Uncategorized
OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel
Cedric Halbronn and Alex Plaskett presented at OffensiveCon on the 19th of May 2023 on Exploit Engineering – Attacking the Linux kernel. Slides The slides for the talk can be downloaded below: libslub libslub can be downloaded from here. Abstract The abstract for the talk was as follows: Over the…
Announcing NCC Group’s Cryptopals Guided Tour: Set 2
Hello and welcome to NCC Group’s Cryptopals guided tour! This post is the second in a series of eight installments (previously) covering the solutions to the Cryptopals Crypto Challenges. For those who don’t know, Cryptopals is a series of eight sets of challenges covering common cryptographic constructs and common attacks…
Public Report – Confidential Space Security Review
During the summer of 2022, Google engaged NCC Group to conduct a security assessment of the Confidential Space product. The system provides a confidential computing environment that allows cloud customers to run workloads in the cloud that can be attested to run a specific payload with high assurances that the…
Toner Deaf – Printing your next persistence (Hexacon 2022)
On Friday 14th of October 2022 Alex Plaskett (@alexjplaskett) and Cedric Halbronn (@saidelike) presented Toner Deaf – Printing your next persistence at Hexacon 2022. This talk demonstrated remote over the network exploitation of a Lexmark printer and persistence across both firmware updates and reboots. The video from this talk is…
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
Authors: Alberto Segura, Malware analyst Rolf Govers, Malware analyst Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especially Android banking malware. Within the Threat Intelligence team of NCC Group we’re looking closely to several of these malware families to…
NCC Group co-signs the Electronic Frontier Foundation’s Statement on DMCA Use Against Security Researchers
Today, NCC Group alongside a number of security firms and technology organizations co-signed a statement by the Electronic Frontier Foundation in opposition to the use of Section 1201 of the Digital Millennium Copyright Act against security researchers performing research in good faith, including when using third-party security testing tools. We…
Tool Release – Principal Mapper v1.1.0 Update
Principal Mapper, or PMapper, is a tool and library for in-depth analysis with AWS Identity and Access Management, as well as AWS Organizations. PMapper stores data about AWS accounts and organizations, then provides options to query, visualize, and analyze that data. The library, written in Python, enables users to extend…
How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension
In this post we show how to import WStalker output into Burp Suite and the Logger++ extension to build a sitemap from a recorded session for use in Intruder and Repeater.
Common Insecure Practices with Configuring and Extending Salesforce
This article discusses the most common findings from a sample of over 35 security assessments of Salesforce customer deployments conducted by NCC Group. The assessments covered a mixture of configuration and code review based on our customers’ use of the Salesforce platform, not of Salesforce itself. The findings were sorted…
Welcome to the new NCC Group Global Research blog
Welcome to the new NCC Group Global Research blog. Here we will share blog posts on a range of technical topics that our consultants are thinking about, and on NCC Group’s research projects, papers, presentations, and tools from around the globe.
Cisco ASA series part five: libptmalloc gdb plugin
This article is part of a series of blog posts. We recommend that you start at the beginning. Alternatively, scroll to the bottom of this article to navigate through the whole series. We’re releasing a gdb plugin for analysing ptmalloc2. This plugin is essentially a fork from an older version of…
Windows remote desktop memory corruptoin leading to RCE on XPSP3
This patch notification details a high risk vulnerability in Microsoft Remote Desktop discovered by Edward Torkington. Download Patch Notification
Symantec Messaging Gateway Out of band stored XSS delivered by email
Summary Name: Symantec Messaging Gateway – Out-of-band stored-XSS delivered by emailRelease Date: 30 November 2012Reference: NGS00268Discoverer: Ben WilliamsVendor: SymantecVendor Reference:Systems Affected: Symantec Messaging Gateway 9.5.3-3Risk: CriticalStatus: Published TimeLine Discovered: 17 April 2012Released: 17 April 2012Approved: 29 April 2012Reported: 30 April 2012Fixed: 27 August 2012Published: 30 November 2012 Description I. VULNERABILITY…
Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL (authenticated)
Summary Name: Symantec Messaging Gateway – Arbitrary file download is possible with a crafted URL (authenticated)Release Date: 30 November 2012Reference: NGS00266Discoverer: Ben Williams Vendor: SymantecVendor Reference:Systems Affected: Symantec Messaging Gateway 9.5.3-3Risk: MediumStatus: Published TimeLine Discovered: 17 April 2012Released: 17 April 2012Approved: 29 April 2012Reported: 30 April 2012Fixed: 27 August 2012Published: 30…
Premium Content Gateway
Oops you’ve come to this page in error You are not authorised to access the document you have requested
Premium Practical Law Content Gateway
Oops you’ve come to this page in error You are not authorised to access the document you have requested
Premium Practical Law Content Gateway(2)
Oops you’ve come to this page in error You are not authorised to access the document you have requested
Whitepaper: Recognizing and Preventing TOCTOU
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Recognizing and Preventing TOCTOU Whitepaper 03 Mar 2015 – Christopher Hacking Time-Of-Check-to-Time-Of-Use (TOCTOU) vulnerabilities have been known for decades, but are still frequently discovered…
Authorisation
Oops you’ve come to this page in error Oops you are not authorised to access the document you’ve requested
AWS environment security assessment with Scout2
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. AWS environment security assessment with Scout2 19 Feb 2014 – Loïc Simon Security engineers at iSEC Partners are regularly involved in projects that require assessing the security of an…
Black Hat 2013 – Femtocell Presentation Slides, Videos and App
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Black Hat 2013 – Femtocell Presentation Slides, Videos and App 19 Aug 2013 – Tom Ritter We’re back from Las Vegas, rested, and finally ready to release…
SSLyze v0.7 Released
SSLyze v0.7 Released 14 Aug 2013 – Alban Diquet A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. Changelog Complete rewrite of the OpenSSL wrapper as a C extension SSLyze is now statically linked with the…
WebLogic Plugin HTTP Injection via Encoded URLs
VSR Security Advisory http://www.vsecurity.com/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin Versions: All known versions Severity: High Discovered by: Timothy D. Morgan < tmorgan (at) vsecurity {dot} com > Contributors: George D. Gal < ggal {at} vsecurity (dot) com > Vendor…