SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store

Authors: Alberto Segura, Malware analystRolf Govers, Malware analyst & Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especially Android banking malware. Within the Threat Intelligence team of NCC Group we're looking closely to several of these malware families to provide valuable information to our … Continue reading SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store →

NCC Group co-signs the Electronic Frontier Foundation’s Statement on DMCA Use Against Security Researchers

Today, NCC Group alongside a number of security firms and technology organizations co-signed a statement by the Electronic Frontier Foundation in opposition to the use of Section 1201 of the Digital Millennium Copyright Act against security researchers performing research in good faith, including when using third-party security testing tools. We believe that the security of … Continue reading NCC Group co-signs the Electronic Frontier Foundation’s Statement on DMCA Use Against Security Researchers →

Tool Release – Principal Mapper v1.1.0 Update

Principal Mapper, or PMapper, is a tool and library for in-depth analysis with AWS Identity and Access Management, as well as AWS Organizations. PMapper stores data about AWS accounts and organizations, then provides options to query, visualize, and analyze that data. The library, written in Python, enables users to extend PMapper's functionality for other use-cases. … Continue reading Tool Release – Principal Mapper v1.1.0 Update →

How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension

In this post we show how to import WStalker output into Burp Suite and the Logger++ extension to build a sitemap from a recorded session for use in Intruder and Repeater.

Common Insecure Practices with Configuring and Extending Salesforce

This article discusses the most common findings from a sample of over 35 security assessments of Salesforce customer deployments conducted by NCC Group. The assessments covered a mixture of configuration and code review based on our customers’ use of the Salesforce platform, not of Salesforce itself. The findings were sorted into broad categories, of which … Continue reading Common Insecure Practices with Configuring and Extending Salesforce →

CVE-2019-1381 and CVE-2020-0859 – How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability

By Phillip Langlois and Edward Torkington Introduction In November 2019, we published a blog post covering an elevation-of-privilege vulnerability we found in Windows whilst conducting research into Windows Component Object Model (COM) services. During the course of this research, we discovered a number of vulnerabilities in several COM services that we reported to Microsoft. In … Continue reading CVE-2019-1381 and CVE-2020-0859 – How Misleading Documentation Led to a Broken Patch for a Windows Arbitrary File Disclosure Vulnerability →

Welcome to the new NCC Group Global Research blog

Welcome to the new NCC Group Global Research blog. Here we will share blog posts on a range of technical topics that our consultants are thinking about, and on NCC Group's research projects, papers, presentations, and tools from around the globe.

Cisco ASA series part five: libptmalloc gdb plugin

This article is part of a series of blog posts. We recommend that you start at the beginning. Alternatively, scroll to the bottom of this article to navigate through the whole series. We're releasing a gdb plugin for analysing ptmalloc2. This plugin is essentially a fork from an older version of cloudburst's libheap [1], but with … Continue reading Cisco ASA series part five: libptmalloc gdb plugin →

Whitepaper: Recognizing and Preventing TOCTOU

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Recognizing and Preventing TOCTOU Whitepaper 03 Mar 2015 - Christopher Hacking Time-Of-Check-to-Time-Of-Use (TOCTOU) vulnerabilities have been known for decades, but are still frequently discovered in modern code. This diverse … Continue reading Whitepaper: Recognizing and Preventing TOCTOU →

Black Hat 2013 – Femtocell Presentation Slides, Videos and App

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Black Hat 2013 - Femtocell Presentation Slides, Videos and App 19 Aug 2013 - Tom Ritter We’re back from Las Vegas, rested, and finally ready to release the slides, videos, and our … Continue reading Black Hat 2013 – Femtocell Presentation Slides, Videos and App →