT Nightmares: Smart Doorbells

Preface Half way through 2020, UK independent consumer champion Which? magazine reached out to us and asked if we could assist investigating the security of a series of domestic IoT devices and to perform a vulnerability assessment of each device. The assessments included smart plugs and smart/connected doorbells. We also worked on a number of … Continue reading Domestic IoT Nightmares: Smart Doorbells

The Extended AWS Security Ramp-Up Guide

On November 25th, AWS released the Ramp-Up Learning Guide for AWS Cloud Security, Governance, and Compliance. The Security Ramp-Up is a curated list of educational AWS resources. The goal is "to teach in-demand cloud skills and real-world knowledge that you can rely on to keep up with cloud security, governance, and compliance developments and grow … Continue reading The Extended AWS Security Ramp-Up Guide

Code Patterns for API Authorization: Designing for Security

Summary This post describes some of the most common design patterns for authorization checking in web application code. Comparisons are made between the design patterns to help understand when each pattern makes sense as well as the drawbacks of the pattern. For developers and architects, this post helps you to understand what the different code … Continue reading Code Patterns for API Authorization: Designing for Security

Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation

Introduction During a recent Active Directory assessment we had access as a low-privilege user to a fully-patched and secured domain workstation. After trying a number of different approaches to elevate privileges locally, we came across the blog post “Wagging the Dog: Abusing Resource-Based Constrained Delegation to Attack Active Directory” [1] from Elad Shamir. One of … Continue reading Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation

Chafer backdoor analysis

Introduction A few weeks ago we published a config decrypter[1] for a sample that we believe is related with the Chafer group. Chafer is a well-known group which has primarily been operating in the Middle East. Their arsenal includes several custom-made tools, variants of the Remexi malware and open-source/publically available tools such as ‘Mimikatz’ or … Continue reading Chafer backdoor analysis