Research Blog
Insights and research from our global cybersecurity team.
SSLyze v0.7 Released
SSLyze v0.7 Released 14 Aug 2013 – Alban Diquet A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. Changelog Complete rewrite of the OpenSSL wrapper as a C extension SSLyze is now statically linked with the…
Black Hat 2013 – Bluetooth Smart Presentation Available
This research was originally presented at Black Hat 2013 Black Hat 2013 – Bluetooth Smart Presentation Available 06 Aug 2013 – Mike Ryan The slides for the Bluetooth Smart presentation from Black Hat 2013 are now available. The presentation was given by Mike Ryan and looks into Bluetooth “Smart” (also known as…
Black Hat 2013 – Cryptopocalypse Presentation Available
This research was originally presented at Black Hat 2013 Black Hat 2013 – Cryptopocalypse Presentation Available 06 Aug 2013 – iSEC Partners The slides for the Preparing for the Cryptopocalypse presentation from Black Hat 2013 are now available. The group presentation was given by Alex Stamos, Tom Ritter, Javed Samuel and Thomas…
How To Spot a Penetration Tester in Your Network (and Catch the Real Bad Guys at the Same Time)
I’ve been re-reading the Mandiant report on the notorious APT1 group, and it occurred to me that the tools and techniques used by this relatively unsophisticated (but very successful) group are similar to those used by penetration testers. That isn’t to say that penetration testers, or pen testers as they are colloquially…
Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
Virtual Security Research, LLC. http://www.vsecurity.com/ Security Advisory -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Advisory Name: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks Release Date: 2013-06-19 Application: IBM WebSphere Commerce Versions: 5.6.X, 6.0.X, 7.0.X, possibly others Credit: Timothy D. Morgan George D. Gal Vendor Status: Patch Available by Request [5] CVE Candidate: CVE-2013-0523 Reference: http://www.vsecurity.com/resources/advisory/20130619-1/…
Tool Release: PeachFarmer
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Tool Release: PeachFarmer 14 Jun 2013 – Michael Lynch Cloud-based Fuzzing with Peach Several of the consultants here at iSEC perform fuzz testing using the Peach fuzzing framework. One of…
EasyDA – Easy Windows Domain Access Script
For people who regularly conduct internal penetration tests on Windows domains, typically you will see common issues arise such as common passwords. If you are able to obtain a local administrator hash, in most instances you can normally compromise the entire domain. Typically the hash will be common with other…
White Paper: An Introduction to Authenticated Encryption
This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. An Introduction to Authenticated Encryption 29 Apr 2013 – Shawn Fitzgerald Historically, independent encryption and message authentication codes (MAC) have been used to provide…
ASP.NET Security and the Importance of KB2698981 in Cloud Environments Threat Brief
This threat brief discusses a security issue noted by NCC Group in September 2012 relating to the use of ASP.NET forms authentication in a shared / cloud hosting environment. If virtual hosting is used to make multiple applications on the same IIS server available at different domain names, then a…
Pip3line – The Swiss Army Knife of Byte Manipulation
Here at NCC Group we work with raw bytes a lot! As I couldn’t find a good tool to manipulate, encode and decode easily I set about writing Pip3line a while back. While it has been available for a while as open source I’ve not really discussed it outside of…