Research Blog
Insights and research from our global cybersecurity team.
Ruling the rules
Mathew Vermeer is a doctoral candidate at the Organisation Governance department of the faculty of Technology, Policy and Management of Delft University of Technology. At the same university, he has received both a BSc degree in Computer Science and Engineering, as well as a MSc degree in Computer Science with…
HITB Phuket 2023 – Exploiting the Lexmark PostScript Stack
Aaron Adams presented this talk at HITB Phuket on the 24th August 2023. The talk detailed how NCC Exploit Development Group (EDG) in Pwn2Own 2022 Toronto was able to exploit two different PostScript vulnerabilities in Lexmark printers. The presentation is a good primer for those interested in further researching the…
Public Report – Entropy/Rust Cryptography Review
During the summer of 2023, Entropy Cryptography Inc engaged NCC Group’s Cryptography Services team to perform a cryptography and implementation review of several Rust-based libraries implementing constant-time big integer arithmetic, prime generation, and secp256k1 (k256) elliptic curve functionality. Two consultants performed the review within 40 person-days of effort, which included…
SIAM AG23: Algebraic Geometry with Friends
I recently returned from Eindhoven, where I had the pleasure of giving a talk on some recent progress in isogeny-based cryptography at the SIAM Conference on Applied Algebraic Geometry (SIAM AG23). Firstly, I want to thank Tanja Lange, Krijn Reijnders and Monika Trimoska, who orgainsed the mini-symposium on the application…
5G security – how to minimise the threats to a 5G network
To ensure security of new 5G telecom networks, NCC Group has been providing guidance, conducting code reviews, red team engagements and pentesting 5G standalone and non-standalone networks since 2019. As with any network various attackers are motivated by different reasons. An attacker could be motivated to either gain information about…
Real World Cryptography Conference 2023 – Part II
After a brief interlude, filled with several articles from the Cryptography Services team, we’re back with our final thoughts from this year’s Real World Cryptography Conference. In case you missed it, check out Part I for more insights. Interoperability in E2EE Messaging A specter is haunting Europe – the specter…
Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities
Multiple Unauthenticated SQL Injection Issues Security Filter Bypass – CVE-2023-34133 Description The GMS web application was found to be vulnerable to numerous SQL injection issues. Additionally, security mechanisms that were in place to help prevent against SQL Injection attacks could be bypassed. Impact An unauthenticated attacker could exploit these issues…
LeaPFRogging PFR Implementations
Back in October of 2022, this announcement by AMI caught my eye. AMI has contributed a product named “Tektagon Open Edition” to the Open Compute Project (OCP). Tektagon OpenEdition is an open-source Platform Root of Trust (PRoT) solution with foundational firmware security features that detect platform firmware corruption, recover the…
Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha-Based PRNG
Random number generators are the backbone of most cryptographic protocols, the crucial cornerstone upon which the security of all systems rely, yet they remain often overlooked. This blog post presents a real-world vulnerability discovered in the implementation of a Pseudo-Random Number Generator (PRNG) based on the ChaCha20 cipher. Discovery of…
Public Report – Penumbra Labs R1CS Implementation Review
In July 2023 Penumbra Labs engaged NCC Group’s Cryptography Services team to perform an implementation review of their Rank-1 Constraint System (R1CS) code and the associated zero-knowledge proofs within the Penumbra system. These proofs are built upon decaf377 and poseidon377, which have been previously audited by NCC Group, with a…
No Results Found :(
View articles by category
Most popular posts
Most recent posts
- Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call
- Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
- Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets
- Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group
- The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses