Uncategorized

Kubernetes is essentially a framework of various services that make up its typical architecture, which can be divided into two roles: the control-plane, which serves as a central control hub and hosts most of the components, and the nodes or workers, where containers and their respective workloads are executed. Within…

Authored by Joshua Kamp (main author) and Alberto Segura. Summary Hook and ERMAC are Android based malware families that are both advertised by the actor named “DukeEugene”. Hook is the latest variant to be released by this actor and was first announced at the start of 2023. In this announcement,…

Cedric Halbronn and Alex Plaskett presented at OffensiveCon on the 19th of May 2023 on Exploit Engineering – Attacking the Linux kernel. Slides The slides for the talk can be downloaded below: libslub libslub can be downloaded from here. Abstract The abstract for the talk was as follows: Over the…

Hello and welcome to NCC Group’s Cryptopals guided tour! This post is the second in a series of eight installments (previously) covering the solutions to the Cryptopals Crypto Challenges. For those who don’t know, Cryptopals is a series of eight sets of challenges covering common cryptographic constructs and common attacks…

During the summer of 2022, Google engaged NCC Group to conduct a security assessment of the Confidential Space product. The system provides a confidential computing environment that allows cloud customers to run workloads in the cloud that can be attested to run a specific payload with high assurances that the…

On Friday 14th of October 2022 Alex Plaskett (@alexjplaskett) and Cedric Halbronn (@saidelike) presented Toner Deaf – Printing your next persistence at Hexacon 2022. This talk demonstrated remote over the network exploitation of a Lexmark printer and persistence across both firmware updates and reboots. The video from this talk is…

Authors: Alberto Segura, Malware analyst Rolf Govers, Malware analyst Forensic IT Expert NCC Group, as well as many other researchers noticed a rise in Android malware last year, especially Android banking malware. Within the Threat Intelligence team of NCC Group we’re looking closely to several of these malware families to…

Today, NCC Group alongside a number of security firms and technology organizations co-signed a statement by the Electronic Frontier Foundation in opposition to the use of Section 1201 of the Digital Millennium Copyright Act against security researchers performing research in good faith, including when using third-party security testing tools.  We…

Principal Mapper, or PMapper, is a tool and library for in-depth analysis with AWS Identity and Access Management, as well as AWS Organizations. PMapper stores data about AWS accounts and organizations, then provides options to query, visualize, and analyze that data. The library, written in Python, enables users to extend…

In this post we show how to import WStalker output into Burp Suite and the Logger++ extension to build a sitemap from a recorded session for use in Intruder and Repeater.

This article discusses the most common findings from a sample of over 35 security assessments of Salesforce customer deployments conducted by NCC Group. The assessments covered a mixture of configuration and code review based on our customers’ use of the Salesforce platform, not of Salesforce itself. The findings were sorted…

Welcome to the new NCC Group Global Research blog. Here we will share blog posts on a range of technical topics that our consultants are thinking about, and on NCC Group’s research projects, papers, presentations, and tools from around the globe. 

This article is part of a series of blog posts. We recommend that you start at the beginning. Alternatively, scroll to the bottom of this article to navigate through the whole series. We’re releasing a gdb plugin for analysing ptmalloc2. This plugin is essentially a fork from an older version of…

This patch notification details a high risk vulnerability in Microsoft Remote Desktop discovered by Edward Torkington. Download Patch Notification

Summary Name: Symantec Messaging Gateway – Out-of-band stored-XSS delivered by emailRelease Date: 30 November 2012Reference: NGS00268Discoverer: Ben WilliamsVendor: SymantecVendor Reference:Systems Affected: Symantec Messaging Gateway 9.5.3-3Risk: CriticalStatus: Published TimeLine Discovered: 17 April 2012Released: 17 April 2012Approved: 29 April 2012Reported: 30 April 2012Fixed: 27 August 2012Published: 30 November 2012 Description I. VULNERABILITY…

Summary Name: Symantec Messaging Gateway – Arbitrary file download is possible with a crafted URL (authenticated)Release Date: 30 November 2012Reference: NGS00266Discoverer: Ben Williams Vendor: SymantecVendor Reference:Systems Affected: Symantec Messaging Gateway 9.5.3-3Risk: MediumStatus: Published TimeLine Discovered: 17 April 2012Released: 17 April 2012Approved: 29 April 2012Reported: 30 April 2012Fixed: 27 August 2012Published: 30…

Oops you’ve come to this page in error You are not authorised to access the document you have requested

Oops you’ve come to this page in error You are not authorised to access the document you have requested

Oops you’ve come to this page in error You are not authorised to access the document you have requested

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Recognizing and Preventing TOCTOU Whitepaper 03 Mar 2015 – Christopher Hacking Time-Of-Check-to-Time-Of-Use (TOCTOU) vulnerabilities have been known for decades, but are still frequently discovered…

Oops you’ve come to this page in error Oops you are not authorised to access the document you’ve requested

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. AWS environment security assessment with Scout2 19 Feb 2014 – Loïc Simon Security engineers at iSEC Partners are regularly involved in projects that require assessing the security of an…

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. Black Hat 2013 – Femtocell Presentation Slides, Videos and App 19 Aug 2013 – Tom Ritter We’re back from Las Vegas, rested, and finally ready to release…

SSLyze v0.7 Released 14 Aug 2013 – Alban Diquet A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. Changelog Complete rewrite of the OpenSSL wrapper as a C extension SSLyze is now statically linked with the…

VSR Security Advisory http://www.vsecurity.com/ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: WebLogic Plugin HTTP Injection via Encoded URLs Release Date: 2010-07-13 Application: WebLogic Plugin Versions: All known versions Severity: High Discovered by: Timothy D. Morgan < tmorgan (at) vsecurity {dot} com > Contributors: George D. Gal < ggal {at} vsecurity (dot) com > Vendor…