Research Blog

Insights and research from our global cybersecurity team.

Filter Content

NETGEAR Routers: A Playground for Hackers?

A detailed analysis on multiple vulnerabilities which were identified on the NETGEAR Nighthawk WiFi 6 Router (RAX AX2400) and may exist on other NETGEAR router models.

Read more

Real World Cryptography Conference 2023 – Part I

The annual Real World Cryptography Conference organized by the IACR recently took place in Tokyo, Japan. On top of 3 days of excellent talks, RWC was preceded by the 2nd annual FHE.org Conference and the Real World Post-Quantum Cryptography Workshop and followed by the High Assurance Crypto Software Workshop. Nearly…

Read more

May 10, 2023

11 mins read

Read more

Public Report – AWS Nitro System API & Security Claims

In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The public report for this review may be downloaded below:

Read more

May 3, 2023

1 min read

Read more

State of DNS Rebinding in 2023

Different forms of DNS rebinding attacks have been described as far back as 1996 for Java Applets and 2002 for JavaScript (Quick-Swap). It has been four years since our State of DNS Rebinding presentation in 2019 at DEF CON 27 (slides), where we introduced our DNS rebinding attack framework Singularity…

Read more

Machine Learning 103: Exploring LLM Code Generation

This executable blog post is the third in a series related to machine learning and explores code generation from a 16 billion parameter large language model (LLM). After a brief look under the hood at the LLM structure and parameter allocation, we generate a variety of Python functions and make…

Read more

HITBAMS – Your Not so “Home” Office – Soho Hacking at Pwn2Own

Alex Plaskett and McCaulay Hudson presented this talk at HITB AMS on the 20th April 2023. The talk showcased NCC Exploit Development Group (EDG) in Pwn2Own 2022 Toronto targeting all consumer routers (Netgear, TP-Link and Synology) from both a LAN and WAN perspective.  The talk also described how we compromised…

Read more

Public Report – Kubernetes 1.24 Security Audit

NCC Group was selected to perform a security evaluation of Kubernetes 1.24.0 release in response to Kubernetes SIG Security’s Third-Party Security Audit Request for Proposals. The testing portion of the audit took place in May and June 2022. The global project team performed a security architectural design review that resulted…

Read more

Public Report – Solana Program Library ZK-Token Security Assessment

In August 2022, Solana Foundation engaged NCC Group to conduct a security assessment of the ZK-Token SDK, a collection of open-source functions and types that implement the core cryptographic functionalities of the Solana Program Library (SPL) Confidential Token extension. These functionalities are homomorphic encryption and associated proofs used to demonstrate…

Read more

Stepping Insyde System Management Mode

In October of 2022, Intel’s Alder Lake BIOS source code was leaked online. The leaked code was comprised of firmware components that originated from three sources: I obtained a copy of the leaked code and began to hunt for vulnerabilities. This writeup focuses on the vulnerabilities that I found and…

Read more

Breaking Pedersen Hashes in Practice

The Pedersen hash function has gained popularity due to its efficiency in the arithmetic circuits used in zero-knowledge proof systems. Hash functions are a crucial primitive in cryptography, and zero-knowledge proof systems often make heavy use of them, for example when computing Merkle tree roots and paths. Instead of being…

Read more

March 22, 2023

14 mins read

Read more

No Results Found :(

Call us before you need us.

Our experts will help you.

Get in touch