osmos::feed

Open

DeXRAY v2.36

Brian is one of the biggest supporters of DeXRAY, and for years he has been actively contributing to its improvements – by adding lots of new code, adding new features and fixing bugs. In this release, Brian fixed a bug … Continue reading → ( 2 min )
Open

What Will Shape Cybersecurity in 2026: AI Speed, Expanding Attack Surfaces, and Specialized Red Teams

2026 will hit cybersecurity like a fast-forward button: AI moves quicker than governance, attack surfaces sprawl into the physical world, and red teams get hyper-specialized. Here’s what’s coming—and how to stay ahead before “optional” becomes “too late.” ( 10 min )
Open

Windows 11 password icon missing from lock screen sign-in options

A known bug in Windows 11 causes the password icon to become invisible or missing from the lock screen sign-in options after installing specific Windows updates released since August 2025. Although the button remains functionally available, it is not visible to users, requiring them to hover over a blank space to access the password field. Source

Proxmox VE 9.1: Create LXC containers from OCI images, granular nested-virt CPU control, and more

In a previous blog post, I reviewed the new features of Proxmox VE 9.0. Proxmox VE 9.1 arrives with several impactful upgrades, including the ability to create LXC containers directly from OCI images, eliminating the need for separate LXC templates. The release also introduces qcow2-based TPM state storage for fully snapshot-friendly vTPM setups and adds granular nested-virt CPU flag control for more flexible virtualization. Alongside an improved SDN interface and core component updates, these enhancements significantly reduce admin friction and streamline VM and container management. Source
Open

Active Directory Security Tip #15: Active Directory Domain Root Permissions

This week let’s look at Active Directory domain permissions which are configured on the domain root and apply to the domain. There are many different type of concerning permissions, but let’s look at the most egregious. I wrote a PowerShell script leveraging the Active Directory PowerShell module that can help identify these permissions on the … Continue reading ( 5 min )

Open

What is Agent Workspace in Windows 11

Agent Workspace is an experimental feature in Windows 11 that creates a separate, contained environment where AI agents can operate autonomously in the background. Microsoft is introducing this capability as part of its vision to transform Windows 11 into an AI-native operating system, allowing AI to perform complex tasks while users continue their regular work uninterrupted. Source

New Outlook fails to open Excel attachments with non-ASCII characters: Try opening the file again later

Microsoft is working to resolve an issue that prevents users from opening Excel email attachments in the new Outlook client when the filenames contain non-ASCII characters. The bug affects Exchange Online customers and displays an error message that reads, "Try opening the file again later." Source
Open

Introducing constant-time support for LLVM to protect cryptographic code

Trail of Bits has developed constant-time coding support for LLVM, providing developers with compiler-level guarantees that their cryptographic implementations remain secure against branching-related timing attacks. These changes are being reviewed and will be added in an upcoming release, LLVM 22. This work introduces the __builtin_ct_select family of intrinsics and supporting infrastructure that prevents the Clang compiler, and potentially other compilers built with LLVM, from inadvertently breaking carefully crafted constant-time code. This post will walk you through what we built, how it works, and what it supports. We’ll also discuss some of our future plans for extending this work. The compiler optimization problem Modern compilers excel at making code run faster. They eliminate redu… ( 5 min )
Open

Don’t throw a hissy fit; defend against Medusa

No content preview ( 12 min )

Azucar

No content preview ( 6 min )

Blackbox iOS App Assessments Using idb

No content preview ( 6 min )

iOS Instrumentation Without Jailbreak

No content preview

Decoding network data from a Gh0st RAT variant

No content preview

LTair: The LTE Air Interface Tool

No content preview

Ghost Vulnerability (CVE-2015-0235)

No content preview

Peeling back the layers on defence in depth…knowing your onions

No content preview

Impersonating Gamers With GPT-2

No content preview

Demystifying Cobalt Strike’s “make_token” Command

No content preview

Assessing the security and privacy of Vaccine Passports

No content preview

Analysis of Boomerang Differential Trials via a SAT-Based Constraint Solver URSA

No content preview

An Analysis of Mobile Geofencing App Security

No content preview

NCC CON Europe 2017

No content preview

iOS User Enrollment and Trusted Certificates

No content preview

Chafer backdoor analysis

No content preview

Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly

No content preview

IETF Draft: Indicators of Compromise and Their Role in Attack and Defen[c|s]e

No content preview

Are you oversharing (in Salesforce)? Our new tool could sniff it out!

No content preview

NCC Group placed first in global 5G Cyber Security Hack competition

No content preview

How will GDPR impact your communications?

No content preview

A Guide to Improving Security Through Infrastructure-as-Code

No content preview

A few notes on usefully exploiting libstagefright on Android 5.x

No content preview

A Simple and Practical Approach to Input Validation

No content preview

A Peek Behind the Great Firewall of Russia

No content preview

A New Flying Kitten?

No content preview

A jq255 Elliptic Curve Specification, and a Retrospective

No content preview

Advanced Exploitation of Oracle PL/SQL Flaws

No content preview

Adobe Acrobat Reader XML Forms Data Format Buffer Overflow

No content preview

Abusing Privileged and Unprivileged Linux Containers

No content preview

Abusing Blu-ray Players Part 1 – Sandbox Escapes

No content preview

A WarCon 2017 Presentation: Cisco ASA – Exploiting the IKEv1 Heap Overflow – CVE-2016-1287

No content preview

Advisory-CraigSBlackie-CVE-2016-9795

No content preview

Advice for security decision makers contemplating the value of Antivirus

No content preview

Adversarial Machine Learning: Approaches & defences

No content preview

Adventures in Xen Exploitation

No content preview

An Illustrated Guide to Elliptic Curve Cryptography Validation

No content preview

An adventure in PoEKmon NeutriGo land

No content preview

An Adventure in Contingency Debugging: Ruby IO#read/IO#write Considered Harmful

No content preview

Alternative Approaches for Fault Injection Countermeasures (Part 3/3)

No content preview

An Introduction to Ultrasound Security Research

No content preview

An Introduction to Quantum Computing for Security Professionals

No content preview

An Introduction to Heap overflows on AIX 5.3L

No content preview

An Introduction to Fault Injection (Part 1/3)

No content preview

Android Cloud Backup/Restore

No content preview

Analysis of the Linux backdoor used in freenode IRC network compromise

No content preview

Analysing a recent Poison Ivy sample

No content preview

An offensive guide to the Authorization Code grant

No content preview

Call Map: A Tool for Navigating Call Graphs in Python

No content preview

C Language Standards Update – Zero-size Reallocations are Undefined Behavior

No content preview

Bypassing Oracle DBMS_ASSERT (in certain situations)

No content preview

Business Insights: Cyber Security in the Financial Sector

No content preview

Android SSL Bypass

No content preview

Post-exploiting a compromised etcd – Full control over the cluster and its nodes

No content preview

PeachFarmer

No content preview

NCC Group’s Upcoming Trainings at Black Hat USA 2021

No content preview

Machine Learning for Static Analysis of Malware – Expansion of Research Scope

No content preview

Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath

No content preview

IAM user management strategy (part 2)

No content preview

Paradoxical Compression with Verifiable Delay Functions

No content preview

Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often

No content preview

Lessons learned from 50 bugs: Common USB driver vulnerabilities

No content preview

From CSV to CMD to qwerty

No content preview

Forensic Fuzzing Tools

No content preview

Project Bishop: Clustering Web Pages

No content preview

Jailbreak

No content preview

iOS MobileSlideShow USB Image Class arbitrary code execution.txt

No content preview

hostresolver

No content preview

Hacking the Extensible Firmware Interface

No content preview

Machine Learning 103: Exploring LLM Code Generation

No content preview

Java RMI Registry.bind() Unvalidated Deserialization

No content preview

Jailbreak, updated and open-sourced

No content preview

Image IO Memory Corruption

No content preview

Harnessing GPUs Building Better Browser Based Botnets

No content preview

LibAVCodec AMV Out of Array Write

No content preview

How we breach network infrastructures and protect them

No content preview

Ghidra nanoMIPS ISA module

No content preview

Getting per-user Conditional Access MFA status in Azure

No content preview

Flash security restrictions bypass: File upload by URLRequest

No content preview

LAPSUS$: Recent techniques, tactics and procedures

No content preview

Introducing idb-Simplified Blackbox iOS App Pentesting

No content preview

HITB Phuket 2023 – Exploiting the Lexmark PostScript Stack

No content preview

From ERMAC to Hook: Investigating the technical differences between two Android malware variants

No content preview

Five Essential Machine Learning Security Papers

No content preview

Integrating DigitalOcean into ScoutSuite

No content preview

Hackproofing Oracle Application Server

No content preview

General Data Protection Regulation: Knowing your data

No content preview

Fuzzing the Easy Way Using Zulu

No content preview

Flubot: the evolution of a notorious Android Banking Malware

No content preview

How to Spot and Prevent an Eclipse Attack

No content preview

Heartbleed (CVE-2014-0160) Advisory

No content preview

General Data Protection Regulation – are you ready?

No content preview

Fuzzing the Easy Way Using Zulu (1)

No content preview

FrisbeeLite

No content preview

HTTP Profiler

No content preview

Going “AUTH the Rails” on a Crazy Train

No content preview

G-Scout

No content preview

Fuzzing USB devices using Frisbee Lite

No content preview

Fuzzbox

No content preview

Nagios XI Network Monitor – OS Command Injection

No content preview

ISM RAT

No content preview

Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group

No content preview

Hackproofing MySQL

No content preview

Hacking Displays Made Interesting

No content preview

Gizmo

No content preview

Intent Fuzzer

No content preview

How to Backdoor Diffie-Hellman

No content preview

Hacking a web application

No content preview

Grepify – a Small Tool for Code Reviewers

No content preview

grepify

No content preview

Hunting SQL Injection Bugs

No content preview

How much training should staff have on cyber security?

No content preview

Helping Engineering Teams Tackle Security Debt in Embedded Systems: U-Boot Configuration Auditing Introduced in Depthcharge v0.2.0

No content preview

HDMI Ethernet Channel

No content preview

Hacking Appliances: Ironic exploits in security products

No content preview

Ivanti Zero Day – Threat Actors observed leveraging CVE-2021-42278 and CVE-2021-42287 for quick privilege escalation to Domain Admin

No content preview

Intel® Software Guard Extensions (SGX): A Researcher’s Primer

No content preview

In-depth analysis of the new Team9 malware family

No content preview

Hiccupy

No content preview

Heartbleed OpenSSL vulnerability

No content preview

Low Cost Attacks on Smart Cards – The Electromagnetic Side-Channel

No content preview

IODIDE

No content preview

Intel BIOS Advisory – Memory Corruption in HID Drivers

No content preview

Impress Pages CMS Remote Code Execution

No content preview

How to protect yourself & your organisation from phishing attacks

No content preview

House

No content preview

Inter-Protocol Exploitation

No content preview

ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks

No content preview

IAX Voice Over-IP Security

No content preview

IAM user management strategy

No content preview

How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension

No content preview

Kivlad

No content preview

iOS SSL Killswitch

No content preview

Improving your Network and Application Assurance Strategy in an environment of increasing 0day vulnerabilities

No content preview

Implementing and Detecting a PCI Rootkit

No content preview

Immunity Debugger Buffer Overflow

No content preview

iSEC audit of MediaWiki

No content preview

iOS 7 arbitrary code execution in kernel mode

No content preview

Introducing Chuckle and the Importance of SMB Signing

No content preview

Interfaces.d to RCE

No content preview

Intent Sniffer

No content preview

Integrity destroying malicious code for financial or geopolitical gain: A vision of the future?

No content preview

lapith

No content preview

Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)

No content preview

Introspy for Android

No content preview

Introducing Azucar

No content preview

Internet of Things Security

No content preview

Latest threats to the connected car & intelligent transport ecosystem

No content preview

Kubernetes Security: Consider Your Threat Model

No content preview

Jackson Deserialization Vulnerabilities

No content preview

iOS certificate pinning code updated for iOS 7

No content preview

Introduction to AWS Attribute-Based Access Control

No content preview

Live Incident Blog: June Global Ransomware Outbreak

No content preview

Lending a hand to the community – Covenant v0.7 Updates

No content preview

iSEC Partners Releases SSLyze

No content preview

iSEC Engages in TrueCrypt Audit

No content preview

IP-reputation-snort-rule-generator

No content preview

Maritime Cyber Security: Threats and Opportunities

No content preview

Machine learning from idea to reality: a PowerShell case study

No content preview

Lumension Device Control (formerly Sanctuary) remote memory corruption

No content preview

Logs, Logs, the Audit Trail – Features of a Successful Log Management Solution

No content preview

Lessons learned from 50 USB bugs

No content preview

LeaPFRogging PFR Implementations

No content preview

McAfee Email and Web Security Appliance v5.6 – Session hijacking (and bypassing client-side session timeouts)

No content preview

Manifest Explorer

No content preview

Managing PowerShell in a modern corporate environment

No content preview

Man-in-the-Middling Non-Proxy Aware Wi-Fi Devices with a Pineapple

No content preview

Login Service Security

No content preview

Phishing Stories

No content preview

Oracle Forensics Part 2: Locating Dropped Objects

No content preview

My Hash is My Passport: Understanding Web and Mobile Authentication

No content preview

Managing Cyber Risk in the Supply Chain

No content preview

Machine Learning 104: Breaking AES With Power Side-Channels

No content preview

Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication Mechanism

No content preview

Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust

No content preview

Non Obvious PE Parsers – The .NET runtime – Part 1

No content preview

Mobile World Congress – Mobile Internet of Things

No content preview

PRTG Network Monitor Command injection

No content preview

NSA & CISA Kubernetes Security Guidance – A Critical Review

No content preview

NCC Group co-signs the Electronic Frontier Foundation’s Statement on DMCA Use Against Security Researchers

No content preview

McAfee Email and Web Security Appliance Active session tokens of other users are disclosed within the UI

No content preview

Cleaning Up After Cookies

No content preview

POC2021 – Pwning the Windows 10 Kernel with NTFS and WNF Slides

No content preview

Overview of Modern Memory Security Concerns

No content preview

NCC Group’s 2022 & 2023 Research Report

No content preview

Cisco ASA series part two: Static analysis & datamining of Cisco ASA firmware

No content preview

On Multiplications with Unsaturated Limbs

No content preview

Nessus Authenticated Scan – Local Privilege Escalation

No content preview

NCC Group Research at Black Hat USA 2021 and DEF CON 29

No content preview

Microsoft Internet Explorer CMarkup Use-After-Free

No content preview

Cisco ASA series part six: Cisco ASA mempools

No content preview

Oracle Hyperion 11 Directory Traversal

No content preview

MSSQL Lateral Movement

No content preview

Mergers & Acquisitions (M&A) cyber security due diligence

No content preview

McAfee Email and Web Security Appliance Any logged-in user can bypass controls to reset passwords of other administrators

No content preview

Cisco VPN Client Privilege Escalation

No content preview

Network Attached Security: Attacking a Synology NAS

No content preview

McAfee Email and Web Security Appliance Session hijacking and bypassing client-side session timeouts

No content preview

McAfee Email and Web Security Appliance Arbitrary file download is possible with a crafted URL, when logged in as any user

No content preview

Mature Security Testing Framework

No content preview

Cisco IPSec VPN Implementation Group Name Enumeration

No content preview

Medium Risk Vulnerability in Symantec Network Access Control

No content preview

McAfee Email and Web Security Appliance v5.6 – Any logged-in user can bypass controls to reset passwords of other administrators

No content preview

McAfee Email and Web Security Appliance v5.6 – Active session tokens of other users are disclosed within the UI

No content preview

McAfee Email and Web Security Appliance Reflective XSS allowing an attacker to gain session tokens

No content preview

cisco-SNMP-enumeration

No content preview

Preparing for Cyber Battleships – Electronic Chart Display and Information System Security

No content preview

Mining data from Cobalt Strike beacons

No content preview

Microsoft’s SQL Server vs. Oracle’s RDBMS

No content preview

Memory Gap

No content preview

McAfee Email and Web Security Appliance v5.6 – Password hashes can be recovered from a system backup and easily cracked

No content preview

Pointer Sequence Reverser (PSR)

No content preview

Order Details Screens and PII

No content preview

Mobile & web browser credential management: Security implications, attack cases & mitigations

No content preview

Microsoft announces the WMIC command is being retired, Long Live PowerShell

No content preview

metasploitavevasion

No content preview

Memory Scanning for the Masses

No content preview

NCC Group’s Jeremy Boone recognized for Highest Quality and Most Eligible Reports through the Intel Circuit Breaker program

No content preview

NCC Con Europe 2016

No content preview

Microsoft Zero-Day Vulnerability – OLE2Link – Threat Intelligence and Signatures

No content preview

Microsoft SQL Server Passwords

No content preview

Microsoft Office Memory Corruption Vulnerability

No content preview

Oracle Forensics Part 7 Using the Oracle System Change Number in Forensic Investigations

No content preview

Open Banking: Security considerations & potential risks

No content preview

On Linux’s Random Number Generation

No content preview

My name is Matt – My voice is my password

No content preview

Mobile apps and security by design

No content preview

Principal Mapper (pmapper)

No content preview

Oracle 11g TNS listener remote Invalid Pointer Read

No content preview

Nagios XI Network Monitor Stored and Reflected XSS

No content preview

Building Intuition for Lattice-Based Signatures – Part 1: Trapdoor Signatures

No content preview

Building an RDP Credential Catcher for Threat Intelligence

No content preview

Build Your Own Wi-Fi Mapping Drone Capability

No content preview

Buffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform

No content preview

Browser Extension Password Managers

No content preview

Broadcasting your attack – DAB security

No content preview

Breaking Pedersen Hashes in Practice

No content preview

Breaking into Security Research at NCC Group

No content preview

Blind Security Testing – An Evolutionary Approach

No content preview

Blind Return Oriented Programming

No content preview

BlackHat Asia USB Physical Access

No content preview

BlackBerry PlayBook Security – Part Two – BlackBerry Bridge

No content preview

BlackBerry PlayBook Security – Part One

No content preview

BlackBerry Link WebDav Server Bound to the BlackBerry VPN Adapter

No content preview

Black Hat USA 2015 presentation: Broadcasting your attack-DAB security

No content preview

Black Hat Europe 2013 Andy Davis: To dock or not to dock…

No content preview

Black Hat 2013 – Cryptopocalypse Presentation Available

No content preview

Black Hat 2013 – Bluetooth Smart Presentation Available

No content preview

Beyond data loss prevention

No content preview

Best practices with BYOD

No content preview

Best Practices for the use of Static Code Analysis within a Real-World Secure Development Lifecycle

No content preview

Berserko: Kerberos Authentication for Burp Suite

No content preview

Batten down the hatches: Cyber threats facing DP operations

No content preview

BAT: a Fast and Small Key Encapsulation Mechanism

No content preview

Back Office Web Administration Authentication Bypass

No content preview

AWS environment security assessment with Scout2

No content preview

AutoRepeater: Automated HTTP Request Repeating With Burp Suite

No content preview

Automating extraction from malware and recent campaign analysis

No content preview

Automated Reverse Engineering of Relationships Between Data Structures in C++ Binaries

No content preview

Automated enumeration of email filtering solutions

No content preview

Authorisation

No content preview

Attacks on SSL

No content preview

Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity

No content preview

Attacking the Windows Kernel (Black Hat Las Vegas 2007)

No content preview

AtHoc Toolbar

No content preview

Assuring Your DDoS Defences

No content preview

AssetHook

No content preview

Assessing Unikernel Security

No content preview

ASP.NET Security and the Importance of KB2698981 in Cloud Environments Threat Brief

No content preview

ASP.NET Security and the Importance of KB2698981 in Cloud Environments

No content preview

ASE 12.5.1 datatype overflow

No content preview

Archived Technical Advisories

No content preview

APT15 is Alive and Strong: An Analysis of RoyalCli and RoyalDNS

No content preview

Apple QuickTime Player m4a Processing Buffer Overflow

No content preview

Apple OSX/iPhone iOS ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow

No content preview

Apple Mac OS X ImageIO TIFF Integer Overflow

No content preview

Apple CoreAnimation Heap Overflow

No content preview

Apache Struts Vulnerability

No content preview

Anti Brute Force Resource Metering

No content preview

Announcing the AWS blog post series

No content preview

Cisco ASA series part five: libptmalloc gdb plugin

No content preview

Announcing NCC Group’s Cryptopals Guided Tour!

No content preview

Announcing NCC Group’s Cryptopals Guided Tour: Set 2

No content preview

Android-SSL-TrustKiller

No content preview

Check out our new Microcorruption challenges!

No content preview

CertPortal: Building Self-Service Secure S/MIME Provisioning Portal

No content preview

CECSTeR

No content preview

Bypassing Android’s Network Security Configuration

No content preview

Building WiMap the Wi-Fi Mapping Drone

No content preview

Building Intuition for Lattice-Based Signatures – Part 2: Fiat-Shamir with Aborts

No content preview

Combating Java Deserialisation Vulnerabilities with Look-Ahead Object Input Streams (LAOIS)

No content preview

Code Patterns for API Authorization: Designing for Security

No content preview

CMakerer: A small tool to aid CLion’s indexing

No content preview

CloudWatch: Amazon Web Services & Shellshock

No content preview

Cloud Security Presentation

No content preview

Compromising Apache Tomcat via JMX access

No content preview

Common Security Issues in Financially-Oriented Web Applications

No content preview

Common Insecure Practices with Configuring and Extending Salesforce

No content preview

Common Flaws of Distributed Identity and Authentication Systems

No content preview

Command Injection in XML Signatures and Encryption

No content preview

Conference Talks – October 2020

No content preview

Conference Talks – November 2020

No content preview

Conference Talks – May 2021

No content preview

Conference Talks – June 2022

No content preview

Conference Talks – February/March 2021

No content preview

Conference Talks – November 2021

No content preview

Conference Talks – June 2021

No content preview

Conference Talks – September/October 2022

No content preview

Conference Talks – September 2021

No content preview

Conference Talks – September 2020

No content preview

Cracking Random Number Generators using Machine Learning – Part 1: xorshift128

No content preview

CowCloud

No content preview

Conti-nuation: methods and techniques observed in operations post the leaks

No content preview

Content Security Policies Best Practices

No content preview

Content Security Policies and Popular CMS Systems

No content preview

Conference Talks – October 2021

No content preview

Creating Arbitrary Shellcode In Unicode Expanded Strings

No content preview

Creating a Safer OAuth User Experience

No content preview

Cranim: A Toolkit for Cryptographic Visualization

No content preview

Cracking RDP NLA Supplied Credentials for Threat Intelligence

No content preview

Cracking Random Number Generators using Machine Learning – Part 2: Mersenne Twister

No content preview

Critical Risk Vulnerability in SAP Message Server (Heap Overflow)

No content preview

Critical Risk Vulnerability in SAP DB Web Server (Stack Overflow)

No content preview

Critical Risk Vulnerability in Ingres (Pointer Overwrite 2)

No content preview

Critical Risk Vulnerability in Ingres (Pointer Overwrite 1)

No content preview

creep-web-app-scanner

No content preview

CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation

No content preview

CVE-2017-8570 RTF and the Sisfader RAT

No content preview

Curve9767 and Fast Signature Verification

No content preview

Cups-filters remote code execution

No content preview

Cross Site Request Forgery: An Introduction to a Common Web Application Weakness

No content preview

Cyber Security of New Space Paper

No content preview

Cyber Security in UK Agriculture

No content preview

Cyber red-teaming business-critical systems while managing operational risk

No content preview

Cyber Essentials Scheme

No content preview

CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service

No content preview

Dangling Cursor Snarfing: A New Class of Attack in Oracle

No content preview

Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha-Based PRNG

No content preview

D0nut encrypt me, I have a wife and no backups

No content preview

D-Link routers vulnerable to Remote Code Execution (RCE)

No content preview

D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow

No content preview

CyberVillainsCA

No content preview

Database Security: A Christmas Carol

No content preview

Database Security Brief: The Oracle Critical Patch Update for April 2007

No content preview

DataArmor Full Disk Encryption 3.0.12c – Restricted Environment breakout, Privilege Escalation and Full Disk Decryption

No content preview

Data-mining with SQL Injection and Inference

No content preview

DARPA OnStar Vulnerability Analysis

No content preview

Decoder Improved Burp Suite plugin release part one

No content preview

Decoder Improved Burp Suite Plugin

No content preview

Deception Engineering: exploring the use of Windows Installer Packages against first stage payloads

No content preview

DDoS Common Approaches and Failings

No content preview

Database Servers on Windows XP and the unintended consequences of simple file sharing

No content preview

Demystifying AWS’ AssumeRole and sts:ExternalId

No content preview

DeLux Edition: Getting root privileges on the eLux Thin Client OS

No content preview

Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server

No content preview

Deep Dive into Real-World Kubernetes Threats

No content preview

DECTbeacon

No content preview

Decrypting OpenSSH sessions for fun and profit

No content preview

Detection Engineering for Kubernetes clusters

No content preview

Detecting Karakurt – an extortion focused threat actor

No content preview

Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study

No content preview

Detecting anomalous Vectored Exception Handlers on Windows

No content preview

Derusbi: A Case Study in Rapid Capability Development

No content preview

DNS Pinning and Web Proxies

No content preview

Distributed Ledger (Blockchain) Security and Quantum Computing Implications

No content preview

Dissecting social engineering attacks

No content preview

Disclosure Policy

No content preview

DIBF – Updated

No content preview

dotnetpaddingoracle

No content preview

Domestic IoT Nightmares: Smart Doorbells

No content preview

Does TypeScript Offer Security Improvements Over JavaScript?

No content preview

Do not use your AWS root account

No content preview

Early CCS Attack Analysis

No content preview

Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)

No content preview

Drupal Vulnerability

No content preview

Double-odd Elliptic Curves

No content preview

dotnetpefuzzing

No content preview

eBook: Breach notification under GDPR – How to communicate a personal data breach

No content preview

eBook – Planning a robust incident response process

No content preview

eBook – Do you know how your organisation would react in a real-world attack scenario?

No content preview

EasyDA – Easy Windows Domain Access Script

No content preview

easyda

No content preview

Emissary Panda – A potential new malicious tool

No content preview

Elephant in the Boardroom Survey 2016

No content preview

EDIDFuzzer

No content preview

Accessing Private Fields Outside of Classes in Java

No content preview ( 6 min )

A Survey of Istio’s Network Security Features

No content preview ( 24 min )

An Adaptive-Ciphertext Attack Against “I ⊕ C” Block Cipher Modes With an Oracle

No content preview ( 6 min )

Encryption at rest: Not the panacea to data protection

No content preview

Endpoint connectivity

No content preview

End-of-life pragmatism

No content preview

Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm

No content preview

Enumerating System Management Interrupts

No content preview

Enterprise-scale seamless onboarding and deployment of Azure Sentinel using Lighthouse for multi-tenant environments

No content preview

Estimating the Bit Security of Pairing-Friendly Curves

No content preview

Erlang Security 101

No content preview

Eurocrypt 2023: Death of a KEM

No content preview

Ethics in Security Testing

No content preview

EternalGlue part one: Rebuilding NotPetya to assess real-world resilience

No content preview

Experiments in Extending Thinkst Canary – Part 1

No content preview

Exception Handling and Data Integrity in Salesforce

No content preview

Exploiting CVE-2014-0282

No content preview

Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks

No content preview

Exploit mitigations: keeping up with evolving and complex software/hardware

No content preview

Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit

No content preview

Exploiting CVE-2014-0282 (1)

No content preview

Exploiting Rich Content

No content preview

Exploiting PL/SQL Injection Flaws with only CREATE SESSION Privileges

No content preview

Exploiting Noisy Oracles with Bayesian Inference

No content preview

Exploiting Security Gateways Via Web Interfaces

No content preview

Exploiting Samba CVE-2015-0240 on Ubuntu 12.04 and Debian 7 32-bit

No content preview

Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code

No content preview

Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE-2015-0057) bug on both 32-bit and 64-bit

No content preview

Exploring Prompt Injection Attacks

No content preview

Exploring Overfitting Risks in Large Language Models

No content preview

Exploring macOS Calendar Alerts: Part 2 – Exfiltrating data (CVE-2020-3882)

No content preview

Exporting non-exportable RSA keys

No content preview

Exploring Verifiable Random Functions in Code

No content preview

External Enumeration and Exploitation of Email and Web Security Solutions

No content preview

Extending a Thinkst Canary to become an interactive honeypot

No content preview

Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record

No content preview

Extractor

No content preview

Extracting the Payload from a CVE-2014-1761 RTF Document

No content preview

Faux Disk Encryption: Realities of Secure Storage On Mobile Devices

No content preview

Fat-Finger

No content preview

Finding the weak link in binaries

No content preview

File Fuzzers

No content preview

Webinar – PCI Version 3.0: Are you ready?

No content preview

Firmware Rootkits: The Threat to the Enterprise

No content preview

Android-OpenDebug

No content preview

Android-KillPermAndSigChecks

No content preview

Climbing Mount Everest: Black-Byte Bytes Back?

No content preview

Improving Your Embedded Linux Security Posture With Yocto

No content preview ( 6 min )

Cisco ASA series part seven: Checkheaps

No content preview ( 30 min )

Celebrating NCC Con Europe 2018

No content preview ( 9 min )

ncccodenavi

No content preview

Medium Risk Vulnerability in Symantec Enterprise Security Management

No content preview ( 6 min )

Lumension Device Control Remote Memory Corruption

No content preview ( 6 min )

McAfee Email and Web Security Appliance Password hashes can be recovered from a system backup and easily cracked

No content preview ( 6 min )

Cisco ASA series part one: Intro to the Cisco ASA

No content preview

NX Server for Linux Arbitrary Files can be read with root privileges

No content preview

NCC Group Malware Technical Note

No content preview

Launching the first in our series of Research Insights

No content preview

HIDDEN COBRA Volgmer: A Technical Analysis

No content preview

NCC Con Europe 2022 – Pwn2Own Austin Presentations

No content preview

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign

No content preview

Application Layer Attacks – The New DDoS Battleground

No content preview

NCC Group Research at Black Hat USA 2022 and DEF CON 30

No content preview ( 11 min )

firstexecution

No content preview ( 6 min )

How cryptography is used to monitor the spread of COVID-19

No content preview ( 12 min )

Inter-Protocol Communication

No content preview ( 6 min )

Oracle Retail Invoice Manager SQL Injection

No content preview ( 6 min )

NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020

No content preview ( 8 min )

Technical Advisory: Shell Injection in MacVim mvim URI Handler

No content preview ( 7 min )

Public cloud

No content preview

Proxy Re-Encryption Protocol: IronCore Public Report

No content preview

Protecting stored cardholder data (an unofficial supplement to PCI DSS V3.0)

No content preview

Project Triforce: Run AFL on Everything!

No content preview

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 4: Architecture and Design

No content preview

The CIS Security Standard for Docker available now

No content preview

Private sector cyber resilience and the role of data diodes

No content preview

Premium Security Content Gateway

No content preview

Practical SME security on a shoestring

No content preview

Premium Practical Law Content Gateway(2)

No content preview

Practical Machine Learning for Random (Filename) Detection

No content preview ( 11 min )

Porting the Misfortune Cookie Exploit: A Look into Router Exploitation Using the TD-8817

No content preview

PhanTap (Phantom Tap): Making networks spookier one packet at a time

No content preview

Perfect Forward Security

No content preview

Premium Practical Law Content Gateway

No content preview

Post-quantum cryptography overview

No content preview

port-scan-automation

No content preview

Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails

No content preview

Pip3line

No content preview

Passive Decryption of Ethereum Peer-to-Peer Traffic

No content preview

Pairing over BLS12-381, Part 1: Fields

No content preview

OSX afpserver remote code execution

No content preview

Payment Card Industry Data Security Standard (PCI DSS) A Navigation and Explanation of Changes from v2.0 to v3.0

No content preview

Pairing over BLS12-381, Part 3: Pairing!

No content preview

Package Play

No content preview

OS X Lion USB Hub Class Descriptor Arbitrary Code Execution

No content preview

OS X 10.6.6 Camera Raw Library Memory Corruption

No content preview

Premium Content Gateway

No content preview

Passive Information Gathering – The Analysis of Leaked Network Security Information

No content preview

Padding the struct: How a compiler optimization can disclose stack memory

No content preview

Oracle Retail Integration Bus Manager Directory Traversal

No content preview

Oracle Passwords and OraBrute

No content preview

Password and brute-force mitigation policies

No content preview

Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin

No content preview

Oracle Forensics Part 4: Live Response

No content preview

Oracle Forensics Part 1: Dissecting the Redo Logs

No content preview

Oracle 11g TNS listener remote Null Pointer Dereference

No content preview

Optimum Routers: Researching Managed Routers

No content preview

osquery Application Security Assessment Public Report

No content preview

Oracle Gridengine sgepasswd Buffer Overflow

No content preview

Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing

No content preview

Non-Deterministic Nature of Prompt Injection

No content preview

New Attack Vectors and a Vulnerability Dissection of MS03-007

No content preview

On the Use of Pedersen Commitments for Confidential Payments

No content preview

Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT 2000 XP

No content preview

NIST Selects Post-Quantum Algorithms for Standardization

No content preview

New Sources of Microsoft Office Metadata – Tool Release MetadataPlus

No content preview

Nerve

No content preview

SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)

No content preview ( 51 min )

Non-flood/non-volumetric Distributed Denial of Service (DDoS)

No content preview

NCC Group’s Juan Garrido named to Microsoft’s MSRC Office Security Researcher Leaderboard

No content preview

Threat Profiling Microsoft SQL Server

No content preview

SnapMC skips ransomware, steals data

No content preview ( 10 min )

Tis the Season to Be…

No content preview ( 9 min )

Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark

No content preview ( 12 min )

Unveiling the Dark Side: A Deep Dive into Active Ransomware Families

No content preview ( 14 min )

The Development of a Telco Attack Testing Tool

No content preview ( 11 min )

Tool Update – ruby-trace: A Low-Level Tracer for Ruby

No content preview ( 10 min )

Android Malware Vultur Expands Its Wingspan

No content preview ( 23 min )

iSEC reviews SecureDrop

No content preview ( 7 min )

Technical Advisory: Multiple Vulnerabilities in TCPDF

No content preview ( 12 min )

Fake CAPTCHA led to LUMMA

Discover the social engineering behind fake CAPTCHA attacks. Learn how Lumma malware infects systems and what defenses can stop it. ( 9 min )

Mallory and Me: Setting up a Mobile Mallory Gateway

No content preview ( 12 min )

Writing FreeBSD Kernel Modules in Rust

No content preview ( 16 min )

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

No content preview ( 20 min )

Top of the Pops: Three common ransomware entry techniques

No content preview ( 9 min )

Avoiding Pitfalls Developing with Electron

No content preview ( 10 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 2: Going off on a Tangent – AI/ML Applications in Social Engineering

No content preview ( 14 min )

Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)

No content preview ( 20 min )

Cryptopals: Exploiting CBC Padding Oracles

No content preview ( 16 min )

A Census of Deployed Pulse Connect Secure (PCS) Versions

No content preview ( 9 min )

Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100

No content preview ( 12 min )

Writing Robust Yara Detection Rules for Heartbleed

No content preview ( 10 min )

Technical Advisory: Multiple Vulnerabilities in Kyocera Printers

No content preview ( 12 min )

How I did not get a shell

No content preview ( 16 min )

IG Learner Walkthrough

No content preview ( 14 min )

Writing Exploits for Win32 Systems from Scratch

No content preview ( 53 min )

SMB hash hijacking & user tracking in MS Outlook

Understand the mechanics behind SMB hash hijacking and user tracking in MS Outlook. Our advisory covers attack vectors, testing methods, and fixes. ( 12 min )

Machine Learning 102: Attacking Facial Authentication with Poisoned Data

No content preview ( 7 min )

Disabling Office Macros to Reduce Malware Infections

No content preview ( 8 min )

Technical advisory: Remote shell commands execution in ttyd

No content preview ( 9 min )

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion

No content preview ( 16 min )

A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented

No content preview ( 12 min )

Reverse engineering and decrypting CyberArk vault credential files

No content preview ( 10 min )

Detecting and Protecting when Remote Desktop Protocol (RDP) is open to the Internet

No content preview ( 13 min )

Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling

No content preview ( 17 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 9: Adventures with Expert Systems

No content preview ( 13 min )

Vulnerability Overview: Ghost (CVE-2015-0235)

No content preview ( 9 min )

Improving Software Security through C Language Standards

No content preview ( 11 min )

Detecting Mimikatz with Busylight

No content preview ( 10 min )

HITBAMS – Your Not so “Home” Office – Soho Hacking at Pwn2Own

No content preview ( 8 min )

Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777)

No content preview ( 9 min )

Hardware Security By Design: ESP32 Guidance

No content preview ( 18 min )

A Look At Some Real-World Obfuscation Techniques

No content preview ( 17 min )

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)

No content preview ( 26 min )

Detecting and Hunting for the PetitPotam NTLM Relay Attack

No content preview ( 8 min )

Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs

No content preview ( 10 min )

Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications

No content preview ( 14 min )

Handy guide to a new Fivehands ransomware variant

No content preview ( 12 min )

Windows Firewall Hook Enumeration

No content preview ( 16 min )

Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes

No content preview ( 17 min )

Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory

No content preview ( 10 min )

Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)

No content preview ( 24 min )

Log4Shell: Reconnaissance and post exploitation network detection

No content preview ( 17 min )

Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads

No content preview ( 11 min )

Real World Cryptography Conference 2024

No content preview ( 18 min )

Immortalising 20 Years of Epic Research

No content preview ( 42 min )

Technical Advisory: Multiple Vulnerabilities in Brother Printers

No content preview ( 9 min )

Puckungfu 2: Another NETGEAR WAN Command Injection

No content preview ( 13 min )

Shell Arithmetic Expansion and Evaluation Abuse

No content preview ( 10 min )

RM3 – Curiosities of the wildest banking malware

No content preview ( 33 min )

The Extended AWS Security Ramp-Up Guide

No content preview ( 13 min )

NETGEAR Routers: A Playground for Hackers?

No content preview ( 26 min )

Technical Advisory: Multiple Vulnerabilities in ManageEngine Desktop Central

No content preview ( 10 min )

RokRat Analysis

No content preview ( 11 min )

SIAM AG23: Algebraic Geometry with Friends

No content preview ( 17 min )

SAML XML Injection

No content preview ( 14 min )

StreamDivert: Relaying (specific) network connections

No content preview ( 9 min )

Technical Advisory: Adobe ColdFusion Object Deserialisation RCE

No content preview ( 8 min )

RIFT: Analysing a Lazarus Shellcode Execution Method

No content preview ( 9 min )

Technical Advisory: Multiple Vulnerabilities in HP Printers

No content preview ( 10 min )

Spectre and Meltdown: What you Need to Know

No content preview ( 11 min )

Ransomware: How vulnerable is your system?

No content preview ( 10 min )

Reviewing Verifiable Random Functions

No content preview ( 13 min )

Readable Thrift

No content preview ( 10 min )

Symantec Backup Exec 2012 – Linux Backup Agent Heap Overflow

No content preview ( 7 min )

Technical Advisory: Insufficient Proxyman HelperTool XPC Validation

No content preview ( 10 min )

Public Report – Android Cloud Backup/Restore

No content preview

TA505: A Brief History Of Their Time

No content preview ( 14 min )

Rust for Security and Correctness in the embedded world

No content preview ( 12 min )

Securing Google Cloud Platform – Ten best practices

No content preview ( 11 min )

Technical Advisory: Reflected Cross-Site Scripting (XSS) vulnerability in Jenkins Delivery Pipeline plugin

No content preview ( 8 min )

Smuggling HTA files in Internet Explorer/Edge

No content preview ( 10 min )

Shellshock Advisory

No content preview ( 9 min )

So long and thanks for all the 0day

No content preview ( 21 min )

Technical Advisory – SonicWall SMA 100 Series – Post-Authentication Remote Command Execution (CVE-2021-20044)

No content preview ( 8 min )

Technical Advisory: Multiple Vulnerabilities in Accellion File Transfer Appliance

No content preview ( 11 min )

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040)

No content preview ( 8 min )

There’s A Hole In Your SoC: Glitching The MediaTek BootROM

No content preview ( 18 min )

Technical Advisory – macOS Installer Local Root Privilege Escalation (CVE-2020-9817)

No content preview ( 11 min )

Technical advisory: “ROHNP”- key extraction side channel in multiple crypto libraries

No content preview ( 9 min )

The Sorry State of Aftermarket Head Unit Security

No content preview ( 16 min )

Testing Infrastructure-as-Code Using Dynamic Tooling

No content preview ( 10 min )

Technical Advisory: Mosquitto Broker DoS through a Memory Leak vulnerability

No content preview ( 9 min )

Tool Release – HTTPSignatures: A Burp Suite Extension Implementing HTTP Signatures

No content preview ( 11 min )

Tool Release – Ghostrings

No content preview ( 9 min )

Tool – Windows Executable Memory Page Delta Reporter

No content preview ( 8 min )

MeshyJSON: A TP-Link tdpServer JSON Stack Overflow

No content preview ( 30 min )

Pumping Iron on the Musl Heap – Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap

No content preview ( 32 min )

Public Report – Security Review of RSA Blind Signatures with Public Metadata

No content preview ( 6 min )

Tool Release: Introducing opinel: Scout2’s favorite tool

No content preview ( 8 min )

ProxMon

No content preview ( 6 min )

Tool Release – ScoutSuite 5.10

No content preview ( 7 min )

Tool Release: Blackbox iOS App Analysis with Introspy

No content preview ( 7 min )

Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques

Explore known XML-based attack methods including DTD abuse, schema exploits, and entity expansion vulnerabilities. ( 6 min )

Whitepaper – A Tour of Curve 25519 in Erlang

No content preview ( 6 min )

Public Report – Penumbra Labs Decaf377 Implementation and Poseidon Parameter Selection Review

No content preview ( 6 min )

Which database is more secure? Oracle vs. Microsoft

No content preview ( 6 min )

Tool Release: Code Query (cq)

No content preview ( 6 min )

Tool Release – ScoutSuite 5.11.0

No content preview ( 6 min )

Public Report: eBPF Verifier Code Review

No content preview ( 6 min )

Tool Release: Blackbox Android App Analysis with Introspy

No content preview ( 6 min )

Research Insights Volume 7: Exploitation Advancements

No content preview ( 6 min )

SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store

No content preview ( 13 min )

Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)

No content preview ( 11 min )

Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)

No content preview ( 15 min )

Salesforce Security with Remote Working

No content preview ( 12 min )

Symantec Message Filter Unauthenticated verbose software version information disclosure

No content preview

Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation

No content preview ( 16 min )

Vehicle Emissions and Cyber Security

No content preview ( 9 min )

Cisco ASA series part three: Debugging Cisco ASA firmware

Learn how to debug Cisco ASA firmware using GDB, memory dumps, and reverse engineering strategies. ( 16 min )

Reverse Engineering Coin Hunt World’s Binary Protocol

No content preview ( 28 min )

Technical Advisory: Multiple Vulnerabilities in Ricoh Printers

No content preview ( 14 min )

Demystifying Multivariate Cryptography

Discover how multivariate cryptography fits into the future of secure communications and what makes it unique among quantum-safe algorithms. ( 20 min )

Technical Advisory – Linux RDS Protocol Local Privilege Escalation

This advisory details how improper handling in the Linux RDS protocol can lead to local privilege escalation on affected systems. ( 9 min )

PMKID Attacks: Debunking the 802.11r Myth

No content preview ( 11 min )

Masquerade: You Downloaded ScreenConnect not Grok AI!

No content preview ( 9 min )

Dangers of Kubernetes IAM Integrations

No content preview ( 11 min )

Use and enforce Multi-Factor Authentication

No content preview ( 9 min )

Metastealer – filling the Racoon void

No content preview ( 10 min )

Using Semgrep with Jupyter Notebook files

No content preview ( 8 min )

Work daily with enforced MFA-protected API access

No content preview ( 8 min )

Tool Release – JWT-Reauth

No content preview ( 8 min )

Tool Release – Solitude: A privacy analysis tool

No content preview ( 8 min )

Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments

No content preview ( 11 min )

Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite

No content preview ( 9 min )

Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)

No content preview ( 11 min )

Xen SMEP (and SMAP) Bypass

No content preview ( 13 min )

Tool Release – Web3 Decoder Burp Suite Extension

No content preview ( 9 min )

Tool Release: Code Credential Scanner (ccs)

No content preview ( 7 min )

Turla PNG Dropper is back

No content preview ( 11 min )

eBPF Adventures: Fiddling with the Linux Kernel and Unix Domain Sockets

No content preview ( 56 min )

The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, 2nd Edition

No content preview ( 6 min )

Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks

Explore how HTTP Digest Authentication can mitigate modern web attacks like TLS renegotiation and request smuggling. ( 6 min )

Tool Release: SSLyze v0.8 released

No content preview ( 7 min )

Whatsupgold Premium Directory traversal

No content preview ( 6 min )

VoIP Security Methodology and Results

No content preview ( 6 min )

Matty McMattface: Security implications, mitigations & testing strategies for biometric facial recognition systems

No content preview ( 6 min )

Windows Remote Desktop Memory Corruption Leading to RCE on XPSP3

No content preview ( 7 min )

typofinder

No content preview ( 6 min )

NCC Group’s 2024 Annual Research Report

No content preview ( 7 min )

Windows 10 USB Mass Storage driver arbitrary code execution in kernel mode

No content preview ( 6 min )

Absolute Security

No content preview ( 6 min )

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs

No content preview ( 6 min )

Stepping Stones – A Red Team Activity Hub

No content preview ( 8 min )

Writing Secure ASP Scripts

No content preview ( 6 min )

A Rendezvous with System Management Interrupts

No content preview ( 9 min )

Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

No content preview ( 7 min )

TPM Genie

No content preview ( 7 min )

tybocer

No content preview ( 6 min )

whitebox

No content preview ( 6 min )

Trust in the New Internet Survey

No content preview ( 7 min )

Variations in Exploit methods between Linux and Windows

No content preview ( 7 min )

Tool Release: PeachFarmer

No content preview ( 7 min )

Exposing Vulnerabilities in Media Software

No content preview ( 6 min )

Technical Advisory: Code Execution by Unsafe Resource Handling in Multiple Microsoft Products

No content preview ( 8 min )

Public Report - Security Risks of AI Hardware for Personal and Edge Computing Devices

No content preview ( 6 min )

Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats

No content preview ( 9 min )

Unauthenticated XML eXternal Entity (XXE) vulnerability

No content preview ( 8 min )

Understanding Ransomware

No content preview ( 6 min )

Understanding Microsoft Word OLE Exploit Primitives: Exploiting CVE-2015-1642 Microsoft Office CTaskSymbol Use-After-Free Vulnerability

No content preview ( 6 min )

Violating Database – Enforced Security Mechanisms

No content preview ( 7 min )

iOS Application Security: The Definitive Guide for Hackers and Developers

No content preview ( 6 min )

USB keyboards by post – use of embedded keystroke injectors to bypass autorun restrictions on modern desktop operating systems

No content preview ( 6 min )

Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit

No content preview ( 6 min )

White Paper: Login Service Security

No content preview ( 6 min )

Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks

No content preview ( 9 min )

Weaknesses and Best Practices of Public Key Kerberos with Smart Cards

No content preview ( 6 min )

Tool Release: iOS Secure State Preservation

No content preview ( 7 min )

Weak Randomness Part I – Linear Congruential Random Number Generators

No content preview ( 6 min )

Technical Advisory: CyberArk EPM Non-paged Pool Buffer Overflow

No content preview ( 7 min )

Zulu

No content preview ( 6 min )

Applying normalised compression distance for architecture classification

No content preview ( 6 min )

Webinar: 4 Secrets to a Robust Incident Response Plan

No content preview ( 6 min )

Tool Release: You’ll Never (Ever) Take Me Alive!

No content preview ( 7 min )

Exploiting MS15-061 Use-After-Free Windows Kernel Vulnerability

No content preview ( 6 min )

Trusted Gateway

No content preview ( 6 min )

Tool Release: Redirecting traffic with dnsRedir.py

No content preview ( 7 min )

When a Trusted Site in Internet Explorer was Anything But

No content preview ( 9 min )

Windows DACL Enum Project

No content preview ( 6 min )

Tool Release: iOS SSL Kill Switch v0.5 Released

No content preview ( 8 min )

Whitepaper – Exploring the Security of KaiOS Mobile Applications

No content preview ( 6 min )

Windows 2000 Format String Vulnerabilities

No content preview ( 6 min )

Use of Deserialisation in .NET Framework Methods and Classes

No content preview ( 6 min )

WindowsJobLock

No content preview ( 6 min )

Technical Advisory: Stored and Reflected XSS Vulnerability in Nagios Log Server (CVE-2021-35478,CVE-2021-35479)

No content preview ( 7 min )

TPM Genie: Interposer Attacks Against the Trusted Platform Module Serial Bus

No content preview ( 6 min )

Working with the Open Technology Fund

No content preview ( 7 min )

Forensic Readiness in Container Environments

No content preview ( 9 min )

WSMap

No content preview ( 6 min )

ZigTools: An Open Source 802.15.4 Framework

No content preview ( 6 min )

Webinar: SMACK, SKIP-TLS & FREAK SSL/TLS vulnerabilities

No content preview ( 6 min )

Whitepaper – Practical Attacks on Machine Learning Systems

No content preview ( 6 min )

NCC Group WhitepaperUnderstanding and HardeningLinux ContainersJune 29, 2016 – Version 1.1

No content preview ( 6 min )

Autochrome

No content preview ( 6 min )

Public Report: WhatsApp Contacts Security Assessment

No content preview ( 6 min )

Windows Phone 7 Application Security Survey

No content preview ( 6 min )

Understanding and Hardening Linux Containers

No content preview ( 6 min )

Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes

No content preview ( 7 min )

vlan-hopping

No content preview ( 6 min )

Writing Small Shellcode

No content preview ( 6 min )

BlackHat USA 2024 - Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap

No content preview ( 8 min )

WSBang

No content preview ( 6 min )

Windows IPC Fuzzing Tools

No content preview ( 6 min )

Deception Engineering: exploring the use of Windows Service Canaries against ransomware

No content preview ( 8 min )

What the HEC? Security implications of HDMI Ethernet Channel and other related protocols

No content preview ( 6 min )

Welcome to the new NCC Group Global Research blog

No content preview ( 6 min )

Vulnerabilities Found In Geofencing Apps

No content preview ( 7 min )

Whitepaper: Perfect Forward Security

No content preview ( 7 min )

Popping Blisters for research: An overview of past payloads and exploring recent developments

No content preview ( 23 min )

Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures

No content preview ( 8 min )

Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)

No content preview ( 12 min )

Practical Considerations of Right-to-Repair Legislation

No content preview ( 17 min )

Phish Supper: An Incident Responder’s Bread and Butter

No content preview ( 10 min )

Autonomous AI Agents: A hidden Risk in Insecure smolagents “CodeAgent” Usage

No content preview ( 11 min )

Analysis of setting cookies for third party websites in different browsers

No content preview ( 9 min )

The Dark Side: How Threat Actors Leverage AnyDesk for Malicious Activities

No content preview ( 13 min )

Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application

No content preview ( 8 min )

ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again

No content preview ( 24 min )

Updated: Technical Advisory and Proofs of Concept – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)

No content preview ( 14 min )

Tracking a P2P network related to TA505

No content preview ( 15 min )

Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902

No content preview ( 10 min )

Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches

No content preview ( 19 min )

Testing Two-Factor Authentication

No content preview ( 21 min )

Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures

Discover how malicious signatures in Outlook can expose NetNTLM hashes and how to secure your environment. ( 12 min )

Compromising a Hospital Network for £118 (Plus Postage & Packaging)

This post reveals how a simulated attack demonstrated the ease of breaching hospital systems using basic resources. ( 13 min )

Nameless and shameless: Ransomware Encryption via BitLocker

No content preview ( 14 min )

Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)

No content preview ( 7 min )

Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks

No content preview ( 9 min )

Car Parking Apps Vulnerable To Hacks

No content preview ( 13 min )

Remote Exploitation of Microsoft Office DLL Hijacking (MS15-132) via Browsers

No content preview ( 10 min )

Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)

No content preview ( 7 min )

Some Notes About the Xen XSA-122 Bug

No content preview ( 11 min )

Replicating CVEs with KLEE

No content preview ( 10 min )

Retro Gaming Vulnerability Research: Warcraft 2

No content preview ( 17 min )

Sysinternals SDelete: When Secure Delete Fails

No content preview ( 11 min )

Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)

No content preview ( 8 min )

Technical advisory: CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers

No content preview ( 8 min )

Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond

No content preview ( 7 min )

Sharkbot is back in Google Play

No content preview ( 11 min )

Technical Advisory – Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969)

No content preview ( 9 min )

The Future of C Code Review

No content preview ( 6 min )

Real World Cryptography Conference 2022

No content preview ( 25 min )

Technical Advisory – ExpressLRS vulnerabilities allow for hijack of control link

No content preview ( 8 min )

Research Paper – Machine Learning for Static Malware Analysis, with University College London

No content preview ( 10 min )

SysAid Helpdesk Pro – Blind SQL Injection

No content preview ( 7 min )

Security Considerations of zk-SNARK Parameter Multi-Party Computation

No content preview ( 16 min )

Rigging the Vote: Uniqueness in Verifiable Random Functions

No content preview ( 11 min )

Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)

No content preview ( 10 min )

The Update Framework (TUF) Security Assessment

No content preview ( 6 min )

Story of a Hundred Vulnerable Jenkins Plugins

No content preview ( 13 min )

tcpprox

No content preview ( 6 min )

SSL checklist for pentesters

No content preview ( 6 min )

Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)

No content preview ( 9 min )

Puckungfu: A NETGEAR WAN Command Injection

No content preview ( 12 min )

Ricochet Security Assessment Public Report

No content preview ( 6 min )

Public Report – AWS Nitro System API & Security Claims French

No content preview ( 6 min )

Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns

No content preview ( 15 min )

SCOMplicated? – Decrypting SCOM “RunAs” credentials

No content preview ( 9 min )

Technical Advisory – KwikTag Web Admin Authentication Bypass

No content preview ( 8 min )

Ransomware: what organisations can do to survive

No content preview ( 6 min )

Symantec Messaging Gateway SSH with backdoor user account + privilege escalation to root due to very old Kernel

No content preview ( 8 min )

Threat Spotlight – Hydra

No content preview ( 12 min )

Real World Cryptography Conference 2021: A Virtual Experience

No content preview ( 14 min )

Technical Advisory: Authentication rule bypass

No content preview ( 8 min )

Technical Advisory – FUJITSU CentricStor Control Center <= V8.1 – Unauthenticated Command Injection ( CVE-2022-31794 and CVE-2022-31795)

No content preview ( 8 min )

SecureCisco

No content preview ( 6 min )

Public Report – Zcash Zebra Security Assessment

No content preview ( 6 min )

Samba _netr_ServerPasswordSet Expoitability Analysis

No content preview ( 10 min )

Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities

No content preview ( 14 min )

The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations

No content preview ( 8 min )

Sakula: an adventure in DLL planting

No content preview ( 8 min )

Singularity of Origin

No content preview ( 6 min )

Research Report – Zephyr and MCUboot Security Assessment

No content preview ( 7 min )

The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses

No content preview ( 12 min )

Symantec Messaging Gateway – Addition of a backdoor adminstrator via CSRF

No content preview ( 6 min )

Technical Advisory: Gaining root access on Sumpple S610 IP Camera via Telnet; and Unprotected client and server data transmission between Android and IOS clients

No content preview ( 9 min )

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access

No content preview ( 10 min )

Ruling the rules

No content preview ( 11 min )

Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability

No content preview ( 14 min )

Technical Advisory: Unauthenticated SQL Injection in Lansweeper

No content preview ( 7 min )

SSLyze v0.7 Released

No content preview ( 6 min )

Research Insights Volume 6: Common Issues with Environment Breakouts

No content preview ( 6 min )

Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)

No content preview ( 9 min )

TANDBERG Video Communication Server Arbitrary File Retrieval

No content preview ( 7 min )

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Arbitrary File Deletion

No content preview ( 9 min )

Technical Advisory – Jitsi Meet Electron – Arbitrary Client Remote Code Execution (CVE-2020-27162)

No content preview ( 8 min )

Testing HTTP/2 only web services

No content preview ( 13 min )

Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)

No content preview ( 10 min )

Some Musings on Common (eBPF) Linux Tracing Bugs

No content preview ( 18 min )

Securing PL/SQL Applications with DBMS_ASSERT

No content preview ( 6 min )

Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery

No content preview ( 8 min )

Spectre on a Television

No content preview ( 13 min )

Technical Advisory: Multiple Vulnerabilities in MailEnable

No content preview ( 8 min )

Research Insights Volume 4 – Sector Focus: Maritime Sector

No content preview ( 6 min )

Symantec Message Filter Session Hijacking via session

No content preview ( 6 min )

Symantec Messaging Gateway – Out of band stored XSS via email

No content preview ( 6 min )

Technical Advisory – Linksys WRT160NL – Authenticated Remote Buffer Overflow (CVE-2020-26561)

No content preview ( 7 min )

Technical Advisory: Authentication Bypass in libSSH

No content preview ( 9 min )

Secure Application Development on Facebook

No content preview ( 6 min )

Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks

No content preview ( 9 min )

Public Report – AWS Nitro System API & Security Claims Italian

No content preview ( 6 min )

Supply Chain Security Begins with Secure Software Development

No content preview ( 13 min )

Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)

No content preview ( 8 min )

Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)

No content preview ( 7 min )

Setting a New Standard for Kubernetes Deployments

No content preview ( 8 min )

Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)

No content preview ( 7 min )

Secure Messaging for Normal People

No content preview ( 6 min )

RtspFuzzer

No content preview ( 6 min )

Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup

No content preview ( 7 min )

Tool Release – ICPin, an integrity-check and anti-debug detection pintool

No content preview ( 7 min )

Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)

No content preview ( 10 min )

They Ought to Know Better: Exploiting Security Gateways via their Web Interfaces

No content preview ( 6 min )

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS

No content preview ( 8 min )

Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera

No content preview ( 7 min )

Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)

No content preview ( 8 min )

The Paillier Cryptosystem with Applications to Threshold ECDSA

No content preview ( 20 min )

Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy

No content preview ( 8 min )

Public Report – AWS Nitro System API & Security Claims

No content preview ( 6 min )

Real World Cryptography Conference 2023 – Part I

No content preview ( 15 min )

Rise of the machines: Machine Learning & its cyber security applications

No content preview ( 6 min )

Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)

No content preview ( 8 min )

SOC maturity & capability

No content preview ( 6 min )

Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)

No content preview ( 8 min )

SysAid Helpdesk blind SQL injection

No content preview ( 6 min )

Software-Based Fault Injection Countermeasures (Part 2/3)

No content preview ( 19 min )

Symantec Backup Exec 2012 – Persistent XSS Vulnerability Affecting Custom Reports

No content preview ( 7 min )

Symantec Backup Exec 2012 – OS version and service pack information leak

No content preview ( 7 min )

Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption

No content preview ( 10 min )

Technical Advisory: Multiple Vulnerabilities in Lexmark Printers

No content preview ( 13 min )

Symantec Messaging Gateway – Unauthenticated detailed version disclosure

No content preview ( 6 min )

Technical Advisory – Authenticated SQL Injection in SOAP Request in Broadcom CA Network Flow Analysis (CVE-2021-44050)

No content preview ( 7 min )

The Myth of Twelve More Bytes: Security on the Post-Scarcity Internet

No content preview ( 6 min )

Technical Advisory – SonicWall SMA 100 Series – Multiple Unauthenticated Heap-based and Stack-based Buffer Overflow (CVE-2021-20045)

No content preview ( 8 min )

Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks

No content preview ( 9 min )

Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)

No content preview ( 8 min )

Technical Advisory: Nexpose Hard‐coded Java Key Store Passphrase Allows Decryption of Stored Credentials

No content preview ( 8 min )

Technical Advisory – Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)

No content preview ( 7 min )

Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call

No content preview ( 8 min )

Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)

No content preview ( 9 min )

Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043)

No content preview ( 7 min )

Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)

No content preview ( 7 min )

The Challenges of Fuzzing 5G Protocols

No content preview ( 16 min )

Threats and vulnerabilities within the Maritime and shipping sectors

No content preview ( 6 min )

The economics of defensive security

No content preview ( 6 min )

Threat Modelling Cloud Platform Services by Example: Google Cloud Storage

No content preview ( 19 min )

The role of security research in improving cyber security

No content preview ( 6 min )

Time Trial: Racing Towards Practical Remote Timing Attacks

No content preview ( 6 min )

Toner Deaf – Printing your next persistence (Hexacon 2022)

No content preview ( 7 min )

Tool Release – Collaborator++

No content preview ( 8 min )

CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 2

No content preview ( 28 min )

Defeating Windows DEP With A Custom ROP Chain

No content preview ( 27 min )

Rustproofing Linux (Part 1/4 Leaking Addresses)

No content preview ( 13 min )

Conference Talks – August 2020

Explore NCC Group’s August 2020 conference talks featuring cybersecurity research, insights, and industry trends. ( 11 min )

Back in Black: Unlocking a LockBit 3.0 Ransomware Attack

No content preview ( 11 min )

BrokenPrint: A Netgear stack overflow

No content preview ( 21 min )

Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353)

No content preview ( 24 min )

Announcing the Cryptopals Guided Tour Video 17: Padding Oracles!

No content preview ( 9 min )

Blue Coat BCAAA Remote Code Execution Vulnerability

No content preview ( 7 min )

The Next C Language Standard (C23)

No content preview ( 8 min )

Decoder Improved Burp Suite plugin release part two

No content preview ( 9 min )

Machine Learning 101: The Integrity of Image (Mis)Classification?

No content preview ( 7 min )

Adventures in the land of BumbleBee – a new malicious loader

No content preview ( 11 min )

CVE-2018-8611 Exploiting Windows KTM Part 3/5 – Triggering the race condition and debugging tricks

No content preview ( 24 min )

Security Code Review With ChatGPT

Security Code Review With ChatGPT ( 22 min )

North Korea’s Lazarus: their initial access trade-craft using social media and social engineering

No content preview ( 10 min )

Technical Advisory – Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284)

No content preview ( 11 min )

Rustproofing Linux (Part 3/4 Integer Overflows)

No content preview ( 10 min )

In-Depth Technical Analysis of the Bybit Hack

No content preview ( 15 min )

Security Tips For Your AI Cloud Infrastructure

No content preview ( 10 min )

Technical Advisory: Xiaomi 13 Pro Code Execution via GetApps DOM Cross-Site Scripting (XSS)

No content preview ( 12 min )

Technical Advisory – Hash Denial-of-Service Attack in Multiple QUIC Implementations

No content preview ( 13 min )

Pairing over BLS12-381, Part 2: Curves

A technical look at the curve foundations of BLS12-381 and their importance in pairing-based cryptography. ( 14 min )

Shining the Light on Black Basta

No content preview ( 12 min )

CVE-2018-8611 Exploiting Windows KTM Part 2/5 – Patch analysis and basic triggering

No content preview ( 30 min )

Sifting through the spines: identifying (potential) Cactus ransomware victims

No content preview ( 11 min )

Technical Advisory: Cross-Site Scripting in Umbraco Rich Text Display

No content preview ( 9 min )

Real World Cryptography Conference 2023 – Part II

No content preview ( 13 min )

Stepping Insyde System Management Mode

No content preview ( 17 min )

5 MCP Security Tips

No content preview ( 11 min )

There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities

No content preview ( 19 min )

Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets

No content preview ( 16 min )

Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)

No content preview ( 9 min )

CVE-2018-8611 Exploiting Windows KTM Part 5/5 – Vulnerability detection and a better read/write primitive

No content preview ( 26 min )

A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM

No content preview ( 9 min )

Analyzing Secure AI Design Principles

No content preview ( 17 min )

Defending Your Directory: An Expert Guide to Combating Kerberoasting in Active Directory

No content preview ( 11 min )

Analyzing Secure AI Architectures

No content preview ( 15 min )

Reverse, Reveal, Recover: Windows Defender Quarantine Forensics

No content preview ( 21 min )

Constant-Time Data Processing At a Secret Offset, Privacy and QUIC

No content preview ( 21 min )

Weak Passwords Led to (SafePay) Ransomware…Yet Again

No content preview ( 12 min )

EAP-TLS: The most secure option?

No content preview ( 14 min )

NCC Group’s Exploit Development Capability: Why and What

No content preview ( 9 min )

Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328, CVE-2022-30329)

No content preview ( 10 min )

Past, Present and Future of Effective C

No content preview ( 14 min )

Crave the Data: Statistics from 1,300 Phishing Campaigns

Explore key trends, tactics, and statistics from over 1,300 phishing campaigns analyzed by NCC Group’s experts. ( 9 min )

HTTP to MCP Bridge

No content preview ( 9 min )

Conference Talks – March 2020

No content preview ( 8 min )

Tool Release – insject: A Linux Namespace Injector

No content preview ( 12 min )

An Engineer’s View: Operational Technology

No content preview ( 16 min )

Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)

No content preview ( 10 min )

A Primer On Slowable Encoders

No content preview ( 12 min )

Visualising Firewall Rulesets – Simplifying Firewall Administration and Spotting the Pivot Point

Explore techniques for visualising firewall rules to detect pivot points and prevent lateral movement in networks. ( 9 min )

Finding and Exploiting .NET Remoting over HTTP using Deserialisation

No content preview ( 12 min )

Technical Advisory: Bypassing Workflows Protection Mechanisms – Remote Code Execution on SharePoint

No content preview ( 8 min )

TANDBERG Video Communication Server Authentication Bypass

Explore how a critical flaw in Tandberg’s Video Communication Server could allow attackers to bypass authentication and gain unauthorized access. ( 9 min )

RSA Conference – Mobile Threat War Room

No content preview ( 6 min )

Thin Clients: Slim Security

No content preview ( 6 min )

SAML Pummel

No content preview ( 6 min )

Technical Advisory – Shop app sends pasteboard data to Shopify’s servers

No content preview ( 7 min )

The Phishing Guide: Understanding & Preventing Phishing Attacks

No content preview ( 6 min )

Public Report – Zcash NU5 Cryptography Review

No content preview ( 6 min )

Technical Advisory: Intel Driver Support & Assistance – Local Privilege Escalation

No content preview ( 9 min )

The Automotive Threat Modeling Template

No content preview ( 8 min )

Research Insights Volume 8 – Hardware Design: FPGA Security Risks

No content preview ( 6 min )

RIFT: Detection capabilities for recent F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986

No content preview ( 11 min )

Secure Device Manufacturing: Supply Chain Security Resilience

No content preview ( 6 min )

Public Report – Entropy/Rust Cryptography Review

No content preview ( 6 min )

Symantec Backup Exec 2012 – Backup Exec Utility Stored XSS when adding Groups, Servers and Computers

No content preview ( 7 min )

Public Report – WhatsApp opaque-ke Cryptographic Implementation Review

No content preview ( 6 min )

The Demise of Signature Based Antivirus

No content preview ( 6 min )

A brief look at Windows telemetry: CIT aka Customer Interaction Tracker

A brief look at Windows telemetry: CIT aka Customer Interaction Tracker ( 24 min )

NCC Group’s 2021 Annual Research Report

Explore key findings from over 237 publications and tools released. Discover trends in cloud security, and vulnerability research. ( 72 min )

Public Report – Caliptra Security Assessment

No content preview ( 7 min )

Social Engineering

No content preview ( 6 min )

CERT C Secure Coding Standard

No content preview ( 6 min )

pySimReader

No content preview ( 6 min )

Technical Advisory – Jitsi Meet Electron – Limited Certificate Validation Bypass (CVE-2020-27161)

No content preview ( 7 min )

Tool Release: SSLyze v 0.9 released – Heartbleed edition

No content preview ( 7 min )

Xendbg: A Full-Featured Debugger for the Xen Hypervisor

No content preview ( 7 min )

HDMI – Hacking Displays Made Interesting

Learn how HDMI vulnerabilities can be exploited to control or disrupt display outputs in surprising ways. ( 6 min )

Tool Release: Calculating SQL Permissions

No content preview ( 7 min )

Announcing the Cryptopals Guided Tour Video 18: Implement CTR

No content preview ( 8 min )

Technical Advisory – Bomgar Remote Support – Local Privilege Escalation

Explore how a flaw in Bomgar Remote Support could allow local users to escalate privileges and compromise system security. ( 8 min )

Tool: WStalker – an easy proxy to support Web API assessments

No content preview ( 8 min )

Tool Release: SSL pinning bypass and other Android tools

No content preview ( 6 min )

Understanding cyber risk management vs uncertainty with confidence in 2017

No content preview ( 6 min )

Windows DACLs & Why There Is Still Room for Interest

No content preview ( 7 min )

Trust in the Internet Survey

No content preview ( 6 min )

Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches

No content preview ( 8 min )

USB under the bonnet: Implications of USB security vulnerabilities in vehicle systems

No content preview ( 6 min )

White Paper: Browser Extension Password Managers

No content preview ( 7 min )

Tool Release: Exploring SSL Pinning on iOS

No content preview ( 8 min )

Tool Release: Announcing the Release of RtspFuzzer

No content preview ( 8 min )

Tool Release – Monkey365

No content preview ( 7 min )

Tool Release – Principal Mapper v1.1.0 Update

No content preview ( 7 min )

Tool Release – ScoutSuite 5.8.0

No content preview ( 6 min )

Using graph databases to assess the security of thingernets based on the thingabilities and thingertivity of things

No content preview ( 6 min )

Tool Release: Cartographer

No content preview ( 9 min )

Threat Actors: exploiting the pandemic

No content preview ( 8 min )

Tool Release – ScoutSuite 5.13.0

No content preview ( 7 min )

Tool Release – Socks Over RDP

No content preview ( 8 min )

Tool Release: A Simple DLL Injection Utility

No content preview ( 6 min )

Tool Release – ScoutSuite 5.9.0

No content preview ( 7 min )

Tool Release – Socks Over RDP Now Works With Citrix

No content preview ( 7 min )

umap

No content preview ( 6 min )

Tool Release: DIBF Tool Suite

No content preview ( 7 min )

Public Report – Coda Cryptographic Review

No content preview ( 6 min )

Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review

No content preview ( 6 min )

Public Report – BLST Cryptographic Implementation Review

No content preview ( 6 min )

Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis

No content preview ( 6 min )

Public Report – Confidential Space Security Review

No content preview ( 6 min )

Public Report – Dell Secured Component Verification

No content preview ( 7 min )

Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review

No content preview ( 7 min )

Public Report – go-cose Security Assessment

No content preview ( 6 min )

Public Report – Google Enterprise API Security Assessment

No content preview ( 6 min )

Public Report – Google Privacy Sandbox Aggregation Service and Coordinator

No content preview ( 7 min )

Public Report – IOV Labs powHSM Security Assessment

No content preview ( 6 min )

Public Report – Keyfork Implementation Review

No content preview ( 6 min )

Public Report – Matrix Olm Cryptographic Review

No content preview ( 6 min )

Public Report – Kubernetes 1.24 Security Audit

No content preview ( 6 min )

Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review

No content preview ( 6 min )

Public Report – Penumbra Labs R1CS Implementation Review

No content preview ( 6 min )

Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit

No content preview ( 6 min )

Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review

No content preview ( 6 min )

Public Report – Qredo Apache Milagro MPC Cryptographic Assessment

No content preview ( 6 min )

Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review

No content preview ( 6 min )

Public Report – Threshold ECDSA Cryptography Review

No content preview ( 6 min )

Public Report – VPN by Google One Security Assessment

No content preview ( 6 min )

Windows remote desktop memory corruptoin leading to RCE on XPSP3

No content preview ( 6 min )

White Paper: An Introduction to Authenticated Encryption

No content preview ( 7 min )

Chrome Password Manager Cross Origin Weakness

Explore how a cross-origin flaw in Chrome’s password manager could allow attackers to steal credentials via embedded content. ( 8 min )

U plug, we play

No content preview ( 6 min )

Technical Advisory: Command Injection

No content preview ( 7 min )

Understanding Microsoft Word OLE Exploit Primitives

No content preview ( 6 min )

iSEC’s Analysis of Microsoft’s SDL and its ROI

No content preview ( 6 min )

Tool Release: tcpprox

No content preview ( 6 min )

OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel

No content preview ( 7 min )

USB attacks need physical access right? Not any more…

No content preview ( 6 min )

YoNTMA

No content preview ( 6 min )

Understanding the insider threat & how to mitigate it

No content preview ( 6 min )

An Introduction to Authenticated Encryption

No content preview ( 6 min )

When Security Gets in the Way: PenTesting Mobile Apps That Use Certificate Pinning

No content preview ( 6 min )

WebRATS

No content preview ( 6 min )

Windows USB RNDIS driver kernel pool overflow

No content preview ( 6 min )

USB Undermining Security Barriers:further adventures with USB

No content preview ( 6 min )

Whitepaper – Project Triforce: Run AFL On Everything (2017)

No content preview ( 7 min )

Quantum Cryptography – A Study Into Present Technologies and Future Applications

No content preview ( 6 min )

Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions 2013

No content preview ( 6 min )

Remote Directory Traversal and File Retrieval

Learn how improper input validation can lead to unauthorized file access and data leakage in vulnerable applications. ( 8 min )

Whitepaper: Recognizing and Preventing TOCTOU

No content preview ( 7 min )

Public Report: XMTP MLS Implementation Review

No content preview ( 6 min )

scenester

No content preview ( 6 min )

The Pharming Guide – Understanding and preventing DNS related attacks by phishers

No content preview ( 6 min )

Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review

No content preview ( 6 min )

SysAid Helpdesk stored XSS

No content preview ( 6 min )

Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)

No content preview ( 7 min )

White Paper: Cryptopocalypse Reference Paper

No content preview ( 7 min )

Whitepaper – Double Fetch Vulnerabilities in C and C++

No content preview ( 6 min )

The Browser Hacker’s Handbook

No content preview ( 6 min )

Research Insights Volume 9 – Modern Security Vulnerability Discovery

No content preview ( 6 min )

Security Best Practice: Host Naming & URL Conventions

No content preview ( 6 min )

Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions

No content preview ( 6 min )

Sobelow Update

No content preview ( 7 min )

Threat Intelligence: Benefits for the Enterprise

No content preview ( 7 min )

Secure Device Provisioning Best Practices: Heavy Truck Edition

No content preview ( 6 min )

RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence

No content preview ( 8 min )

The SSL Conservatory

No content preview ( 6 min )

Ruxcon 2013 – Introspy Presentation Slides

No content preview ( 6 min )

Public Report – VPN by Google One: Technical Security & Privacy Assessment

No content preview ( 6 min )

Shellshock Bash Vulnerability

No content preview ( 8 min )

Technical Advisory – ICTFAX 7-4 – Indirect Object Reference

No content preview ( 7 min )

Public Report – Zcash FROST Security Assessment

No content preview ( 6 min )

Solaris 11 USB Hub Class descriptor kernel stack overflow

No content preview ( 8 min )

Zcash Overwinter Consensus and Sapling Cryptography Review

No content preview ( 6 min )

Public Report – Zendoo Proof Verifier Cryptography Review

No content preview ( 6 min )

Scenester – A Small Tool for Cross-Platform Web Application

No content preview ( 7 min )

The Importance of a Cryptographic Review

No content preview ( 6 min )

Research Insights Volume 5 – Sector Focus: Automotive

No content preview ( 6 min )

Symantec Messaging Gateway – Authenticated arbritary file download

No content preview ( 6 min )

SSLyze v0.8

No content preview ( 6 min )

Securing Teradata Database

No content preview ( 8 min )

Python Class Informer: an IDAPython plugin for viewing run-time type information (RTTI)

No content preview ( 6 min )

SecureCookies

No content preview ( 6 min )

Symantec Messaging Gateway – Unauthorised SSH access

No content preview ( 6 min )

Public Report – Solana Program Library ZK-Token Security Assessment

No content preview ( 6 min )

Shocker

No content preview ( 6 min )

SecureIE.ActiveX

No content preview ( 6 min )

Secure Session Management With Cookies for Web Applications

No content preview ( 6 min )

Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment

No content preview ( 6 min )

Spy-Pi: Do you trust your laptop docking stations?

No content preview ( 7 min )

Public Report: Aleo snarkOS Implementation and Consensus Mechanism Review

No content preview ( 6 min )

Security First Umbrella

No content preview ( 6 min )

Research Insights Volume 3 – How are we breaking in: Mobile Security

No content preview ( 6 min )

Public Report – AWS Nitro System API & Security Claims German

No content preview ( 6 min )

Public Report – AWS Nitro System API & Security Claims Spanish

No content preview ( 6 min )

Tales of Windows detection opportunities for an implant framework

No content preview ( 6 min )

Symantec Messaging Gateway Out of band stored XSS delivered by email

No content preview ( 7 min )

SysPWN – VR for Pwn2Own

No content preview ( 6 min )

Research Insights Volume 2 – Defensive Trends

No content preview ( 6 min )

Ragweed

No content preview ( 6 min )

Public Report – Aleo snarkVM Implementation Review

No content preview ( 6 min )

State-of-the-art email risk

No content preview ( 6 min )

Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator (for example)

No content preview ( 7 min )

Second-Order Code Injection Attacks

No content preview ( 6 min )

SecureBigIP

No content preview ( 6 min )

Return of the hidden number problem

No content preview ( 6 min )

Securing the continuous integration process

No content preview ( 6 min )

Security of Things: An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond

No content preview ( 6 min )

Symantec PC Anywhere Remote Code Extecution

No content preview ( 6 min )

Solaris 11 USB hubclass

No content preview ( 6 min )

Readable Thrift (1)

No content preview ( 6 min )

Research Insights Volume 1 – Sector Focus: Financial Services

No content preview ( 6 min )

Technical Advisory – play-pac4j Authentication rule bypass

No content preview ( 8 min )

Squiz CMS File Path Traversal

No content preview ( 7 min )

Sniffle: A Sniffer for Bluetooth 5

No content preview ( 7 min )

Sobelow: Static analysis for the Phoenix Framework

No content preview ( 6 min )

Technical Advisory: Citrix Workspace / Receiver Remote Code Execution Vulnerability

No content preview ( 7 min )

Third party assurance

No content preview ( 6 min )

To dock or not to dock, that is the question: Using laptop docking stations as hardware-based attack platforms

No content preview ( 6 min )

Technical Advisory: Pulse Connect Secure – Arbitrary File Read via Logon Message (CVE-2020-8255)

No content preview ( 7 min )

The death of USB autorun and the rise of the USB keyboard

No content preview ( 7 min )

Symantec Backup Exec 2012 Backup/Restore Data Traverses Memory with Weak ACLs

No content preview ( 6 min )

Samba on the BlackBerry PlayBook

No content preview ( 6 min )

Slotting Security into Corporate Development

No content preview ( 7 min )

The L4m3ne55 of Passw0rds: Notes from the field

No content preview ( 6 min )

The Pentesters Guide to Akamai

No content preview ( 6 min )

The facts about BadUSB

No content preview ( 8 min )

The disadvantages of a blacklist-based approach to input validation

No content preview ( 6 min )

Software Security Austerity Security Debt in Modern Software Development

No content preview ( 6 min )

Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)

No content preview ( 8 min )

Stopping Automated Attack Tools

No content preview ( 6 min )

Technical Advisory: Adobe ColdFusion RMI Registry.bind() Deserialisation RCE

No content preview ( 8 min )

Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)

No content preview ( 7 min )

Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)

No content preview ( 8 min )

The factoring dead: Preparing for the cryptopocalypse

No content preview ( 6 min )

TLSPretense — SSL/TLS Client Testing Framework

No content preview ( 6 min )

Tool Release: YoNTMA

No content preview ( 7 min )

Building Systems from Commercial Components

No content preview ( 6 min )

Zcash Cryptography and Code Review

No content preview ( 6 min )

Nagios XI Network Monitor – Stored and Reflective XSS

No content preview ( 7 min )

Secure Coding Rules for Java LiveLessons, Part 1

No content preview ( 6 min )

Xen HYPERVISOR_xen_version stack memory revelation

No content preview ( 6 min )

WSSiP: A Websocket Manipulation Proxy

No content preview ( 6 min )

Oracle E-Business Suite Pre-Auth SQLi with DBA Privileges

NCC Group breaks down a serious Oracle EBS vulnerability that allows unauthenticated users to execute privileged SQL commands. ( 7 min )

Technical Advisory: Mitel MiVoice 5330e Memory Corruption Flaw

No content preview ( 7 min )

Auditing K3s Clusters

No content preview ( 8 min )

Secure Coding in C and C++

No content preview ( 6 min )

Treat your points as cash

No content preview ( 10 min )

Understanding Ransomware: Impact, Evolution and Defensive Strategies

No content preview ( 6 min )

NCC Group Connected Health Whitepaper July 2019

No content preview ( 7 min )

Tool Release: Magisk Module – Conscrypt Trust User Certs

No content preview ( 8 min )

Nine years of bugs at NCC Group

No content preview ( 6 min )

Technical Advisory: Unauthenticated Remote Command Execution through Multiple Vulnerabilities in Virgin Media Hub 3.0

No content preview ( 8 min )

Hackproofing Lotus Domino Web Server

Hackproofing Lotus Domino Web Server ( 6 min )

The Mobile Application Hacker’s Handbook

No content preview ( 6 min )

On Almost Signing Android Builds

No content preview ( 8 min )

HTML5 Security The Modern Web Browser Perspective

No content preview ( 6 min )

Denial of Service in Parsing a URL by ierutil.dll

No content preview ( 6 min )

Advanced SQL Injection in SQL Server Applications

Advanced SQL Injection in SQL Server Applications ( 6 min )

Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices

No content preview ( 6 min )

Tor Browser Research Report Released

No content preview ( 8 min )

AWS Inventory: A tool for mapping AWS resources

No content preview ( 6 min )

Virtual Access Monitor Multiple SQL Injection Vulnerabilities

No content preview ( 6 min )

Discovering Smart Contract Vulnerabilities with GOATCasino

No content preview ( 9 min )

Social Engineering Penetration Testing

No content preview ( 6 min )

44CON - Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own Automotive 2024

No content preview ( 7 min )

Insomnihack - Pioneering Zero Days at Pwn2Own Automotive 2024

No content preview ( 7 min )

SQL Server Security

No content preview ( 6 min )

VeChain JavaScript SDK Cryptography and Security Review

No content preview ( 6 min )

Potential false redirection of web site content in Internet in SAP NetWeaver web applications

No content preview ( 6 min )

Technical Advisory: SMB Hash Hijacking and User Tracking in MS Outlook

No content preview ( 7 min )

Auditing Enterprise Class Applications and Secure Containers on Android

No content preview ( 6 min )

Aurora Response Recommendations

No content preview ( 6 min )

Local network compromise despite good patching

No content preview ( 7 min )

Developing Secure Mobile Applications for Android

No content preview ( 6 min )

Jenkins Plugins and Core Technical Summary Advisory

No content preview ( 8 min )

How organisations can properly configure SSL services to ensure the integrity and confidentiality of data in transit

No content preview ( 7 min )

xcavator

No content preview ( 6 min )

Security Compliance as an Engineering Discipline

No content preview ( 6 min )

Secure Coding in C and C++, 2nd Edition

No content preview ( 6 min )

Whitepaper: CA Alternative

No content preview ( 7 min )

Technical Advisory: IP Office Stored Cross Site Scripting (XSS) Vulnerability

No content preview ( 7 min )

RomHack – Revving Up: The Journey to Pwn2Own Automotive 2024

No content preview ( 7 min )

iSEC Completes TrueCrypt Audit

No content preview ( 8 min )

Exploring DeepFake Capabilities & Mitigation Strategies with University College London

Discover how NCC Group and University College London are researching deepfake technology and developing strategies to detect and mitigate its risks. ( 8 min )

CERT Oracle Secure Coding Standard for Java

No content preview ( 6 min )

NCLoader

No content preview ( 7 min )

Chainspotting 2: The Unofficial Sequel to the 2018 Talk "Chainspotting" - OffensiveCon 2025

No content preview ( 6 min )

E-mail Spoofing and CDONTS.NEWMAIL

E-mail Spoofing and CDONTS.NEWMAIL ( 6 min )

Detecting and Hunting for the Malicious NetFilter Driver

Explore methods to identify and mitigate threats from the malicious Netfilter driver targeting Windows environments. ( 8 min )

On the malicious use of large language models like GPT-3

Explore how attackers misuse LLMs like GPT-3 for phishing, malware, and social engineering—and ways to mitigate these risks. ( 31 min )

Technical Advisory: Shell Injection in SourceTree

No content preview ( 7 min )

Samba Andx Request Remote Code Execution

No content preview ( 6 min )

Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling (1)

No content preview ( 17 min )

A Brief Review of Bitcoin Locking Scripts and Ordinals

No content preview ( 16 min )

Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)

No content preview ( 18 min )

Tool Release – Enumerating Docker Registries with go-pillage-registries

No content preview ( 8 min )

Comparing AI Against Traditional Static Analysis Tools to Highlight Buffer Overflows

No content preview ( 12 min )

Analyzing AI Application Threat Models

No content preview ( 25 min )

Lights, Camera, HACKED! An insight into the world of popular IP Cameras

No content preview ( 14 min )

Rustproofing Linux (Part 4/4 Shared Memory)

No content preview ( 11 min )

Cross-Execute Your Linux Binaries, Don’t Cross-Compile Them

No content preview ( 10 min )

Online Casino Roulette – A guideline for penetration testers and security researchers

No content preview ( 19 min )

Streamlining Global Automotive Cybersecurity Governance to Accelerate Innovation, Assurance, and Compliance

No content preview ( 16 min )

GSM/GPRS Traffic Interception for Penetration Testing Engagements

Discover how GSM/GPRS traffic interception enhances mobile security testing. A technical guide from NCC Group’s research team. ( 18 min )

Why AI Will Not Fully Replace Humans for Web Penetration Testing

Explore why AI alone isn’t enough for web penetration testing. NCC Group explains the irreplaceable value of human expertise in security assessments. ( 8 min )

Tool Release – Carnivore: Microsoft External Assessment Tool

No content preview ( 9 min )

Pentesting V. Red Teaming V. Bug Bounty

Explore the differences between penetration testing, red teaming, and bug bounty programs. NCC Group helps you choose the right approach. ( 10 min )

Technical Advisory: Code Execution by Viewing Resource Files in .NET Reflector

No content preview ( 7 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps

No content preview ( 12 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 3: Understanding Existing Approaches and Attempts

No content preview ( 18 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 5: Development of Prototype #1 – Text Processing and Semantic Relationships

No content preview ( 11 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 6: Development of Prototype #2 – Creating a SQLi PoC

No content preview ( 15 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 7: Development of Prototype #3 – Adventures in Anomaly Detection

No content preview ( 19 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 8: Development of Prototype #4 – Building on Takaesu’s Approach with Focus on XSS

No content preview ( 10 min )

Technical Advisory: Multiple Vulnerabilities in SmarterMail

No content preview ( 14 min )

Technical Advisory: Bypassing Microsoft XOML Workflows Protection Mechanisms using Deserialisation of Untrusted Data

No content preview ( 10 min )

5G security – how to minimise the threats to a 5G network

5G security – how to minimise the threats to a 5G network ( 25 min )

A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext

A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext ( 14 min )

Getting Shell with XAMLX Files

A detailed look at exploiting XAMLX workflows for shell access. NCC Group explains the risks, mechanics, and mitigation strategies ( 8 min )

Signaturing an Authenticode anomaly with Yara

Explore how Yara can detect Authenticode timestamp anomalies in PE files and enhance malware analysis. ( 9 min )

libtalloc: A GDB plugin for analysing the talloc heap

Explore how the libtalloc GDB plugin simplifies heap analysis for talloc-based memory structures in C applications. ( 10 min )

How To Spot a Penetration Tester in Your Network (and Catch the Real Bad Guys at the Same Time)

This guide reveals techniques to detect penetration testers and uncover genuine threats during security assessments. ( 13 min )

Adventures in Windows Driver Development: Part 1

Dive into the fundamentals of Windows driver development with NCC Group’s hands-on exploration of kernel-mode programming. ( 12 min )

CVE-2018-8611 Exploiting Windows KTM Part 1/5 – Introduction

Explore the introduction to exploiting CVE-2018-8611 in Windows Kernel Transaction Manager (KTM) with NCC Group’s expert analysis. ( 22 min )

CVE-2018-8611 Exploiting Windows KTM Part 4/5 – From race win to kernel read and write primitive

Explore how NCC Group researchers evolved a race condition exploit into full kernel read/write capabilities using CVE-2018-8611. ( 33 min )

Game Security

Uncover how NCC Group supports game developers with threat modeling, secure coding, and anti-cheat technologies. ( 14 min )

Hardware & Embedded Systems: A little early effort in security can return a huge payoff

Discover how early-stage security planning in hardware and embedded systems can dramatically reduce attack surfaces. ( 12 min )

Owning the Virgin Media Hub 3.0: The perfect place for a backdoor

Explore how NCC Group uncovered multiple vulnerabilities in the Virgin Media Hub 3.0, revealing a perfect setup for stealthy backdoor access ( 21 min )

Properly Signed Certificates on CPE Devices

Explore how shared TLS certificates in CPE devices pose security risks—and how unique provisioning can fix them. ( 11 min )

SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities

Discover how these SSL/TLS flaws allow attackers to bypass encryption, impersonate servers, and intercept sensitive data. ( 9 min )

Username enumeration techniques and their value

Discover how predictable formats, error messages, and default accounts can reveal valid usernames to attackers. ( 13 min )

Using SharePoint as a Phishing Platform

Explore how attackers can abuse Microsoft SharePoint’s trusted domain and scripting capabilities to host phishing campaigns and capture credentials. ( 11 min )

Multiple Buffer Overflows Discovered in AFFLIB

Explore how multiple buffer overflows in AFFLIB were discovered and responsibly disclosed to improve forensic tool security. ( 10 min )

Java Web Start File Inclusion via System Properties Override

This article details a vulnerability in Java Web Start that allows file inclusion through manipulated system properties. ( 9 min )

Multiple Cisco CSS / ACE Client Certificate and HTTP Header

A technical breakdown of multiple vulnerabilities in Cisco CSS ACE and their implications for secure network operations. ( 15 min )

Multiple Format String Injections in AFFLIB

Explore how multiple format string injection flaws in AFFLIB could lead to memory corruption and security breaches. ( 9 min )

Multiple Shell Metacharacter Injections in AFFLIB

A technical breakdown of shell metacharacter injection vulnerabilities in AFFLIB and their implications for secure forensic analysis. ( 9 min )

PDF Form Filling and Flattening Tool Buffer Overflow

Explore how a buffer overflow vulnerability in a PDF form filling and flattening tool could lead to memory corruption and security risks. ( 8 min )

Technical Advisory – Apple HFS+ Information Disclosure Vulnerability

Explore how a flaw in Apple’s HFSPlus file system could allow unauthorized access to file metadata and system information. ( 8 min )

Technical Advisory – Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

Explore how a flaw in Apple’s NSXMLParser could allow XML External Entity (XXE) attacks on iOS and macOS systems. ( 9 min )

Technical Advisory – DelTek Vision – Arbitrary SQL Execution (SQLi)

Learn how NCC Group researchers uncovered a critical SQLi vulnerability in Deltek Vision that threatens data integrity. ( 8 min )

Technical Advisory – HTC IQRD Android Permission Leakage

Learn how NCC Group researchers discovered a vulnerability in HTC’s iQRD that could lead to unintended data access. ( 8 min )

Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks

This technical advisory details how attackers could exploit encrypted URL parameters in IBM WebSphere Commerce using padding oracle techniques. ( 11 min )

Technical Advisory – libraptor – XXE in RDF/XML File Interpretation

A technical breakdown of the XXE vulnerability in libraptor’s RDF/XML interpretation and its impact on downstream applications. ( 10 min )

Technical Advisory – OpenOffice.org Multiple Memory Corruption Vulnerabilities

Discover how attackers could exploit memory handling flaws in OpenOffice.org to compromise system integrity and user safety. ( 9 min )

Technical Advisory – VMware Tools Multiple Vulnerabilities

This technical advisory outlines several security issues in VMware Tools and their potential impact on virtualized systems. ( 9 min )

WebLogic Plugin HTTP Injection via Encoded URLs

This technical advisory details how encoded URLs can be used to inject malicious HTTP headers in Oracle WebLogic Plug-in environments. ( 11 min )

WebSense content filter bypass when deployed in conjunction with Cisco filtering devices

Explore how attackers can bypass Websense content filtering when used alongside Cisco devices, exposing networks to unfiltered traffic. ( 10 min )

The ABCs of NFC chip security

A technical overview of NFC chip vulnerabilities and protection strategies for secure communication. ( 14 min )

Conference Talks – February 2020

Highlights from NCC Group’s February 2020 conference talks on cybersecurity, research, and technical innovation. ( 8 min )

Conference Talks – March 2022

Highlights from NCC Group’s March 2022 conference talks on cybersecurity, research, and technical innovation. ( 9 min )

Vaccine Misinformation Part 1: Misinformation Attacks as a Cyber Kill Chain

A deep dive into how misinformation tactics resemble cyber attack frameworks like the kill chain. ( 15 min )

Rise of the Sensors: Securing LoRaWAN Networks

A deep dive into LoRaWAN vulnerabilities and how to secure sensor networks against real-world attacks. ( 25 min )

Tool Release: Sinking U-Boots with Depthcharge

A new tool for probing U-Boot bootloaders, Depthcharge enables advanced firmware security testing. ( 23 min )

Choosing the Right MCU for Your Embedded Device — Desired Security Features of Microcontrollers

A practical guide to selecting microcontrollers with robust security for embedded device development. ( 20 min )

Cracking Mifare Classic 1K: RFID, Charlie Cards, and Free Subway Rides

A deep dive into exploiting MIFARE Classic 1K RFID cards used in public transit systems like Boston’s CharlieCard. ( 16 min )

Shaking The Foundation of An Online Collaboration Tool: Microsoft 365 Top 5 Attacks vs the CIS Microsoft 365 Foundation Benchmark

Explore the top 5 real-world attacks on Microsoft 365 and how the CIS Benchmark addresses—or misses—them. ( 10 min )

Why IoT Security Matters

Explore how poor IoT security can lead to privacy breaches, physical harm, legal consequences, and brand damage—and why threat modeling is essential. ( 14 min )

log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228

A practical approach to neutralizing Log4j’s JNDI vulnerability without upgrading the entire library. ( 12 min )

Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage

Learn how NSIS’s handling of temp directories exposes systems to potential exploitation during software installation. ( 10 min )

State of DNS Rebinding in 2023

Explore new DNS rebinding tactics and browser defenses like Local Network Access in NCC Group’s latest research. ( 13 min )

Software Verification and Analysis Using Z3

A technical intro to Z3 for verifying crypto software, with real-world examples and formal methods. ( 38 min )

Understanding the Impact of Ransomware on Patient Outcomes – Do We Know Enough?

Discover how ransomware affects patient care, with insights from NCC Group on clinical vulnerabilities and sector trends. ( 15 min )

Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation

A deep dive into Kerberos RBCD vulnerabilities and how attackers abuse delegation to gain elevated access. ( 10 min )

LDAPFragger: Bypassing network restrictions using LDAP attributes

Discover how LDAPFragger uses LDAP attributes to evade network restrictions and exfiltrate data covertly. ( 15 min )

Medical Devices: A Hardware Security Perspective

Medical device security goes beyond safety. Learn how hardware attacks threaten patient health and why strong security measures matter. ( 14 min )

Embedded Device Security Certifications

Learn about key certifications for embedded device security and how they impact product assurance and compliance. ( 14 min )

Drones: Detect, Identify, Intercept, and Hijack

A technical look at how drones can be exploited and the methods used to counter unauthorized UAV activity. ( 12 min )

Exploring the Security & Privacy of Canada’s Digital Proof of Vaccination Programs

Understand the security challenges and privacy concerns of Canada’s digital vaccination systems and how to mitigate potential threats. ( 29 min )

Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices

A technical deep dive into secure boot bypass techniques on NXP i.MX devices via DCD and CSF manipulation. ( 16 min )

Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes

Discover how incremental machine learning improves threat detection using Zeek logs, River, and JA3 fingerprinting. ( 17 min )

Conference Talks – December 2020

Discover NCC Group’s expert presentations from December 2020, covering security research and industry best practices. ( 13 min )

Cisco ASA series part four: dlmalloc-2.8.x, libdlmalloc, & dlmalloc on Cisco ASA

Explore dlmalloc 2.8.x on Cisco ASA, its security implications, and strategies to prevent memory-related vulnerabilities. ( 40 min )

Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0

Learn why CVE-2021-3156 poses a threat to VMware vCenter and how to protect your infrastructure from attacks. ( 30 min )

earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis scripts

Discover techniques for automating P-Code analysis using Ghidra’s decompiler internals for efficient security research. ( 27 min )

Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)

Learn about multiple CVEs affecting Nuki Smart Locks and how to mitigate security risks for connected home devices. ( 21 min )

The Case of Missing File Extensions

Explore how hidden file extensions in Windows can lead to security risks. Learn why attackers exploit this feature and how to uncover hidden extensions. ( 11 min )

RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence

Insights from honeypot research on F5 TMUI RCE vulnerability. Understand attack patterns and steps to strengthen your security posture. ( 14 min )

The Password is Dead, Long Live the Password!

Discover why passwords are vulnerable and learn about emerging technologies like biometrics and MFA that redefine secure user authentication. ( 12 min )

Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1

Dive into the technical details of exploiting Cisco ASA via IKEv1. Understand the vulnerability and how to secure your network infrastructure. ( 32 min )

NCC Group’s 2020 Annual Research Report

Explore key findings from NCC Group’s 2020 research, including vulnerability discoveries, threat intelligence, and security innovations. ( 55 min )

Much Ado About Hardware Implants

Discover how malicious chips infiltrate servers and impact global security. Learn steps to strengthen hardware and firmware integrity. ( 15 min )

Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks

Discover the impact of DoH on DNS rebinding attacks, why it matters for cybersecurity, and practical steps for reducing exposure. ( 14 min )

Introduction to Anti-Fuzzing: A Defence in Depth Aid

Learn how anti-fuzzing techniques enhance defence-in-depth strategies and protect applications from fuzzing-based vulnerabilities. ( 13 min )

Nagios XI Network Monitor Blind SQL Injection

Nagios XI Network Monitor is vulnerable to blind SQL injection. Learn the impact, exploitation risks, and mitigation steps. ( 7 min )

Whitepaper – Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm’s TrustZone

No content preview ( 7 min )

Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)

No content preview ( 8 min )

CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1

No content preview ( 31 min )

Modelling Threat Actor Phishing Behaviour

No content preview ( 6 min )

Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise

No content preview ( 15 min )

Technical Advisory: Multiple Vulnerabilities in Xerox Printers

No content preview ( 11 min )

Proxying PyRIT for fun and profit

No content preview ( 10 min )

Blind Exploitation of Stack Overflow Vulnerabilities

No content preview ( 7 min )

Professional C Programming LiveLessons, (Video Training) Part I: Writing Robust, Secure, Reliable Code

No content preview ( 6 min )

Tattler

No content preview ( 7 min )

The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems

No content preview ( 6 min )

The Database Hacker’s Handbook

No content preview ( 6 min )

Rustproofing Linux (Part 2/4 Race Conditions)

No content preview ( 13 min )

Public Report - VeChainThor Galactica Security Assessment

No content preview ( 6 min )

Where You Inject Matters: The Role-Specific Impact of Prompt Injection Attacks on OpenAI models

No content preview ( 8 min )

Freddy: An extension for automatically identifying deserialisation issues in Java and .NET applications

No content preview ( 7 min )

Pip3line – The Swiss Army Knife of Byte Manipulation

No content preview ( 8 min )

The why behind web application penetration test prerequisites

NCC Group explains why pen test prerequisites are essential for accurate, efficient, and secure web application assessments. ( 6 min )

Samsung Galaxy S24 Pwn2Own Ireland 2024

No content preview ( 6 min )

OCP S.A.F.E. How-to

No content preview ( 10 min )

Quantum Data Centre of the Future

No content preview ( 10 min )

Technical Advisory: Condeon CMS

No content preview ( 7 min )

Technical Advisory: Espressif Systems - ESP32 BluFi Reference Application Vulnerabilities

No content preview ( 7 min )

Bit51 Better Security WP Security Plugin – Unauthenticated Stored XSS to RCE

No content preview ( 7 min )

SmarterMail – Stored XSS in emails

No content preview ( 6 min )

Flash local-with-filesystem Bypass in navigateToURL

No content preview ( 6 min )

Multiple Vulnerabilities in MailEnable

No content preview ( 6 min )

Multiple security vulnerabilities in SAP NetWeaver BSP Logon

No content preview ( 6 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 1: Understanding the Basics and What Platforms and Frameworks Are Available

No content preview ( 12 min )

Adobe Flash Player Cross Domain Policy Bypass

No content preview ( 6 min )

Adobe flash sandbox bypass to navigate to local drives

No content preview ( 6 min )

44CON Workshop – How to assess and secure iOS apps

44CON Workshop – How to assess and secure iOS apps ( 6 min )

10 real-world stories of how we’ve compromised CI/CD pipelines

10 real-world stories of how we’ve compromised CI/CD pipelines ( 15 min )

44Con2013Game

Game from 44CON 2013 ( 6 min )

Public Report – Lantern and Replica Security Assessment

From September 28th through October 23rd, 2020, Lantern – in partnership with the Open Technology Fund – engaged NCC Group to conduct a security assessment of the Lantern client. Lantern provides a proxy in order to circumvent internet censorship. This assessment was open ended and time-boxed, providing a best-effort security analysis in a fixed amount […] ( 7 min )

VMware Workstation Guest-to-Host Escape Exploit Development

VMware Workstation Guest-to-Host Escape Exploit Development ( 6 min )

Voice Impersonation and DeepFake Vishing in Realtime

Voice Impersonation and DeepFake Vishing in Realtime ( 6 min )

UK government cyber security guidelines for connected & autonomous vehicles

A strategic look at the UK government’s cybersecurity guidelines for connected autonomous vehicles—what they mean for the future of mobility. ( 8 min )

Poison Ivy string decryption

Explore how NCC Group reverse-engineers Poison Ivy’s string obfuscation to uncover hidden commands and payloads. ( 7 min )

More Advanced SQL Injection

More Advanced SQL Injection ( 6 min )

Assessing IIS Configuration Remotely

Assessing IIS Configuration Remotely ( 6 min )

Oracle Java Installer Adds a System Path Which is Writable by All

Discover how a simple installation oversight in Oracle Java could lead to serious security consequences. ( 7 min )

Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in

Learn how NCC Group researchers uncovered a directory traversal vulnerability in IBM TAM that exposes critical system files. ( 8 min )

Technical Advisory – Authorization Bypass Allows for Pinboard Corruption

Explore how a flaw in access control could allow unauthorized users to corrupt Pinboard data and compromise integrity. ( 8 min )

Technical Advisory – Citrix Access Gateway Command Injection Vulnerability

Explore how a command injection flaw in Citrix Access Gateway could allow attackers to execute arbitrary system commands. ( 8 min )

Technical Advisory – Coda Filesystem Kernel Memory Disclosure

This technical advisory details a kernel memory disclosure issue in the Coda filesystem and its potential impact. ( 8 min )

Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator

Discover how attackers exploit heap overflows in Linux’s SLOB allocator, revealing serious vulnerabilities in low-memory environments. ( 6 min )

Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable

Learn how Digest Authentication offers a secure alternative to traditional session-based web authentication. ( 6 min )

Research Paper – Recovering deleted data from the Windows registry

Learn how forensic techniques can recover deleted entries from the Windows Registry for investigation and analysis. ( 6 min )

Conference Talks – January 2020

Highlights from NCC Group’s January 2020 conference talks on cybersecurity, research, and technical innovation. ( 7 min )

Technical Advisory – Multiple Vulnerabilities in Nagios XI

A technical advisory detailing several vulnerabilities in Nagios XI, including privilege escalation and remote code execution risks. ( 24 min )

Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses

Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses ( 6 min )

Black Hat 2013 – Femtocell Presentation Slides, Videos and App

Explore NCC Group’s femtocell attack research presented at Black Hat 2013, including downloadable resources. ( 8 min )

Fuzzing RTSP to discover an exploitable vulnerability in VLC

Discover how fuzzing RTSP streams uncovered vulnerabilities in VLC and advanced secure software development. ( 11 min )

Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass

Discover how attackers exploit Oracle GlassFish authentication flaws and steps to secure your server against breaches. ( 7 min )

Remote code execution in ImpressPages CMS

Explore the remote code execution flaw in ImpressPages CMS and learn best practices for vulnerability remediation. ( 6 min )

Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL (authenticated)

Learn how a crafted URL can exploit Symantec Messaging Gateway for arbitrary file downloads and how to mitigate this risk. ( 6 min )

How Microsoft Office knows a document came from the Internet and might be dangerous

Explore how Microsoft Office determines a file’s origin and safeguards against malicious content. ( 7 min )

Mallory: Transparent TCP and UDP Proxy

Discover Mallory, a powerful tool for intercepting and analyzing TCP/UDP traffic to enhance security assessments. ( 7 min )

Tool Release – ScoutSuite 5.12.0

Discover new features in ScoutSuite 5.12.0 for multi-cloud security auditing and compliance monitoring. ( 7 min )

Detecting Rclone – An Effective Tool for Exfiltration

Learn how Rclone is used for data exfiltration and discover detection strategies to protect sensitive information. ( 8 min )

Violating the Virtual Channel – RDP Testing

A deep dive into RDP virtual channel vulnerabilities. Discover tools and strategies for ethical hacking and improving remote access security. ( 12 min )

RIFT: F5 CVE-2020-5902 and Citrix CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 honeypot data release

Explore honeypot data on F5 CVE-2020-5902 and Citrix CVEs. Learn attack patterns, and mitigation strategies for critical flaws. ( 10 min )

Conference Talks – December 2021

Get insights from December’s top cybersecurity conferences. Explore research on cloud, IoT, and vulnerability exploitation techniques. ( 10 min )

FPGAs: Security Through Obscurity?

A deep dive into the myth of security through obscurity in FPGA-based systems and its real-world implications. ( 27 min )

Fix Bounty

Discover how Fix Bounty bridges the gap between vulnerability discovery and remediation. Learn strategies for faster, safer security fixes. ( 9 min )

McAfee Email and Web Security Appliance v5.6 – Arbitrary file download is possible with a crafted URL, when logged in as any user

A crafted URL in McAfee Email & Web Security v5.6 lets any user download files. Learn the risk and how to secure systems. ( 7 min )

BLEBoy

No content preview ( 6 min )

Research Blog Test Playground

No content preview ( 6 min )

Self-Driving Cars- The future is now…

No content preview ( 6 min )

Building Security In: Software Penetration Testing

Build secure software from the start. NCC Group’s blog explores the role of penetration testing in modern, resilient app development. ( 6 min )

iOS 7 tool updates

No content preview ( 7 min )

Public Report - Google Confidential Space Security Assessment

No content preview ( 6 min )

Tool Release – Reliably-checked String Library Binding

Discover our new tool for securely handling strings with reliable checks to prevent vulnerabilities in applications. ( 16 min )

Open

InQL v6.1.0 Just Landed with New Features and Contribution Swag! 🚀

Introduction We are excited to announce a new release of our Burp Suite Extension - InQL v6.1.0! The complete re-write from Jython to Kotlin in our previous update (v6.0.0) laid the groundwork for us to start implementing powerful new features, and this update delivers the first exciting batch. This new version introduces key features like our new GraphQL schema brute-forcer (which abuses “did you mean…” suggestions), server engine fingerprinter, automatic variable generation when sending requests to Repeater/Intruder, and various other quality-of-life and performance improvements. Key New Features The GraphQL Schema Brute-Forcer Until now, InQL was most helpful when a server had introspection enabled or when you already had the GraphQL schema file. With v6.1.0, the tool can now attempt to… ( 5 min )
Open

Windows Update will include Microsoft Store app updates

Microsoft is integrating app updates directly into Windows Update settings in preview builds of Windows 11, allowing users to keep applications up to date without launching the Microsoft Store. The new feature appears as an "App updates" page within Settings > Apps, designed to provide an alternative update mechanism for environments where the Microsoft Store is unavailable or restricted. Source
Open

PortSwigger x TryHackMe: Supporting Advent of Cyber

Every December, TryHackMe’s Advent of Cyber brings the security community together around a simple idea: learn something new by getting hands-on. Each day during the festive season reveals a beginner- ( 4 min )
Open

Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass

Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass ( 11 min )
Open

Overview of Content Published in November

Here is an overview of content I published in November: Blog posts: SANS ISC Diary entries: ( 11 min )

Open

Windows Inter Process Communication A Deep Dive Beyond the Surface - Part 9

Welcome to the next part of the IPC series, and the final part of the first wave of RPC series. In this post, we will look at the tools you can use to reverse-engineer an RPC server. This part completes the last two articles where I talked about RPC research ( 8 min )
Open

Copy/Paste Delays In Excel Because Of Default Printer

I experienced delays in Excel whenever I would copy/paste some cells, like this: A delay of 1 to several seconds was clearly noticeable and inconvenient. I started to review what had recently changed on my Windows computer. Turns out this was caused by a printer setting: I had recently set a default printer (a network […] ( 11 min )

Open

An Evening with Claude (Code)

A deep dive into discovering CVE-2025-64755, a vulnerability in Claude Code v2.0.25. This post walks through the process of reversing the obfuscated Claude Code JavaScript, and exploiting weak regex expressions to achieve code execution unprompted. ( 11 min )
Open

More hidden Phantom DLLs

Pretty much all of the phantom DLL scenarios that I have been describing over the years are linked to specific use cases, where the code referencing these non-existing DLLs is most of the time immediately accessible from a native OS … Continue reading → ( 2 min )
Open

Public Report: Meta Whatsapp message summarization service

No content preview ( 6 min )
Open

Quickpost: CR1225 vs CR1220

I had to replace a button cell, a CR1225, but I only had a CR1220. So I just used that CR1220 in stead. This works, because a CR1220 and CR1225 differ in mechanical properties (dimension), but not in electrical properties (voltage). Both cells have a nominal voltage of 3 Volts. CR1220 means the following: The […] ( 11 min )

Open

Running a DHCP Server on OPNsense with Kea

OPNsense firewalls can also function as DHCP servers. IP addresses are then assigned directly at the point where network separation and packet filtering take place. The firewall manages all active hosts, controls their assignment to VLANs and segmented networks, and documents each allocation in its own lease tables. Source
Open

Adventures in EM Side-channel Attacks

Adventures in EM Side-channel Attacks Eucleak ( 6 min )

Open

A silly rundll-ish feature of ShellAbout function…

When you run winver it calls the shell32.dll!ShellAbout function to display the following dialog box: It turns out the ShellAbout function’s declaration makes it a potential target for calling it from rundll32.exe, even if its prototype doesn’t follow the rundll32 … Continue reading → ( 2 min )
Open

Android Activities 101

TL;DR Introduction Android splits its communications into multiple components, some of which we’ve written about before. One of these components is Activities, which are generic components that run in a foreground thread and interact directly with the user. Is this a fancy way of saying windows? You got me. Yes, it’s a fancy way […] The post Android Activities 101 appeared first on Pen Test Partners. ( 8 min )
Open

Microsoft removes WINS after Windows Server 2025

Microsoft will retire the legacy Windows Internet Name Service after Windows Server 2025, strongly encouraging organizations to transition to DNS by November 2034. Source
Open

TANDBERG Video Communication Server Static SSH Host KeysN

Explore how hardcoded SSH host keys in Tandberg Video Communication Server could expose systems to impersonation and MITM attacks. ( 8 min )

Open

Windows features in 2026: Enhanced recovery, hardware-accelerated BitLocker, and AI integration

Microsoft announced a series of significant security and resilience features coming to Windows 11 in 2026 at Ignite 2025. The updates focus on improving system recovery capabilities, enhancing encryption performance, and strengthening threat detection through native integration of advanced monitoring tools. Source
Open

Enter Sandbox 31: Web Shells

Webshells are malicious scripts/programs that are uploaded to compromised web servers. Most webshells are written in JSP, ASP, PHP and they are interpreted by a dedicated script processor/interpreter executed by the web server (f.ex. Apache, IIS, Tomcat). The results of … Continue reading → ( 5 min )

Open

LABScon25 Replay | Simulation Meets Reality: How China’s Cyber Ranges Fuel Cyber Operations

Mei Danowski & Eugenio Benincasa unpack how Chinese firms running attack-defense exercises fuel state-linked offensive cyber operations. ( 22 min )
Open

A Note on AI from Christie Terrill, CISO, Bishop Fox

After a month of conferences and CISO conversations, one thing is clear: AI is reshaping security—fast. But the excitement comes with uncertainty, risk, and big unanswered questions. Here’s what leaders are really saying. ( 6 min )
Open

Beyond cloud compliance dashboards, what’s next?

TL;DR Introduction Cloud compliance frameworks are a good place to start. Dashboards that show how your estate compares to benchmarks like CIS and vendor-specific best practice checks are available from most major cloud providers. These tools let teams quickly see how clean their configurations are and how easy it is to spot obvious gaps. But […] The post Beyond cloud compliance dashboards, what’s next? appeared first on Pen Test Partners. ( 7 min )
Open

Antigravity Grounded! Security Vulnerabilities in Google's Latest IDE

Last week Google released an IDE called Antigravity. It’s basically the outcome of the Windsurf licensing deal from a few months ago, where Google paid some $2.4 billion for a non-exclusive license to the code. Because it’s based on Windsurf, I was curious if vulnerabilities that I reported to Windsurf back in May 2025, long before the deal, would have been addressed in the Antigravity IDE. See Month of AI Bugs for some detailed write-ups. ( 6 min )
Open

Stop Putting Your Passwords Into Random Websites (Yes, Seriously, You Are The Problem)

Welcome to watchTowr vs the Internet, part 68. That feeling you’re experiencing? Dread. You should be used to it by now. As is fast becoming an unofficial and, apparently, frowned upon tradition - we identified incredible amounts of publicly exposed passwords, secrets, keys and more for very sensitive ( 14 min )
Open

Download Windows 11 Media Creation Tool for USB installations – Bug fix and new features

The bug was caused by the Windows 11 Media Creation Tool version 26100.6584, released September 29 2025, which could close unexpectedly when used on Windows 10 devices. The bug was addressed in the update KB5067036 (OS builds 26100.7019 / 26200.7019), released on October 28, 2025. KB5067036 also introduces several new Windows 11 features, including a redesigned Start menu, improvements to File Explorer, Copilot shortcuts, colorful battery icons, enhanced taskbar performance, updated shutdown behavior, and new security features such as Administrator Protection. Source
Open

Detection Engineering: Practicing Detection-as-Code – Tuning – Part 8

In Part 7, we showcased how we can leverage automation to continuously monitor the performance and trigger rate of our deployed detections. In this part, we are going to investigate how we can introduce automation and utilize continuous deployment pipelines to streamline the tedious task of tuning our detections. ( 26 min )

Open

Mandatory update from Windows 11 23H2 to 25H2: Requirements, manual update, postponing update

Microsoft began automatically upgrading Windows 11 Home and Pro devices from version 23H2 to 25H2 on November 11, 2025, following the end of support for consumer editions. This mandatory update ensures that devices continue to receive security patches and maintain protection against vulnerabilities. This article outlines the technical requirements for the update, provides manual installation procedures, and explains methods to postpone the automatic upgrade temporarily. Source
Open

Azure Fabric Backdoor With A Twist

Azure Fabric Backdoor With A Twist ( 15 min )

State of the Art of Private Key Security in Blockchain Ops - 4. Approvals and Policies

State of the Art of Private Key Security in Blockchain Ops - 4. Approvals and Policies ( 12 min )

Open

CVE-2025-52493: When Password FieldsAren’t Enough – Client-Side SecretExposure in PagerDuty Cloud Runbook

By Mario Bartolome & Carter Ross During a recent Red Team engagement, our team at Praetorian discovered a vulnerability in PagerDuty Cloud Runbook that highlights a fundamental security principle: never trust the client with secrets. In this blog, we share details about CVE-2025-52493, a medium-severity vulnerability that exposed stored secrets to authenticated administrators through simple […] The post CVE-2025-52493: When Password FieldsAren’t Enough – Client-Side SecretExposure in PagerDuty Cloud Runbook appeared first on Praetorian. ( 20 min )
Open

New Windows Admin Center virtualization mode vs VMware vCenter Server

Microsoft announced a new virtualization mode in Windows Admin Center, specifically designed for managing Hyper-V infrastructure. This mode allows centralized control of hosts, clusters, storage, and networking. Positioned as Microsoft's alternative to VMware vCenter Server, this new mode complements the existing administration mode by focusing specifically on large-scale virtualization environments. Source
Open

A Look at RTEMS Security

No content preview ( 6 min )

Open

Fortinet FortiWeb Authentication Bypass – CVE-2025-64446

Bishop Fox researchers discovered an authentication bypass in FortiWeb that lets attackers add their own admin accounts, take over the device, and erase evidence. Organizations can quickly check if they’re exposed using a new Bishop Fox scanner and should remove public access and update immediately. ( 7 min )
Open

Cloudflare CEO blames single engineer for internal server error that took down roughly half of the internet—the real cause runs deeper

A blog post by Matthew Prince, Cloudflare's CEO, suggests that Cloudflare repeated CrowdStrike's mistake: updating the entire infrastructure without first testing on a small group of hosts. As a result, large portions of the internet, including 4sysops, were inaccessible for several hours. Apologies for the latter. While most news sites reported that 20% of internet traffic was affected, the actual impact was much higher because the outage disproportionately affected high-traffic, top-ranking websites like X, ChatGPT, Perplexity, and Spotify. While Cloudflare's CEO blames a manual database permissions change, the incident exposes a deeper design flaw: a single engineer can disrupt massive portions of global internet infrastructure. In contrast, blockchain networks like Ethereum demonstrate how truly decentralized systems can prevent such single points of failure. Source
Open

When Guardrails Aren't Enough: Reinventing Agentic AI Security With Architectural Controls

David Brauchler III delivers a fascinating Black Hat talk on the root cause of AI-based vulnerabilities and why security architecture is the real solution. ( 6 min )

Open

Threat Hunting Power Up | Enhance Campaign Discovery With Validin and Synapse

Accelerate adversary tracking and reveal hidden infrastructure with our open-source Synapse Rapid Power-Up for Validin. ( 28 min )
Open

Microsoft faces massive backlash over Windows 11 agentic OS plans – The AI naysayers come out of hiding

Microsoft's announcement to transform Windows 11 into an agentic operating system has sparked widespread criticism from users and developers. The company's Windows chief, Pavan Davuluri, disclosed plans to evolve Windows into a system that connects devices, cloud, and AI to enable autonomous task execution. However, the response from the tech community has been overwhelmingly negative, forcing Microsoft to address concerns about the platform's direction. The backlash has brought AI skeptics and change-resistant IT professionals into the open. Source

October Windows updates trigger BitLocker recovery on Intel systems

Microsoft's October 2025 security updates are causing unexpected BitLocker recovery prompts on certain Windows devices. The issue primarily affects Intel-based systems with Modern Standby support and requires users to enter their recovery key before normal operation resumes. However, some users have reported that the BitLocker recovery prompt persists on subsequent reboots, requiring repeated entry of the recovery key rather than being a one-time occurrence. Source

Open

Some unusual run-time rundll32.exe artifacts

If you use Process Monitor as often as I do, you probably know that loading a DLL via rundll32.exe produces this curious set of events: It turns out that the code of rundll32.exe includes a routine called RunDLL_InitActCtx that tries … Continue reading → ( 2 min )

1 or more little secrets of disksnapshot.exe

This native tool is not very well known, but it may be useful in some cases. The tool seems to be parsing volumes directly, bypassing the Windows APIs — hence, it kinda works like a dir command, but parses the … Continue reading → ( 3 min )
Open

Windows Inter Process Communication A Deep Dive Beyond the Surface - Part 8

Welcome to the new part of IPC, this part supposed to be the final part of the first wave that I started almost three months ago. However I extended this wave to one more part where I will talk about reverse engneering the RPC server. This part completes the last ( 7 min )
Open

State of the Art of Private Key Security in Blockchain Ops - 3. Private Key Storage and Signing Module

State of the Art of Private Key Security in Blockchain Ops - 3. Private Key Storage and Signing Module ( 12 min )

Open

Hacking with Burp AI in the Chesspocalypse: API expert Corey Ball showcases how Burp AI can support pentesters.

AI isn’t just reshaping cybersecurity - it’s challenging testers to rethink their entire playbook. In his latest article, “Hacking with Burp AI in the Chesspocalypse”, API expert Corey Ball draws less ( 3 min )
Open

When The Impersonation Function Gets Used To Impersonate Users (Fortinet FortiWeb Auth. Bypass CVE-2025-64446)

The Internet is ablaze, and once again we all have a front-row seat - a bad person, if you can believe it, is doing a bad thing! The first warning of such behaviour came from the great team at Defused: As many are now aware, an unnamed (and potentially silently ( 6 min )
Open

Migrate WSUS: Install role and move data to Windows Server 2025

This guide walks you through the process of installing the WSUS (Windows Server Update Services) role and migrating your configuration and data to Windows Server 2025. You'll perform a clean setup to ensure a stable, efficient patch management environment on the latest Windows Server release. Follow these steps to safely move WSUS settings, groups, and approvals, and prepare your system for long-term support. Source
Open

How we avoided side-channels in our new post-quantum Go cryptography libraries

The Trail of Bits cryptography team is releasing our open-source pure Go implementations of ML-DSA (FIPS-204) and SLH-DSA (FIPS-205), two NIST-standardized post-quantum signature algorithms. These implementations have been engineered and reviewed by several of our cryptographers, so if you or your organization is looking to transition to post-quantum support for digital signatures, try them out! This post will detail some of the work we did to ensure the implementations are constant time. These tricks specifically apply to the ML-DSA (FIPS-204) algorithm, protecting from attacks like KyberSlash, but they also apply to any cryptographic algorithm that requires branching or division. The road to constant-time FIPS-204 SLH-DSA (FIPS-205) is relatively easy to implement without introducing sid… ( 5 min )

Open

Is It CitrixBleed4? Well, No. Is It Good? Also, No. (Citrix NetScaler Memory Leak & RXSS CVE-2025-12101)

There’s an elegance to vulnerability research that feels almost poetic - the quiet dance between chaos and control. It’s the art of peeling back the layers of complexity, not to destroy but to understand; to trace the fragile threads that hold systems together and see where ( 5 min )
Open

Windows Hello Passkey Manager Plugin API

Microsoft announced the passkey plugin API for Windows 11 in October 2024, with the feature becoming generally available with the November 2025 security update. This API enables third-party passkey managers, such as 1Password and Bitwarden, to integrate directly into Windows 11's native authentication system, allowing end-users to authenticate with a passkey on multiple devices. Source
Open

Public Report: Google Private AI Compute Review

Public Report: Google Private AI Compute Review ( 7 min )

Open

Windows 10 ESU enrollment fails: We can’t enroll you in Extended Security Updates right now

Microsoft's Extended Security Updates program for Windows 10 is unavailable on some devices due to technical restrictions and regional rollout delays, requiring affected users to upgrade to Windows 11 or accept unpatched systems. Users attempting enrollment may encounter generic error messages such as "We can't enroll you in Extended Security Updates right now. Close this window and try again" or simply "Something went wrong," which provide minimal diagnostic information about the underlying issues. Source
Open

State of the Art of Private Key Security in Blockchain Ops - 2. Common Custody Solutions Architectures

State of the Art of Private Key Security in Blockchain Ops - 2. Common Custody Solutions Architectures ( 12 min )

Legacy Technology in Transport: More Than “Old Tech”

Legacy Technology in Transport: More Than “Old Tech” ( 6 min )

Open

Windows Inter Process Communication A Deep Dive Beyond the Surface - Part 7

Welcome to the new part of the IPC series. This is the sixth part, about RPC, where we will talk about external tools you can use to conduct RPC research. To get good research results you need a good toolset, tools that help you reach your goal without spending a ( 7 min )

Open

Unmasking Techno Sophists

Unmasking Techno Sophists ( 6 min )

Public Report: VetKeys Cryptography Review

Public Report: VetKeys Cryptography Review ( 6 min )

Open

Balancer hack analysis and guidance for the DeFi ecosystem

.content img { border: 1px solid black; } TL;DR The root cause of the hack was a rounding direction issue that had been present in the code for many years. When the bug was first introduced, the threat landscape of the blockchain ecosystem was significantly different, and arithmetic issues in particular were not widely considered likely vectors for exploitation. As low-hanging attack paths have become increasingly scarce, attackers have become more sophisticated and will continue to hunt for novel threats, such as arithmetic edge cases, in DeFi protocols. Comprehensive invariant documentation and testing are now essential; the simple rule “rounding must favor the protocol” is no longer sufficient to catch edge cases. This incident highlights the importance of both targeted security techn… ( 7 min )
Open

How I Found the Worst ASP.NET Vulnerability — A $10K Bug (CVE-2025-55315)

Introduction Earlier this year, I earned a $10,000 bounty from Microsoft after discovering a critical HTTP request smuggling vulnerability in ASP.NET Core’s Kestrel server (CVE-2025-55315). The vulnerability garnered significant media attention after Microsoft assigned it a CVSS score of 9.9, the highest severity rating ever assigned to an ASP.NET Core vulnerability. This post walks through […] The post How I Found the Worst ASP.NET Vulnerability — A $10K Bug (CVE-2025-55315) appeared first on Praetorian. ( 32 min )
Open

What’s That Coming Over The Hill? (Monsta FTP Remote Code Execution CVE-2025-34299)

Happy Friday, friends and.. others. We’re glad/sorry to hear that your week has been good/bad, and it’s the weekend/but at least it’s almost the weekend! What’re We Doing Today, Mr Fox? Today, in a tale that seems all too ( 9 min )
Open

Windows 10 ESU and LTSC users receive incorrect warning: Your version of Windows has reached the end of support

Microsoft confirmed a bug affecting Windows 10 systems enrolled in the Extended Security Updates (ESU) program and LTSC editions. The issue causes enrolled devices to display incorrect end-of-support messages despite having active security coverage: "Your version of Windows has reached the end of support. Your device is no longer receiving security updates." Source
Open

Exploiting AgTech connectivity to corner the grain market

TL;DR Introduction I live in the countryside & as a result, know quite a few farmers. The subject of connected farming systems comes up quite a lot in the local pub. Those of you who have watched Clarkson’s Farm will understand just how complex and confusing some tractor systems are. Tractors spend a lot of […] The post Exploiting AgTech connectivity to corner the grain market appeared first on Pen Test Partners. ( 7 min )
Open

Rapid Breach: Social Engineering to Remote Access in 300 Seconds

No content preview ( 13 min )

Goal-Based Regulation

Goal-Based Regulation ( 6 min )

Open

Install and activate Windows 10 Extended Security Updates (ESU) Multiple Activation Key (MAK)

Windows 10 support ended on October 14, 2025, but organizations can continue receiving critical security updates through the Extended Security Updates (ESU) program. This article explains the technical requirements, procedures, and limitations for deploying ESU licenses in commercial environments using a Multiple Activation Key (MAK). Source

Open

Microsoft reverses Windows 11 update naming changes after IT admin backlash

Microsoft introduced simplified Windows 11 update titles in late October 2025, removing date prefixes and version information to improve readability. The change faced immediate criticism from IT administrators who found the new naming scheme confusing and impractical for enterprise environments. Within days, Microsoft confirmed it would restore the date format while maintaining other simplifications. Source
Open

Ready to Hack an LLM? Our Top CTF Recommendations

The best way to understand LLM vulnerabilities isn’t by reading, it’s by hacking. Explore our top CTF and sandbox picks to safely test prompt injections, jailbreaks, and model exploits while sharpening your AI security skills. ( 9 min )
Open

Active Directory Security Tip #14: Group Managed Service Accounts (GMSAs)

Group Managed Service Accounts (GMSAs) User accounts created to be used as service accounts rarely have their password changed. Group Managed Service Accounts (GMSAs) provide a better approach (starting in the Windows 2012 timeframe). The password is managed by AD and automatically changed. This means that the GMSA has to have security principals explicitly delegated … Continue reading ( 6 min )
Open

Bridging the Valley of Death

Bridging the Valley of Death: How Assurance Takes Us from Proof of Concept to Minimum Viable Product ( 6 min )

Open

What testers need to know about the changes to the CHECK scheme

TL;DR Chartership and professional titles UKCSC has announced that the CHECK Team Leaders and CHECK Team Members will be required to have a professional title in order to continue delivering work under the CHECK scheme. What does Chartership mean for the CHECK Scheme? UKCSC runs the professional titles system. It sets out the standards for […] The post What testers need to know about the changes to the CHECK scheme appeared first on Pen Test Partners. ( 7 min )

Open

Crack the Riddle, Secure the Oasis: Core NetWars Version 11 is Here

A blog about SANS Institute's new Core NetWars Version 11 ( 12 min )

Open

Expanding on ChunkyIngress - Clippy Goes Rogue (GoClipC2)

GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging. ( 10 min )

Expanding on ChunkyIngress - Clippy Goes Rogue (GoClipC2)

GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging. ( 10 min )

Open

The Cost Savings of Fixing Security Flaws in Development

No content preview ( 7 min )

Open

A New Approach to Proving Cybersecurity Value (That Isn’t ROI)

In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders. ( 6 min )

Celebrating 10 Years of Partnership: Snap and HackerOne Reach $1M in Bounties

At Snap, security is more than a priority—it’s a core mission. Over the past decade, Snap has partnered with HackerOne to build and sustain a robust bug bounty program. This collaboration has led to major milestones, including paying security researchers over $1M in bounties. To celebrate this achievement and their 10-year partnership, we spoke with Jim Higgins, Snap's Chief Information Security Officer, Vinay Prabhushankar, Snap’s Security Engineering Manager, and Ilana Arbisser, Snap’s Privacy Engineer.

Open

Women@ Kicks Off the Year with a Vision Board Event

No content preview ( 4 min )

Open

Gain Actionable, Data-backed Insights with HackerOne Recommendations

What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can. ( 5 min )

Open

Welcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discovery

What are Hackbots and how are they impacting vulnerability discovery and the researcher community? ( 6 min )

Open

DORA Compliance Is Here: What Financial Entities Should Know

The new DORA regulation: everything your organization needs to know about its impact and how to comply. ( 5 min )

Open

Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies

The term “special relationship,” coined by Winston Churchill, describes the close, longstanding alliance between the United States and the United Kingdom. It has been applied to cooperation during war, to trade and commerce, and even to intelligence sharing. That special relationship has clearly influenced the two nations’ recent policy papers on national cybersecurity. The U.K. […] The post Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies appeared first on Synack. ( 7 min )

Open

Scoping Adventures: How to Get the Most Out of Your Synack Pentesting

Scoping Adventures is a series of blogs about some of the more interesting penetration tests that the Synack Customer Success teams have worked on over the last few months. Each blog outlines how we engage with the client to achieve the best results from a pentest. Pentesters love colors—red, blue, purple, black, white and grey […] The post Scoping Adventures: How to Get the Most Out of Your Synack Pentesting appeared first on Synack. ( 11 min )

Open

Applying Strategic Thinking in Your Pentesting Program

The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common vulnerabilities and exposures (CVEs) were published. At the same time, organization attack surfaces are expanding. […] The post Applying Strategic Thinking in Your Pentesting Program appeared first on Synack. ( 7 min )

Open

The U.S. has a new cybersecurity strategy. What’s next for CISOs?

One week ago, the Biden administration unveiled its long-awaited U.S. National Cybersecurity Strategy, with an eye toward centralizing government cyber resources and holding IT vendors more accountable for their digital defenses. Now that the ink is dry on the 35-page document, top officials like Acting National Cyber Director Kemba Walden are busy putting it into […] The post The U.S. has a new cybersecurity strategy. What’s next for CISOs? appeared first on Synack. ( 7 min )