PhanTap (Phantom Tap): Making networks spookier one packet at a time

As a security consultant at NCC Group, sometimes our clients hire us to perform red team engagements. Essentially, the goal is to sneak into one or more of their office locations however possible (think tailgating, social engineering, even delivering delicious pizzas). Once inside, we use this privileged access to conduct nefarious activities, such as looking … Continue reading PhanTap (Phantom Tap): Making networks spookier one packet at a time

Tool Release: Introducing opinel: Scout2’s favorite tool

Introducing opinel: Scout2's favorite tool 03 Aug 2015 - Loïc Simon With boto3 being stable and generally available1, NCC took the opportunity to migrate Scout2 and AWS-recipes to boto3. As part of that migration effort, we decided to publish the formerly-known-as AWSUtils repository – used by Scout2 and AWS-recipes – as a python package required … Continue reading Tool Release: Introducing opinel: Scout2’s favorite tool

Tool Release: Calculating SQL Permissions

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Calculating SQL Permissions 09 Feb 2015 - Peter Oehlert iSEC Partners is happy to announce the availability of a tool to help those wishing to better secure their database applications and users. It is a simple … Continue reading Tool Release: Calculating SQL Permissions

Tool Release: A Simple DLL Injection Utility

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. A Simple DLL Injection Utility 29 Oct 2014 - Nicolas Guigo NCLoader is a simple command-line DLL injection tool for windows. It takes a PID or process name as parameter and accounts for systems … Continue reading Tool Release: A Simple DLL Injection Utility

Tool Release: You’ll Never (Ever) Take Me Alive!

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Tool Release: You'll Never (Ever) Take Me Alive! 09 May 2014 - Tom Ritter A year ago, we released You’ll Never Take Me Alive — a tool that helps protects Full Disk Encrypted Windows computers from … Continue reading Tool Release: You’ll Never (Ever) Take Me Alive!

Tool Release: SSLyze v 0.9 released – Heartbleed edition

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. SSLyze v 0.9 released - Heartbleed edition 16 Apr 2014 - Alban Diquet A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server by … Continue reading Tool Release: SSLyze v 0.9 released – Heartbleed edition

Tool Release: DIBF Tool Suite

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. DIBF Tool Suite 16 Apr 2014 - Nicolas Guigo Introducing iSEC Partners’ Windows driver testing suite. The source, binaries and example output are available at https://github.com/iSECPartners/DIBF under the GPLv2 license. Currently three tools are included: DIBF … Continue reading Tool Release: DIBF Tool Suite

Tool Release: Announcing the Release of RtspFuzzer

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Announcing the Release of RtspFuzzer 07 Jan 2014 - Michael Lynch iSEC Partners is pleased to announce the release of RtspFuzzer, an open-source fuzzer for the real-time streaming protocol (RTSP). RTSP is a text-based … Continue reading Tool Release: Announcing the Release of RtspFuzzer

Tool Release: SSLyze v0.8 released

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. SSLyze v0.8 released 30 Dec 2013 - Alban Diquet A new version of SSLyze is now available. SSLyze is a Python tool that can analyze the SSL configuration of a server by connecting to it. Changelog … Continue reading Tool Release: SSLyze v0.8 released

Tool Release: SSL pinning bypass and other Android tools

This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity, and can be downloaded below. SSL pinning bypass and other Android tools 13 Dec 2013 - Marc Blanchou iSEC is releasing several Cydia Substrate extensions to facilitate the black box testing of Android applications: Android-SSL-TrustKiller This … Continue reading Tool Release: SSL pinning bypass and other Android tools