Research Blog

Insights and research from our global cybersecurity team.

Filter Content

D0nut encrypt me, I have a wife and no backups 

Unveiling the Dark Side: A Deep Dive into Active Ransomware Families Author: Ross Inman (@rdi_x64) Introduction Our technical experts have written a blog series focused on Tactics, Techniques and Procedures (TTP’s) deployed by four ransomware families recently observed during NCC Group’s incident response engagements.   In case you missed it, last…

Read more

Popping Blisters for research: An overview of past payloads and exploring recent developments

Summary Blister is a piece of malware that loads a payload embedded inside it. We provide an overview of payloads dropped by the Blister loader based on 137 unpacked samples from the past one and a half years and take a look at recent activity of Blister. The overview shows…

Read more

November 1, 2023

33 mins read

Read more

Technical Advisory: Insufficient Proxyman HelperTool XPC Validation

Summary The com.proxyman.NSProxy.HelperTool application (version 1.4.0), a privileged helper tool distributed with the Proxyman application (up to an including versions 4.10.1) for macOS 13 Ventura and earlier allows a local attacker to use earlier versions of the Proxyman application to maliciously change the System Proxy settings and redirect traffic to…

Read more

Unveiling the Dark Side: A Deep Dive into Active Ransomware Families 

Not so lucky: BlackCat is back!  Authors: Alex Jessop @ThisIsFineChief , Molly Dewis  While the main trend in the cyber threat landscape in recent months has been MoveIt and Cl0p, NCC Groups’ Cyber Incident Response Team have also been handling multiple different ransomware groups over the same period.   In the…

Read more

Public Report – Zcash FROST Security Assessment

In Summer 2023, the Zcash Foundation engaged NCC Group to conduct a securityassessment of the Foundation’s FROST threshold signature implementation, based on thepaper FROST: Flexible Round-Optimized Schnorr Threshold Signatures. This projectimplements v12 of the draft FROST specification in Rust, with a variety of options availablefor underlying elliptic curve groups. The…

Read more

Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)

Connectize’s G6 WiFi router was found to have multiple vulnerabilities exposing its owners to potential intrusion in their local Wi-Fi network and browser. The Connectize G6 router is a general consumer Wi-Fi router with an integrated web admin interface for configuration, and is available for purchase by the general public.…

Read more

Public Report – Caliptra Security Assessment

During August and September of 2023, Microsoft engaged NCC Group to conduct a security assessment of Caliptra v0.9. Caliptra is an open-source silicon IP block for datacenter-focused server-class ASICs. It serves as the internal root-of-trust for both measurement and identity of a system-on-chip. The main use cases for Caliptra are…

Read more

Introduction to AWS Attribute-Based Access Control

AWS allows tags, arbitrary key-value pairs, to be assigned to many resources. Tags can be used to categorize resources however you like. Some examples: In an account holding multiple applications, a tag called “application” might be used to denote which application is associated with each resource. A tag called “stage”…

Read more

On Multiplications with Unsaturated Limbs

This post is about a rather technical coding strategy choice that arises when implementing cryptographic algorithms on some elliptic curves, namely how to represent elements of the base field. We will be discussing Curve25519 implementations, in particular as part of Ed25519 signatures, as specified in RFC 8032. The most widely…

Read more

September 18, 2023

9 mins read

Read more

From ERMAC to Hook: Investigating the technical differences between two Android malware variants

Authored by Joshua Kamp (main author) and Alberto Segura. Summary Hook and ERMAC are Android based malware families that are both advertised by the actor named “DukeEugene”. Hook is the latest variant to be released by this actor and was first announced at the start of 2023. In this announcement,…

Read more

September 11, 2023

22 mins read

Read more

No Results Found :(

Call us before you need us.

Our experts will help you.

Get in touch