• Open

    Corrupting the Hive Mind: Persistence Through Forgotten Windows Internals
    Eventually after you write a tool, the time comes to make it public. That time has come for Swarmer, a tool for stealthy modification of the Windows Registry as a low privilege user. It’s been almost a year since we first deployed this technique in the wild, and given enough time has passed, it seems appropriate […] The post Corrupting the Hive Mind: Persistence Through Forgotten Windows Internals appeared first on Praetorian.  ( 11 min )

  • Open

    Microsoft discontinues support for answer files (unattend.xml) in Windows Deployment Services (WDS): Reasons and alternatives
    Microsoft is disabling hands-free WDS deployments that use unattend.xml answer files due to security concerns (CVE-2026-0386), with the feature first warning after January 2026 updates and then being turned off by default from April 2026. However, it can still be re‑enabled via a registry key, and alternative WinPE-based methods remain supported for Windows 11 deployments. Source

  • Open

    Bypassing Windows Administrator Protection
    A headline feature introduced in the latest release of Windows 11, 25H2 is Administrator Protection. The goal of this feature is to replace User Account Control (UAC) with a more robust and importantly, securable system to allow a local user to access administrator privileges only when necessary. This blog post will give a brief overview of the new feature, how it works and how it’s different from UAC. I’ll then describe some of the security research I undertook while it was in the insider preview builds on Windows 11. Finally I’ll detail one of the nine separate vulnerabilities that I found to bypass the feature to silently gain full administrator privileges. All the issues that I reported to Microsoft have been fixed, either prior to the feature being officially released (in optional update KB5067036) or as subsequent security bulletins. Note: As of 1st December 2025 the Administrator Protection feature has been disabled by Microsoft while an application compatibility issue is dealt with. The issue is unlikely to be related to anything described in this blog post so the analysis doesn’t change.  ( 15 min )

  • Open

    Azure Fabric Backdoor With A Twist
    Azure Fabric Backdoor With A Twist  ( 15 min )
    State of the Art of Private Key Security in Blockchain Ops - 4. Approvals and Policies
    State of the Art of Private Key Security in Blockchain Ops - 4. Approvals and Policies  ( 13 min )

  • Open

    Stealing AI Models Through the API: A Practical Model Extraction Attack
    Organizations invest significant resources training proprietary machine learning (ML) models that provide competitive advantages, whether for medical imaging, fraud detection, or recommendation systems. These models represent months of R&D, specialized datasets, and hard-won domain expertise. But what if an attacker could duplicate an expensive machine learning model at a fraction of the cost?  Model extraction […] The post Stealing AI Models Through the API: A Practical Model Extraction Attack appeared first on Praetorian.  ( 20 min )

  • Open

    Hacking Humans: Social Engineering and the Psychology
    TL;DR : Social engineering engagements are the most exciting and heart pumping, “in my opinion”. It doesn’t begin at the badge reader or the front desk. The access occurs when someone makes a decision. The cameras work. The badges work. The locks work. Failure happens when an employee makes a decision: “Does this person belong […] The post Hacking Humans: Social Engineering and the Psychology appeared first on SpecterOps.  ( 18 min )

  • Open

    Security Baseline for Microsoft 365 Apps for enterprise v2512: Intune and Group Policy deployment
    Microsoft just announced the Security Baseline for Microsoft 365 Apps for enterprise version 2512 ( (v2512, December 2025) as part of the Microsoft Security Compliance Toolkit. This security configuration package aligns with Administrative Templates released in version 5516 and introduces updated policies designed to strengthen protections in Excel, PowerPoint, and core Microsoft 365 Apps components. You can deploy these Microsoft-recommended security configurations through multiple methods including Office cloud policies, Microsoft Intune, or Group Policy to reduce configuration drift and ensure consistent protection across enterprise environments. Source

  • Open

    Pwn2Own Automotive 2026 - Day Three Results and the Master of Pwn
    The last day of Pwn2Own Automotive 2026 saw the world’s top security researchers take their final shots at the latest automotive systems. Over three days of intense competition, $1,047,000 USD was awarded for 76 unique 0-day vulnerabilities, with bold exploits, clever techniques, and collisions keeping the action thrilling throughout. By the end, Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of Fuzzware.io claimed the title of Master of Pwn, earning 28 points and $215,500 USD. Follow the final updates on Twitter, Mastodon, LinkedIn, and Bluesky, and join the conversation using #Pwn2OwnAutomotive and #P2OAuto. SUCCESS / COLLISON - Tobias Scharnowski (@ScepticCtf), Felix Buchmann (@diff_fusion), and Kristian Covic (@SeTcbPrivilege) of F…

  • Open

    Rust’s Role in Embedded Security
    Rust enhances memory safety in embedded systems, but rigorous security testing remains essential to address logic, hardware, and cryptographic vulnerabilities. Explore the benefits and key considerations of using Rust The post Rust’s Role in Embedded Security  appeared first on NetSPI.  ( 24 min )

  • Open

    Download and install Windows 11 26H1
    Windows 11 26H1 is a platform update designed primarily for next-generation ARM processors rather than a traditional feature-rich release. This guide briefly outlines what version 26H1 offers, how to download it, and who should install it. Source

  • Open

    Why the Board Belongs in the War Room: The Untapped Value of Crisis Readiness
    Boards may not be on the front lines, but they’re always in the blast radius. Crisis simulations help directors experience uncertainty firsthand, strengthening governance, trust, and decision-making before headlines hit.  ( 10 min )

  • Open

    Preparing for the EU Cyber Resilience Act (CRA)
    TL;DR   Raising the baseline for product security  Product security has matured significantly over the last decade. Secure defaults, defined ownership of security risk, reliable update mechanisms, and structured vulnerability handling are now mainstream and well understood by experienced engineering and security teams. These practices are no longer aspirational. They are now the minimum required to build and operate digital products responsibly.   The new EU Cyber Resilience Act (CRA) formalises […] The post Preparing for the EU Cyber Resilience Act (CRA)  appeared first on Pen Test Partners.  ( 8 min )

  • Open

    Pwn2Own Automotive 2026 - Day Two Results
    Day Two of Pwn2Own Automotive 2026 was packed with action, and the stakes continued to rise. Security researchers returned to the Pwn2Own stage, probing and challenging the latest automotive systems as the competition intensified. New exploits, unexpected twists, and standout performances emerged throughout the day - follow along here for daily updates as the race for Master of Pwn heats up.  Following an action-packed Day One, where $516,500 USD was awarded for 37 unique 0-day vulnerabilities, Day Two added another $439,250 USD and 29 unique 0-days, bringing the event totals to $955,750 USD with 66 unique vulnerabilities overall. Fuzzware.io holds a commanding lead for Master of Pwn, but with one day to go, anything can still happen. We’ll see what the final day of the contest brings.  St…

  • Open

    Attackers With Decompilers Strike Again (SmarterTools SmarterMail WT-2026-0001 Auth Bypass)
    Well, well, well - look what we’re back with. You may recall that merely two weeks ago, we analyzed CVE-2025-52691 - a pre-auth RCE vulnerability in the SmarterTools SmarterMail email solution with a timeline that is typically reserved for KEV holders. The plot of that story had everything;  ( 7 min )

  • Open

    Intercepting OkHttp at Runtime With Frida - A Practical Guide
    Introduction OkHttp is the defacto standard HTTP client library for the Android ecosystem. It is therefore crucial for a security analyst to be able to dynamically eavesdrop the traffic generated by this library during testing. While it might seem easy, this task is far from trivial. Every request goes through a series of mutations between the initial request creation and the moment it is transmitted. Therefore, a single injection point might not be enough to get a full picture. One needs a different injection point to find out what is actually going through the wire, while another might be required to understand the initial payload being sent. In this tutorial we will demonstrate the architecture and the most interesting injection points that can be used to eavesdrop and modify OkHttp req…  ( 8 min )

  • Open

    Task Failed Successfully – Microsoft’s “Immediate” Retirement of MDT
    TL;DR – After reporting vulnerabilities found in MDT, Microsoft chose to retire the service rather than fix the issues. As of January 6, 2026, Microsoft stopped supporting MDT and will no longer provide updates, including security patches. Admins should follow the defensive recommendations to mitigate the issues if they choose to continue using the software […] The post Task Failed Successfully – Microsoft’s “Immediate” Retirement of MDT appeared first on SpecterOps.  ( 18 min )

  • Open

    As Strong As Your Weakest Parameter: An AI Authorization Bypass
    In this AI gold rush, LLMs are becoming increasingly popular with many companies rolling out AI-assisted applications. When evaluating the security posture of these applications, it’s essential to pause and ask ourselves: what are we securing? Automated security tools that test models in isolation play an important role in identifying known vulnerabilities and establishing security […] The post As Strong As Your Weakest Parameter: An AI Authorization Bypass appeared first on Praetorian.  ( 16 min )

  • Open

    Red Macros Factory Is Joining OST (And So Am I!)
    Hey everyone! I’m Mariusz Banach (mgeeky) and I’m excited to introduce myself as the newest member of the Outflank team. For those who don’t know me, I’ve spent years in the trenches as a red teamer and have trained others to do the same, delivering public and private IT security trainings on malware analysis, initial access, evasion tactics, and more. However, I have spent the last few years building and managing Red Macros Factory (RMF), an Initial Access Framework designed to take the pain out of the weaponization phase that kicks off every red team engagement. RMF represents three years of research-driven development, battle-tested across numerous engagements. The philosophy behind it is simple: red team tools, by a red teamer, for red teamers. Sound familiar? That’s exactly why I’m here. As part of joining Outflank, Read full post The post Red Macros Factory Is Joining OST (And So Am I!) appeared first on Outflank.  ( 7 min )

  • Open

    LABScon25 Replay | How to Bug Hotel Rooms v2.0
    Dan Tentler reveals how consumer hardware coupled with Home Assistant can monitor hotel rooms, detect occupants through walls, and trigger automated alerts.  ( 22 min )

  • Open

    Microsoft Entra PowerShell v1.2.0 brings Agent Identity Blueprint management and new automation features
    Microsoft released version 1.2.0 of the Microsoft Entra PowerShell module, introducing production-ready support for Agent Identity Blueprints, enhanced application configuration parameters, and modernized invitation APIs. This update consolidates Agent Identity functionality into the main module and delivers new cmdlets for automated identity management across Microsoft Entra ID environments. Source

  • Open

    Pwn2Own Automotive 2026 - Day One Results
    Welcome to Day One of Pwn2Own Automotive 2026! Today, 30 entries took the Pwn2Own stage to target the latest automotive systems, as the world’s top security researchers push technology to its limits. Exploits, surprises, and breakthrough discoveries are unfolding. After Day One, we awarded $516,500 for 37 unique 0-days! Fuzzware.io is currently in the lead for Master of Pwn, but Team DDOS is right on their heels. Stay tuned tomorrow for more results and surprises. Stay up to date by following us on Twitter, Mastodon, LinkedIn, and Bluesky, and join the conversation using #Pwn2Own Automotive and #P2OAuto for continuous coverage.  FAILURE - Unfortunately, Team Hacking Group targeting Kenwood DNR1007XR in the In-Vehicle Infotainment (IVI) category could not get their exploit working within…

  • Open

    A Look at RTEMS Security
    No content preview  ( 6 min )

  • Open

    What is Azure Test Run Hub
    Microsoft announces the general availability of the Azure Test Run Hub, which delivers a new interface for managing test execution in Azure DevOps Test Plans. Source
    Disable weak RC4 encryption on Active Directory domain controllers to prevent Kerberoasting attacks exploiting Kerberos vulnerability CVE-2026-20833
    Microsoft has initiated a critical security hardening phase for Windows Active Directory domain controllers to address CVE-2026-20833, a Kerberos vulnerability that enables Kerberoasting attacks by allowing attackers to exploit weak RC4 encryption. The January 2026 security updates mark the beginning of a phased transition that will disable RC4 encryption by default and enforce AES-SHA1 as the standard encryption method for Kerberos authentication. Source
    How to use ExcludeFromAllHolds to remove retention holds from inactive mailboxes in Exchange Online
    Microsoft introduced a new PowerShell parameter, ExcludeFromAllHolds, that simplifies removing multiple retention holds from inactive mailboxes in Exchange Online. This capability enables you to remove various retention holds from inactive mailboxes while preserving essential compliance protections such as eDiscovery holds and litigation holds. Source

  • Open

    Updates to the MSSQLHound OpenGraph Collector for BloodHound
    tl;dr: MSSQLHound, a PowerShell script that collects security information from remote MSSQL Server instances, now scans them to determine whether or not NTLM relay attacks are possible, accounts for a recent privilege escalation vulnerability, and includes queries you can import into the BloodHound attack path graph to visualize, navigate, and remediate misconfigurations in MSSQL. Updates […] The post Updates to the MSSQLHound OpenGraph Collector for BloodHound appeared first on SpecterOps.  ( 15 min )

  • Open

    LLMs in the SOC (Part 1) | Why Benchmarks Fail Security Operations Teams
    LLM cybersecurity benchmarks fail to measure what defenders need: faster detection, reduced containment time, and better decisions under pressure.  ( 34 min )

  • Open

    Pwn2Own Automotive 2026 - The Full Schedule
    おかえりなさい (Welcome back!) The third annual Pwn2Own Automotive competition has returned to Automotive World in Tokyo, and the excitement is building. This year marks a major milestone for Pwn2Own, with a record 73 entries. We’ve brought together some of the world’s most talented security researchers to take on the latest automotive components, pushing them to their limits in a real-world testing environment. Earlier today, we held the random drawing to determine the order of attempts, setting the stage for an exciting lineup of demonstrations and discoveries. Below is the official schedule based on that draw. All times are listed in Tokyo local time and may change as the competition progresses - updates will be posted as the event unfolds. In case you missed it, you can watch the draw here. …

  • Open

    When Guardrails Aren't Enough: Reinventing Agentic AI Security With Architectural Controls
    David Brauchler III delivers a fascinating Black Hat talk on the root cause of AI-based vulnerabilities and why security architecture is the real solution.  ( 7 min )

  • Open

    Windows 11 Insider Preview Build 26220.7653 (KB5074157) brings dark mode improvements and performance fixes
    Microsoft released Windows 11 Insider Preview Build 26220.7653 (KB5074157) to the Beta Channel on January 16, 2026. This update introduces modernized user interface elements with dark mode support, enhanced desktop background options, and multiple performance fixes. The build is based on Windows 11 version 25H2 and includes changes that are gradually rolling out to Insiders who enable the toggle for the latest updates in Settings > Windows Update. Source
    First sign-in restore for Windows Backup for Organizations
    Microsoft is expanding Windows Backup for Organizations with a first-sign-in restore feature that lets you recover Windows settings and Microsoft Store apps immediately after logging in on Windows 11 devices. This new capability, currently in private preview, provides a safety net for users who miss or encounter issues during the initial device setup process. Source

  • Open

    MCP Bridge Upgrade
    MCP Bridge Upgrade  ( 6 min )
    Black Hole of Trust: SEO Poisoning in Silver Fox’s Space Odyssey
    Black Hole of Trust: SEO Poisoning in Silver Fox’s Space Odyssey  ( 6 min )

  • Open

    On the Coming Industrialisation of Exploit Generation with LLMs
    Recently I ran an experiment where I built agents on top of Opus 4.5 and GPT-5.2 and then challenged them to write exploits for a zeroday vulnerability in the QuickJS Javascript interpreter. I added a variety of modern exploit mitigations, various constraints (like assuming an unknown heap starting state, or forbidding hardcoded offsets in the […]  ( 17 min )

  • Open

    Update: zipdump.py Version 0.0.33
    This update adds pseudo-field sha256 which can be used to calculate the sha256 hash of the content (compressed or decompressed):-E sha256:data-E sha256:data:decompress-E sha256:decompress-E sha256:extra zipdump_v0_0_33.zip (http)MD5: ABF2AC037D2CB7E26664D28B109E9293SHA256: A80E956072E9C4E3051992EA3E551444585854747EFE2A997A232E6F5B94E8E4  ( 11 min )

  • Open

    Update: hash.py Version 0.0.14
    This is a bug fix version. hash_V0_0_14.zip (http)MD5: 66A205915A280CC474541053739B8EDDSHA256: C459B75F132BB4AA394D8EA27A79F409C446AAA67536946673EC824EA9219F9F  ( 11 min )

  • Open

    State of the Art of Private Key Security in Blockchain Ops - 3. Private Key Storage and Signing Module
    State of the Art of Private Key Security in Blockchain Ops - 3. Private Key Storage and Signing Module  ( 12 min )

  • Open

    One WSL BOF to Rule Them All
    TL;DR – Windows Subsystem for Linux (WSL) is a powerful way for attackers to hide from defenders, since WSL2 is a completely separate VM running in Hyper-V, and is rarely monitored in any way. I’ve had lots of success pivoting from heavily monitored Windows hosts into WSL2 and going hog wild on the host and […] The post One WSL BOF to Rule Them All appeared first on SpecterOps.  ( 19 min )

  • Open

    Windows Secure Boot certificates expire in 2026
    Microsoft has started automatically updating Secure Boot certificates on eligible Windows 11 systems with the January 2026 security update. The update replaces certificates that are set to expire in June and October 2026, ensuring devices maintain boot security and continue receiving critical updates. Learn what admins need to know. Source
    Move Microsoft 365 users from tenant to tenant with migration orchestrator
    Microsoft has launched a native migration orchestrator in public preview that enables you to move user data between Microsoft 365 tenants during mergers, acquisitions, divestitures, and organizational restructurings. This cloud-based solution consolidates Exchange mailboxes, OneDrive files, and Teams chats and meetings into a single migration workflow, eliminating the need for multiple third-party tools and reducing administrative complexity. Source

  • Open

    Carlsberg… probably not the best cybersecurity in the world
    TL;DR  The exhibition  My Wife and I visited the Carlsberg exhibition in Copenhagen in August 2025 and we were given wristbands with a QR code on them. As we went through the exhibition, there were various interactive elements where you could create your own blend of beer, create a video of you dancing in a beer glass, and […] The post Carlsberg… probably not the best cybersecurity in the world appeared first on Pen Test Partners.  ( 8 min )

  • Open

    The Symbols of Operation
    The Symbols of Operation code data confusion ada lovelace  ( 6 min )

  • Open

    Functional PoCs in less than a minute? Julen Garrido Estévez puts Burp AI to the test
    Note: This is a guest post by pentester Julen Garrido Estévez (@b3xal). Methodology Key results Examples Key learnings Prompt template A pentester's POV on Burp AI Pentester Julen Garrido Es  ( 8 min )

  • Open

    MSSQL and SCCM Elevation of Privilege Vulnerabilities
    TL;DR: I found two privilege escalation vulnerabilities, one in MSSQL (CVE-2025-49758) and one in Microsoft Configuration Manager (CVE-2025-47179), while mapping their permission models for inclusion in BloodHound, an open-source tool with Maps-style navigation and an interactive graph that helps users visualize and remediate attack paths. I learned a few things about submitting a good bug […] The post MSSQL and SCCM Elevation of Privilege Vulnerabilities appeared first on SpecterOps.  ( 21 min )

  • Open

    Alternatives to the retired Microsoft Deployment Toolkit (MDT)
    Microsoft announced the immediate retirement of Microsoft Deployment Toolkit (MDT) on January 6, 2026, marking the end of a tool that has served IT administrators for over 20 years. You will no longer receive updates, fixes, or support for MDT, and the download packages have been removed from official distribution channels. Find out about alternatives to the MDT and how administrators reacted to its retirement announcement. Source

  • Open

    Minting Next.js Authentication Cookies
    In this post, we’ll look how an adversary can mint authentication cookies for Next.js (next-auth/Auth.js) applications to maintain persistent access to the application as any user. The reason this is important is because of React2Shell, which is a deserialization vulnerability that allows an adversary to run arbitrary code. Much has been discussed about this vulnerability, and you can read up the original details from the finder here.  ( 4 min )

  • Open

    A 0-click exploit chain for the Pixel 9 Part 3: Where do we go from here?
    While our previous two blog posts provided technical recommendations for increasing the effort required by attackers to develop 0-click exploit chains, our experience finding, reporting and exploiting these vulnerabilities highlighted some broader issues in the Android ecosystem. This post describes the problems we encountered and recommendations for improvement. Audio Attack Surface The Dolby UDC is part of the 0-click attack surface of most Android devices because of audio transcription in the Google Messages application. Incoming audio messages are transcribed before a user interacts with the message. On Pixel 9, a second process com.google.android.tts also decodes incoming audio. Its purpose is not completely clear, but it seems to be related to making incoming messages searchable.  ( 9 min )
    A 0-click exploit chain for the Pixel 9 Part 2: Cracking the Sandbox with a Big Wave
    With the advent of a potential Dolby Unified Decoder RCE exploit, it seemed prudent to see what kind of Linux kernel drivers might be accessible from the resulting userland context, the mediacodec context. As per the AOSP documentation, the mediacodec SELinux context is intended to be a constrained (a.k.a sandboxed) context where non-secure software decoders are utilized. Nevertheless, using my DriverCartographer tool, I discovered an interesting device driver, /dev/bigwave that was accessible from the mediacodec SELinux context. BigWave is hardware present on the Pixel SOC that accelerates AV1 decoding tasks, which explains why it is accessible from the mediacodec context. As previous research has copiously affirmed, Android drivers for hardware devices are prime places to find powerful local privilege escalation bugs. The BigWave driver was no exception - across a couple hours of auditing the code, I discovered three separate bugs, including one that was powerful enough to escape the mediacodec sandbox and get kernel arbitrary read/write on the Pixel 9.  ( 8 min )
    A 0-click exploit chain for the Pixel 9 Part 1: Decoding Dolby
    Over the past few years, several AI-powered features have been added to mobile phones that allow users to better search and understand their messages. One effect of this change is increased 0-click attack surface, as efficient analysis often requires message media to be decoded before the message is opened by the user. One such feature is audio transcription. Incoming SMS and RCS audio attachments received by Google Messages are now automatically decoded with no user interaction. As a result, audio decoders are now in the 0-click attack surface of most Android phones. I’ve spent a fair bit of time investigating these decoders, first reporting CVE-2025-49415 in the Monkey’s Audio codec on Samsung devices. Based on this research, the team reviewed the Dolby Unified Decoder, and Ivan Fratric and I reported CVE-2025-54957. This vulnerability is likely in the 0-click attack surface of most Android devices in use today. In parallel, Seth Jenkins investigated a driver accessible from the sandbox the decoder runs in on a Pixel 9, and reported CVE-2025-36934.  ( 36 min )

  • Open

    Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP
    TL;DR – During automatic client push installation, an SCCM site server automatically attempts to map WebDav shares on clients, starting WebClient when installed. This allows an adversary to coerce both high-privilege siteserver machine account NTLM authentication and client push installation account HTTP NTLM authentication and perform an NTLM relay to LDAP for SCCM or (sometimes) […] The post Wait, Why is my WebClient Started?: SCCM Hierarchy Takeover via NTLM Relay to LDAP appeared first on SpecterOps.  ( 21 min )

  • Open

    LABScon25 Replay | Hacktivism and War: A Clarifying Discussion
    Jim Walter unpacks the hacktivist landscape and reveals how to distinguish different levels of threat based on persona characteristics.  ( 22 min )

  • Open

    Microsoft 365 admin center will block accounts without MFA in February
    Microsoft will enforce multi-factor authentication (MFA) for all users signing in to the Microsoft 365 admin center starting February 9, 2026. This critical security measure aims to prevent unauthorized access to administrative accounts that manage tenant configurations, user provisioning, and compliance settings. Source

  • Open

    Public Report: AWS EKS Security Claims
    Public Report: AWS EKS Security Claims  ( 6 min )

  • Open

    Exploiting LLM Write Primitives: System Prompt Extraction When Chat Output Is Locked Down
    Prompt injection allows attackers to manipulate LLMs into ignoring their original instructions. As organizations integrate AI assistants into their applications, many are adopting architectural constraints to mitigate this risk. One increasingly common pattern: locking chatbots into templated responses so they can’t return free-form text. This seems secure. If an LLM can’t speak freely, it can’t […] The post Exploiting LLM Write Primitives: System Prompt Extraction When Chat Output Is Locked Down appeared first on Praetorian.  ( 18 min )

  • Open

    The January 2026 Security Update Review
    I may be in Tokyo preparing for Pwn2Own Automotive, but that doesn’t stop patch Tuesday from coming. Put aside you broken New Year’s resolutions for just a moment as we review the latest security patches from Adobe and Microsoft. If you’d rather watch the full video recap covering the entire release, you can check out the Patch Report webcast on our YouTube channel. It should be posted within a couple of hours after the release. Adobe Patches for January 2026 For January, Adobe released 11 bulletins addressing 25 unique CVEs in Adobe Dreamweaver, InDesign, Illustrator, InCopy, Bridge, Substance 3D Modeler, Substance 3D Stager, Substance 3D Painter, Substance 3D Sampler, Substance 3D Designer, and ColdFusion. The patch for ColdFusion fixes a single code execution bug, but the update is list…

  • Open

    Introducing ConfigManBearPig, a BloodHound OpenGraph Collector for SCCM
    TL;DR: ConfigManBearPig is a standalone PowerShell collector that adds new SCCM attack path nodes and edges to BloodHound using OpenGraph. This post details how ConfigManBearPig collects information and provides practical examples of how it can be used in operations to discover SCCM attack paths using BloodHound. It’s been a goal of mine for a long […] The post Introducing ConfigManBearPig, a BloodHound OpenGraph Collector for SCCM appeared first on SpecterOps.  ( 38 min )

  • Open

    Block external users in Microsoft Teams from Defender for Office 365
    Microsoft integrates Teams with Defender for Office 365, enabling security admins to block external users directly from the Microsoft Defender portal using the Tenant Allow/Block List. This centralized security management feature rolls out in January 2026, supporting up to 4,000 domains and 200 email addresses with automatic blocking across chats, meetings, channels, and calls. Source

  • Open

    The Total Cost of AI Ownership: The Costs Not on Your Budget Sheet
    AI looks affordable at first, licenses, cloud, headcount. But once it’s in production, costs spread across teams, systems, and decisions in ways most models miss. Here’s what we’ve learned about the hidden costs of owning AI long-term.  ( 10 min )

  • Open

    Inside the LLM | Understanding AI & the Mechanics of Modern Attacks
    Learn how attackers exploit tokenization, embeddings and LLM attention mechanisms to bypass LLM security filters and hijack model behavior.  ( 30 min )

  • Open

    Compromising a multi-cloud environment from a single exposed secret
    TL;DR  Introduction  In practice, it is still hard to keep secrets safe in the cloud. All major cloud service providers have managed secrets solutions, but they only work if secrets are added, stored, and used correctly. In the real world, credentials, API keys, and tokens still tend to leak through everyday operational shortcuts instead of complicated failures.  […] The post Compromising a multi-cloud environment from a single exposed secret  appeared first on Pen Test Partners.  ( 7 min )

  • Open

    Lack of isolation in agentic browsers resurfaces old vulnerabilities
    With browser-embedded AI agents, we’re essentially starting the security journey over again. We exploited a lack of isolation mechanisms in multiple agentic browsers to perform attacks ranging from the dissemination of false information to cross-site data leaks. These attacks, which are functionally similar to cross-site scripting (XSS) and cross-site request forgery (CSRF), resurface decades-old patterns of vulnerabilities that the web security community spent years building effective defenses against. The root cause of these vulnerabilities is inadequate isolation. Many users implicitly trust browsers with their most sensitive data, using them to access bank accounts, healthcare portals, and social media. The rapid, bolt-on integration of AI agents into the browser environment gives them…  ( 14 min )

  • Open

    Public Report: Google Private AI Compute Review
    Public Report: Google Private AI Compute Review  ( 7 min )

  • Open

    The Alpitronic HYC50 Hardware Teardown for Pwn2Own Automotive 2026
    As we ramp up to the premier automotive and charging station hacking competition, Pwn2Own Automotive 2026 in Tokyo, the Trend Micro Zero Day Initiative (ZDI) is providing a preliminary look at one of the main targets: the Alpitronic HYC50 High-Power Charger. The HYC50 series represents the leading edge of fast-charging infrastructure, blending complex high-voltage power electronics with a robust, networked digital control system. For Pwn2Own contestants, the digital attack surface is often the most accessible path to a top-tier bounty. This post serves as a hardware identification primer, guiding researchers through the core components that make up the device's control and low-voltage sections. This is strictly a hardware reconnaissance report. We encourage all participants to begin their …

  • Open

    Uninstall Microsoft Copilot on Windows 11 with RemoveMicrosoftCopilotApp Group Policy
    Microsoft has introduced the new Group Policy RemoveMicrosoftCopilotApp that allows IT administrators to uninstall the Microsoft Copilot app on managed Windows 11 devices. However, the uninstall option has several specific requirements and limitations you need to understand before attempting to remove Copilot from your Windows. Source
    Windows 11 Insider Preview Build 26220.7535 (KB5072046): Copilot image descriptions in Narrator, Spotlight refresh, and developer improvements
    Windows 11 Insider Preview Build 26220.7535 (KB5072046) is now available for both Dev and Beta Channels. This release extends AI-powered accessibility features to supported devices running this Insider build, expanding availability beyond just Copilot+ PCs, and provides developers with expanded integration options for cross-device application continuity. Source

  • Open

    State of the Art of Private Key Security in Blockchain Ops - 2. Common Custody Solutions Architectures
    State of the Art of Private Key Security in Blockchain Ops - 2. Common Custody Solutions Architectures  ( 12 min )
    Legacy Technology in Transport: More Than “Old Tech”
    Legacy Technology in Transport: More Than “Old Tech”  ( 7 min )

  • Open

    What is Microsoft Copilot Studio? Automate with natural language in Microsoft 365 and Microsoft Teams
    Microsoft Copilot Studio is a low-code platform that lets you build, customize, and manage AI agents without extensive programming knowledge. The platform provides a graphical interface for creating intelligent agents in natural language that handle conversations and automate tasks across Microsoft Teams, Microsoft 365 Copilot, websites, mobile apps, and third-party platforms such as Facebook or Slack. To ground agents, you can integrate your organization's data sources. Recent updates have introduced enhanced AI models, improved authoring experiences, and new governance capabilities, making the platform more accessible and secure. Source

  • Open

    Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part Two
    In our previous Kenwood DNR1007XR blog, we detailed the internals of the Kenwood in-vehicle infotainment (IVI) head unit and provided annotated pictures of the main PCB. In this post, we aim to outline the attack surface of the DNR1007XR in the hopes of providing inspiration for vulnerability research. We will cover the main supported technologies that present potential attack surfaces, such as USB, Bluetooth, Android Auto, Apple CarPlay, Kenwood apps, and more. All information has been obtained through reverse engineering, experimenting, and combing through the following resources: ·      DNR1007XR product page ·      DNR1007XR instruction manual ·      DNR1007XR quick start guide ·      Kenwood Portal app ·      Kenwood Remote S app USB The DNR1007XR is equipped with a single USB-A port …

  • Open

    AI noise and the effect it’s having on vulnerability disclosure programs
    Managing vulnerability reports is difficult for an organisation.  In an ideal world, something like this happens:  Everyone is happy.  In practice, things are rarely this smooth.  From the organisation’s perspective: From the perspective of the researcher:  In these situations, no-one wins  AI output vs signal  Perhaps the biggest challenge is resourcing the vulnerability disclosure program team to deal […] The post AI noise and the effect it’s having on vulnerability disclosure programs  appeared first on Pen Test Partners.  ( 6 min )

  • Open

    OWASP Top 10 2025 – A Pentester’s Perspective
    Every three to four years, OWASP releases a new version of arguably its most famous project, the “OWASP Top Ten”. Originally started in 2003, this list serves as an awareness document to highlight the 10 most prevalent issues for web applications. The newest release marks the eighth iteration and has once again undergone a few … Continue reading OWASP Top 10 2025 – A Pentester’s Perspective →  ( 16 min )

  • Open

    Do Smart People Ever Say They’re Smart? (SmarterTools SmarterMail Pre-Auth RCE CVE-2025-52691)
    Welcome to 2026! While we are all waiting for the scheduled SSLVPN ITW exploitation programming that occurs every January, we’re back from Christmas and idle hands, idle minds, yada yada. In December, we were alerted to a vulnerability in SmarterTools’ SmarterMail solution, accompanied by an advisory from  ( 8 min )

  • Open

    Windows 11 26H1: release date, no new features, Bromine platform changes, only for Snapdragon X2 and NVIDIA N1X
    The final version of Windows 11 26H1 will be a platform release tailored for next-generation ARM silicon, including Qualcomm Snapdragon X2 and, probably, NVIDIA N1X processors. Windows 11 26H1 is expected to launch around April 2026 with new ARM64 devices. Windows 11 26H1 is expected to launch around April 2026 with new ARM64 devices. This is not a feature update but rather a silicon support release focused on under-the-hood platform improvements while maintaining complete feature parity with version 25H2. Source
    No bulk email sending limit for Exchange Online
    Microsoft has indefinitely canceled the planned limit on bulk email sending in Exchange Online following significant customer feedback about operational challenges. However, Microsoft advises using Azure Communication Services for Email for organizations that require sending large volumes of email to external recipients.  Source
    Outlook cannot open encrypted emails
    Microsoft 365 users face a critical bug in Classic Outlook that prevents recipients from opening encrypted emails. In Classic Outlook, trying to open an encrypted email shows a specific error message in the Reading Pane: "This message with restricted permission cannot be viewed in the reading pane until you verify your credentials. Open the item to read its contents and verify your credentials." This issue stems from a client-side regression in how Classic Outlook handles encryption settings, and Microsoft is currently investigating the problem. Source

  • Open

    What to Look for in a Red Team Vendor
    Red team proposals often look the same. The outcomes rarely are. If you’re trying to avoid surprises, defend security decisions, and gain real confidence, choosing the right red team partner matters more than ever. Here’s what separates signal from noise.  ( 7 min )

  • Open

    Rapid Breach: Social Engineering to Remote Access in 300 Seconds
    No content preview  ( 14 min )
    Goal-Based Regulation
    Goal-Based Regulation  ( 7 min )
    Unmasking Techno Sophists
    Unmasking Techno Sophists  ( 6 min )
    State of the Art of Private Key Security in Blockchain Ops - 1. Concepts, Types of Wallets and Signing Strategies
    Concepts, Types of Wallets and Signing Strategies  ( 12 min )
    Bridging the Valley of Death
    Bridging the Valley of Death: How Assurance Takes Us from Proof of Concept to Minimum Viable Product  ( 7 min )
    Public Report: VetKeys Cryptography Review
    Public Report: VetKeys Cryptography Review  ( 6 min )
    Your point of departure for forensic readiness
    Your point of departure for forensic readiness - Digital Forensics Incident Response  ( 9 min )

  • Open

    Where AI Systems Leak Data: A Lifecycle Review of Real Exposure Paths
    AI data exposure rarely looks like a breach. No alerts are triggered, no obvious failure occurs, and most of the time nothing appears to be wrong at all. Instead, sensitive information moves through retrieval, reasoning, and storage layers that were never designed to enforce trust boundaries. Most organizations evaluate AI systems by reviewing individual components […] The post Where AI Systems Leak Data: A Lifecycle Review of Real Exposure Paths appeared first on Praetorian.  ( 20 min )

  • Open

    Breaking Down the Attack Surface of the Kenwood DNR1007XR – Part One
    For the upcoming Pwn2Own Automotive contest, a total of 3 head units have been selected. One of these is the double DIN Kenwood DNR1007XR that offers a variety of functionality such as Android Auto, Apple CarPlay, USB media playback, wireless mirroring and more. This blog post presents photos of the DNR1007XR including highlighting interesting internal components. A hidden debugging interface is also detailed which can be leveraged to obtain a shell. Figure 1: Kenwood DNR1007XR External Tucked away behind the screen is a full-sized SD card slot that can be accessed by tilting the screen downwards. The SD card is used to play audio/video files as well as updating map data. This seems like an attack surface worth researching. Figure 2: SD card slot There's also a single USB port routed from…

  • Open

    PatchGuard Peekaboo: Hiding Processes on Systems with PatchGuard in 2026
    Introduction I spent a few weeks (and could have spent even more) trying to find a reliable trick to intercept kernel activity while HVCI was breathing down my neck. Almost every approach I tried ended the same way: either a blunt “access denied” or an instant black screen that replaced everyone’s favorite blue one. Windows is not playing games anymore; the era of clever inline hooks and creative PatchGuard dodges is largely over. Microsoft pushed the enforcement layer up into places a normal kernel driver simply can’t touch. We’re talking hardware-enforced, hypervisor-backed protections: “you don’t even have permission to ask for permission.” This research centers on a specific objective: hiding processes from user-mode enumeration by manipulating kernel structures – specifically, the process linked lists that Windows uses to track active processes. Tags: HVCI, OST, Windows Kernel Read full post The post PatchGuard Peekaboo: Hiding Processes on Systems with PatchGuard in 2026 appeared first on Outflank.  ( 23 min )

  • Open

    What is the Microsoft Defender Experts Suite
    Microsoft introduced the Microsoft Defender Experts Suite as an integrated security offering that combines managed extended detection and response (MXDR), incident response services, and direct access to Microsoft security advisors. Unlike purchasing these services separately, the suite provides a single unified SKU with per-user-per-month licensing and a designated security advisor who coordinates all three service components. The suite became generally available on January 1, 2026, with a promotional offer available through December 31, 2026. Source

  • Open

    Top 10 web hacking techniques of 2025: call for nominations
    Over the last year, security researchers have shared a huge amount of work with the community through blog posts, presentations, and whitepapers. This is great, but it also means genuinely reusable te  ( 5 min )

  • Open

    AI hits the Human Wall
    In an interview, Anthropic's Daniela Amodei suggested that AI deployments "might hit a wall because of human reasons." This post summarizes my views on the new Human Wall, based on my more detailed discussion of the interview in which Anthropic's president also touches on the outdated AGI concept, the discontinuation of exponentials, and the AI bubble. Source

  • Open

    2025, the year of the Infostealer
    TL;DR  Introduction Infostealers are not new malware. They have been around for decades. What has changed is how effective they have become, and how easily they blend into normal user behaviour.  In 2025, infostealers became the fastest growing malware category, overtaking ransomware in terms of deployment and spread. The H1 2025 reports highlighted a sharp rise in simple […] The post 2025, the year of the Infostealer  appeared first on Pen Test Partners.  ( 10 min )

  • Open

    Microsoft end-of-support products in 2026: Windows, Office, Exchange, SharePoint, PowerShell, .NET, Azure services
    Microsoft will discontinue support for numerous products throughout 2026, spanning operating systems, productivity software, database platforms, and server technologies. Organizations must plan migrations and upgrades to maintain security compliance and access to critical updates. Source

  • Open

    Beyond good ol’ Run key, Part 156
    This post is about GUI-based attacks that are kind uncharted territory, but I did explore it in the past a bit, and since it is a curiosity – is worth exploring a bit more for its potential. It does relate … Continue reading →  ( 3 min )
    Beyond good ol’ Run key, Part 155
    Leveraging popular software for persistence is a clever way to survive in heavily monitored environments of today. The last post discussed GhostScript, and today I will cover a popular gaming platform called GOG. Games using GOG use HKLM Registry configuration … Continue reading →  ( 2 min )

  • Open

    Overview of Content Published in 2025
    Here is an overview of content I published in 2025: Blog posts: Update: strings.py Version 0.0.11 Quickpost: Electrical Power & Mining Update: Python Templates Version 0.0.12 Update: cs-decrypt-metadata.py Version?0.0.5 Update: zoneidentifier.exe Version 0.0.2 Update: oledump.py Version 0.0.79 Update: 1768.py Version 0.0.23 Update: pdfid.py Version 0.2.10 Update: pdf-parser.py Version 0.7.11 Update: xmldump.py Version 0.0.10 Update: zipdump.py […]  ( 12 min )

  • Open

    The illusion of AI progress
    This is a reality check regarding Geoffrey Hinton's recent alarming warnings about AI advancing faster than expected. Having used all frontier models extensively in my daily work, I believe his worries are misplaced, mainly because he overvalues LLMs' abilities. The supposed exponential AI advancement we were promised simply hasn't materialized. Below, I summarize the key points of a longer article. You can read the entire article here: Hinton’s AI Progress Illusion: An IT Reality Check. Source

  • Open

    Beyond good ol’ Run key, Part 154
    In this series I describe a lot of Windows persistence mechanisms. Most of them are ‘native’ to the OS, but I sometimes cover opportunities offered by popular software too. Today’s case is one of these. Ghostscript is a superpopular: suite … Continue reading →  ( 2 min )

  • Open

    Overview of Content Published in December
    Here is an overview of content I published in December: Blog posts: Quickpost: USB Electric Razor Quickpost: USB-C Rechargeable Batteries USB Trigger Boards Update: pecheck.py Version 0.7.19 Using a USB-C Trigger Cable To Power An FM Radio SANS ISC Diary entries: Wireshark 4.6.2 Released DLLs & TLS Callbacks  ( 11 min )

  • Open

    Jailbreak, updated and open-sourced
    No content preview
    Demystifying Cobalt Strike’s “make_token” Command
    No content preview
    ASP.NET Security and the Importance of KB2698981 in Cloud Environments
    No content preview
    Attacking the Windows Kernel (Black Hat Las Vegas 2007)
    No content preview
    Estimating the Bit Security of Pairing-Friendly Curves
    No content preview
    Exploring Verifiable Random Functions in Code
    No content preview
    Best Practices for the use of Static Code Analysis within a Real-World Secure Development Lifecycle
    No content preview
    EDIDFuzzer
    No content preview
    Drupal Vulnerability
    No content preview
    Building Intuition for Lattice-Based Signatures – Part 2: Fiat-Shamir with Aborts
    No content preview
    Blackbox iOS App Assessments Using idb
    No content preview
    Game Security
    No content preview
    Absolute Security
    No content preview
    Creating Arbitrary Shellcode In Unicode Expanded Strings
    No content preview
    Cisco ASA series part one: Intro to the Cisco ASA
    No content preview
    Cisco ASA series part six: Cisco ASA mempools
    No content preview
    An Adaptive-Ciphertext Attack Against “I ⊕ C” Block Cipher Modes With an Oracle
    No content preview
    iOS User Enrollment and Trusted Certificates
    No content preview
    Detecting anomalous Vectored Exception Handlers on Windows
    No content preview
    Bypassing Android’s Network Security Configuration
    No content preview
    A Guide to Improving Security Through Infrastructure-as-Code
    No content preview
    Threat Actors: exploiting the pandemic
    No content preview
    iSEC audit of MediaWiki
    No content preview
    Impress Pages CMS Remote Code Execution
    No content preview
    Cranim: A Toolkit for Cryptographic Visualization
    No content preview
    A Simple and Practical Approach to Input Validation
    No content preview
    Hacking the Extensible Firmware Interface
    No content preview
    DataArmor Full Disk Encryption 3.0.12c – Restricted Environment breakout, Privilege Escalation and Full Disk Decryption
    No content preview
    Cisco VPN Client Privilege Escalation
    No content preview
    Building Intuition for Lattice-Based Signatures – Part 1: Trapdoor Signatures
    No content preview
    Extracting the Payload from a CVE-2014-1761 RTF Document
    No content preview
    EasyDA – Easy Windows Domain Access Script
    No content preview
    Cyber red-teaming business-critical systems while managing operational risk
    No content preview
    Back Office Web Administration Authentication Bypass
    No content preview
    Inter-Protocol Exploitation
    No content preview
    End-of-life pragmatism
    No content preview
    Decrypting OpenSSH sessions for fun and profit
    No content preview
    Apache Struts Vulnerability
    No content preview
    Helping Engineering Teams Tackle Security Debt in Embedded Systems: U-Boot Configuration Auditing Introduced in Depthcharge v0.2.0
    No content preview
    Public Report – Zendoo Proof Verifier Cryptography Review
    No content preview
    Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review
    No content preview
    In-Depth Technical Analysis of the Bybit Hack
    No content preview
    NCC Group Connected Health Whitepaper July 2019
    No content preview
    Machine Learning 102: Attacking Facial Authentication with Poisoned Data
    No content preview
    Public Report – Zcash NU5 Cryptography Review
    No content preview
    Work daily with enforced MFA-protected API access
    No content preview
    Technical Advisory: Multiple Vulnerabilities in SmarterMail
    No content preview
    Technical Advisory: Code Execution by Unsafe Resource Handling in Multiple Microsoft Products
    No content preview
    Tool Release: Magisk Module – Conscrypt Trust User Certs
    No content preview
    Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL (authenticated)
    No content preview
    Understanding the Impact of Ransomware on Patient Outcomes – Do We Know Enough?
    No content preview
    Adobe Flash Player Cross Domain Policy Bypass
    No content preview
    Freddy: An extension for automatically identifying deserialisation issues in Java and .NET applications
    No content preview
    Windows remote desktop memory corruptoin leading to RCE on XPSP3
    No content preview
    Xen HYPERVISOR_xen_version stack memory revelation
    No content preview
    Advanced SQL Injection in SQL Server Applications
    No content preview
    ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again
    No content preview
    SnapMC skips ransomware, steals data
    No content preview
    Technical Advisory: SMB Hash Hijacking and User Tracking in MS Outlook
    No content preview
    Going “AUTH the Rails” on a Crazy Train
    No content preview
    Breaking into Security Research at NCC Group
    No content preview
    Android Cloud Backup/Restore
    No content preview
    A WarCon 2017 Presentation: Cisco ASA – Exploiting the IKEv1 Heap Overflow – CVE-2016-1287
    No content preview
    iOS certificate pinning code updated for iOS 7
    No content preview
    Introducing Azucar
    No content preview
    HITB Phuket 2023 – Exploiting the Lexmark PostScript Stack
    No content preview
    Erlang Security 101
    No content preview
    Fuzzing USB devices using Frisbee Lite
    No content preview
    Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE-2015-0057) bug on both 32-bit and 64-bit
    No content preview
    Cross Site Request Forgery: An Introduction to a Common Web Application Weakness
    No content preview
    Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
    No content preview
    An Illustrated Guide to Elliptic Curve Cryptography Validation
    No content preview
    DECTbeacon
    No content preview
    CECSTeR
    No content preview
    Attacks on SSL
    No content preview
    CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation
    No content preview
    Combating Java Deserialisation Vulnerabilities with Look-Ahead Object Input Streams (LAOIS)
    No content preview
    AWS environment security assessment with Scout2
    No content preview
    Android SSL Bypass
    No content preview
    A Survey of Istio’s Network Security Features
    No content preview
    Car Parking Apps Vulnerable To Hacks
    No content preview
    Testing Two-Factor Authentication
    No content preview
    Chafer backdoor analysis
    No content preview
    AtHoc Toolbar
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284)
    No content preview
    Treat your points as cash
    No content preview
    G-Scout
    No content preview
    External Enumeration and Exploitation of Email and Web Security Solutions
    No content preview
    HITBAMS – Your Not so “Home” Office – Soho Hacking at Pwn2Own
    No content preview
    A Look At Some Real-World Obfuscation Techniques
    No content preview
    FrisbeeLite
    No content preview
    Endpoint connectivity
    No content preview
    How to Spot and Prevent an Eclipse Attack
    No content preview
    Exploiting CVE-2014-0282 (1)
    No content preview
    EternalGlue part one: Rebuilding NotPetya to assess real-world resilience
    No content preview
    Detecting Karakurt – an extortion focused threat actor
    No content preview
    Improving Your Embedded Linux Security Posture With Yocto
    No content preview
    Gizmo
    No content preview
    Exploit mitigations: keeping up with evolving and complex software/hardware
    No content preview
    Emissary Panda – A potential new malicious tool
    No content preview
    Extractor
    No content preview
    Deep Dive into Real-World Kubernetes Threats
    No content preview
    Database Security Brief: The Oracle Critical Patch Update for April 2007
    No content preview
    A few notes on usefully exploiting libstagefright on Android 5.x
    No content preview
    Abusing Privileged and Unprivileged Linux Containers
    No content preview
    Abusing Blu-ray Players Part 1 – Sandbox Escapes
    No content preview
    A Peek Behind the Great Firewall of Russia
    No content preview
    A New Flying Kitten?
    No content preview
    A jq255 Elliptic Curve Specification, and a Retrospective
    No content preview
    Adventures in Xen Exploitation
    No content preview
    Advanced Exploitation of Oracle PL/SQL Flaws
    No content preview
    Adobe Acrobat Reader XML Forms Data Format Buffer Overflow
    No content preview
    Accessing Private Fields Outside of Classes in Java
    No content preview
    Alternative Approaches for Fault Injection Countermeasures (Part 3/3)
    No content preview
    Advisory-CraigSBlackie-CVE-2016-9795
    No content preview
    Advice for security decision makers contemplating the value of Antivirus
    No content preview
    Adversarial Machine Learning: Approaches & defences
    No content preview
    An Introduction to Fault Injection (Part 1/3)
    No content preview
    An Analysis of Mobile Geofencing App Security
    No content preview
    An adventure in PoEKmon NeutriGo land
    No content preview
    An Adventure in Contingency Debugging: Ruby IO#read/IO#write Considered Harmful
    No content preview
    Analysis of Boomerang Differential Trials via a SAT-Based Constraint Solver URSA
    No content preview
    An Introduction to Ultrasound Security Research
    No content preview
    An Introduction to Quantum Computing for Security Professionals
    No content preview
    An Introduction to Heap overflows on AIX 5.3L
    No content preview
    Android-OpenDebug
    No content preview
    Android-KillPermAndSigChecks
    No content preview
    Analysis of the Linux backdoor used in freenode IRC network compromise
    No content preview
    Analysing a recent Poison Ivy sample
    No content preview
    Announcing the AWS blog post series
    No content preview
    Announcing NCC Group’s Cryptopals Guided Tour!
    No content preview
    Announcing NCC Group’s Cryptopals Guided Tour: Set 2
    No content preview
    Android-SSL-TrustKiller
    No content preview
    Apple Mac OS X ImageIO TIFF Integer Overflow
    No content preview
    Apple CoreAnimation Heap Overflow
    No content preview
    Anti Brute Force Resource Metering
    No content preview
    APT15 is Alive and Strong: An Analysis of RoyalCli and RoyalDNS
    No content preview
    Application Layer Attacks – The New DDoS Battleground
    No content preview
    Apple QuickTime Player m4a Processing Buffer Overflow
    No content preview
    Apple OSX/iPhone iOS ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow
    No content preview
    Assessing the security and privacy of Vaccine Passports
    No content preview
    ASP.NET Security and the Importance of KB2698981 in Cloud Environments Threat Brief
    No content preview
    ASE 12.5.1 datatype overflow
    No content preview
    Are you oversharing (in Salesforce)? Our new tool could sniff it out!
    No content preview
    Archived Technical Advisories
    No content preview
    Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity
    No content preview
    Assuring Your DDoS Defences
    No content preview
    AssetHook
    No content preview
    Assessing Unikernel Security
    No content preview
    Automating extraction from malware and recent campaign analysis
    No content preview
    Automated Reverse Engineering of Relationships Between Data Structures in C++ Binaries
    No content preview
    Automated enumeration of email filtering solutions
    No content preview
    Authorisation
    No content preview
    Berserko: Kerberos Authentication for Burp Suite
    No content preview
    Batten down the hatches: Cyber threats facing DP operations
    No content preview
    BAT: a Fast and Small Key Encapsulation Mechanism
    No content preview
    Azucar
    No content preview
    AutoRepeater: Automated HTTP Request Repeating With Burp Suite
    No content preview
    Black Hat 2013 – Cryptopocalypse Presentation Available
    No content preview
    Black Hat 2013 – Bluetooth Smart Presentation Available
    No content preview
    Beyond data loss prevention
    No content preview
    Best practices with BYOD
    No content preview
    BlackHat Asia USB Physical Access
    No content preview
    BlackBerry PlayBook Security – Part One
    No content preview
    BlackBerry Link WebDav Server Bound to the BlackBerry VPN Adapter
    No content preview
    Black Hat USA 2015 presentation: Broadcasting your attack-DAB security
    No content preview
    Black Hat Europe 2013 Andy Davis: To dock or not to dock…
    No content preview
    Breaking Pedersen Hashes in Practice
    No content preview
    Blind Security Testing – An Evolutionary Approach
    No content preview
    Blind Return Oriented Programming
    No content preview
    BlackBerry PlayBook Security – Part Two – BlackBerry Bridge
    No content preview
    Building an RDP Credential Catcher for Threat Intelligence
    No content preview
    Build Your Own Wi-Fi Mapping Drone Capability
    No content preview
    Buffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform
    No content preview
    Browser Extension Password Managers
    No content preview
    Broadcasting your attack – DAB security
    No content preview
    C Language Standards Update – Zero-size Reallocations are Undefined Behavior
    No content preview
    Bypassing Oracle DBMS_ASSERT (in certain situations)
    No content preview
    Business Insights: Cyber Security in the Financial Sector
    No content preview
    Building WiMap the Wi-Fi Mapping Drone
    No content preview
    Check out our new Microcorruption challenges!
    No content preview
    CertPortal: Building Self-Service Secure S/MIME Provisioning Portal
    No content preview
    Celebrating NCC Con Europe 2018
    No content preview
    Call Map: A Tool for Navigating Call Graphs in Python
    No content preview
    Cisco IPSec VPN Implementation Group Name Enumeration
    No content preview
    Cisco ASA series part two: Static analysis & datamining of Cisco ASA firmware
    No content preview
    Cisco ASA series part seven: Checkheaps
    No content preview
    Cisco ASA series part five: libptmalloc gdb plugin
    No content preview
    CloudWatch: Amazon Web Services & Shellshock
    No content preview
    Cloud Security Presentation
    No content preview
    Climbing Mount Everest: Black-Byte Bytes Back?
    No content preview
    Cleaning Up After Cookies
    No content preview
    cisco-SNMP-enumeration
    No content preview
    Common Flaws of Distributed Identity and Authentication Systems
    No content preview
    Command Injection in XML Signatures and Encryption
    No content preview
    Code Patterns for API Authorization: Designing for Security
    No content preview
    CMakerer: A small tool to aid CLion’s indexing
    No content preview
    Conference Talks – June 2022
    No content preview
    Compromising Apache Tomcat via JMX access
    No content preview
    Common Security Issues in Financially-Oriented Web Applications
    No content preview
    Common Insecure Practices with Configuring and Extending Salesforce
    No content preview
    Conference Talks – September 2020
    No content preview
    Conference Talks – October 2020
    No content preview
    Conference Talks – November 2020
    No content preview
    Conference Talks – May 2021
    No content preview
    Conference Talks – October 2021
    No content preview
    Conference Talks – November 2021
    No content preview
    Conference Talks – June 2021
    No content preview
    Conference Talks – September/October 2022
    No content preview
    Conference Talks – September 2021
    No content preview
    CowCloud
    No content preview
    Conti-nuation: methods and techniques observed in operations post the leaks
    No content preview
    Content Security Policies Best Practices
    No content preview
    Content Security Policies and Popular CMS Systems
    No content preview
    Creating a Safer OAuth User Experience
    No content preview
    Cracking RDP NLA Supplied Credentials for Threat Intelligence
    No content preview
    Cracking Random Number Generators using Machine Learning – Part 2: Mersenne Twister
    No content preview
    Cracking Random Number Generators using Machine Learning – Part 1: xorshift128
    No content preview
    Critical Risk Vulnerability in SAP Message Server (Heap Overflow)
    No content preview
    Critical Risk Vulnerability in SAP DB Web Server (Stack Overflow)
    No content preview
    Critical Risk Vulnerability in Ingres (Pointer Overwrite 2)
    No content preview
    Critical Risk Vulnerability in Ingres (Pointer Overwrite 1)
    No content preview
    creep-web-app-scanner
    No content preview
    CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service
    No content preview
    CVE-2017-8570 RTF and the Sisfader RAT
    No content preview
    Curve9767 and Fast Signature Verification
    No content preview
    Cups-filters remote code execution
    No content preview
    CyberVillainsCA
    No content preview
    Cyber Security of New Space Paper
    No content preview
    Cyber Security in UK Agriculture
    No content preview
    Cyber Essentials Scheme
    No content preview
    DARPA OnStar Vulnerability Analysis
    No content preview
    Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha-Based PRNG
    No content preview
    D0nut encrypt me, I have a wife and no backups
    No content preview
    D-Link routers vulnerable to Remote Code Execution (RCE)
    No content preview
    D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Brother Printers
    No content preview
    Popping Blisters for research: An overview of past payloads and exploring recent developments
    No content preview
    CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 2
    No content preview
    Immortalising 20 Years of Epic Research
    No content preview
    Hardware Security By Design: ESP32 Guidance
    No content preview
    Decoder Improved Burp Suite plugin release part two
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 3/5 – Triggering the race condition and debugging tricks
    No content preview
    Public Report – Caliptra Security Assessment
    No content preview
    Public Report: WhatsApp Contacts Security Assessment
    No content preview
    Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit
    No content preview
    Public Report – Penumbra Labs Decaf377 Implementation and Poseidon Parameter Selection Review
    No content preview
    Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review
    No content preview
    Jackson Deserialization Vulnerabilities
    No content preview
    Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs
    No content preview
    Forensic Readiness in Container Environments
    No content preview
    Database Servers on Windows XP and the unintended consequences of simple file sharing
    No content preview
    Database Security: A Christmas Carol
    No content preview
    Decoder Improved Burp Suite plugin release part one
    No content preview
    Decoder Improved Burp Suite Plugin
    No content preview
    Deception Engineering: exploring the use of Windows Installer Packages against first stage payloads
    No content preview
    DDoS Common Approaches and Failings
    No content preview
    Derusbi: A Case Study in Rapid Capability Development
    No content preview
    Demystifying AWS’ AssumeRole and sts:ExternalId
    No content preview
    DeLux Edition: Getting root privileges on the eLux Thin Client OS
    No content preview
    Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server
    No content preview
    Decoding network data from a Gh0st RAT variant
    No content preview
    Disclosure Policy
    No content preview
    DIBF – Updated
    No content preview
    Detection Engineering for Kubernetes clusters
    No content preview
    Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study
    No content preview
    Do not use your AWS root account
    No content preview
    DNS Pinning and Web Proxies
    No content preview
    Distributed Ledger (Blockchain) Security and Quantum Computing Implications
    No content preview
    Dissecting social engineering attacks
    No content preview
    dotnetpefuzzing
    No content preview
    dotnetpaddingoracle
    No content preview
    Don’t throw a hissy fit; defend against Medusa
    No content preview
    Domestic IoT Nightmares: Smart Doorbells
    No content preview
    easyda
    No content preview
    Early CCS Attack Analysis
    No content preview
    Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)
    No content preview
    Double-odd Elliptic Curves
    No content preview
    Elephant in the Boardroom Survey 2016
    No content preview
    eBook: Breach notification under GDPR – How to communicate a personal data breach
    No content preview
    eBook – Planning a robust incident response process
    No content preview
    eBook – Do you know how your organisation would react in a real-world attack scenario?
    No content preview
    Ethics in Security Testing
    No content preview
    Enumerating System Management Interrupts
    No content preview
    Enterprise-scale seamless onboarding and deployment of Azure Sentinel using Lighthouse for multi-tenant environments
    No content preview
    Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm
    No content preview
    Encryption at rest: Not the panacea to data protection
    No content preview
    Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
    No content preview
    Experiments in Extending Thinkst Canary – Part 1
    No content preview
    Exception Handling and Data Integrity in Salesforce
    No content preview
    Eurocrypt 2023: Death of a KEM
    No content preview
    Exploiting Rich Content
    No content preview
    Exploiting PL/SQL Injection Flaws with only CREATE SESSION Privileges
    No content preview
    Exploiting Noisy Oracles with Bayesian Inference
    No content preview
    Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit
    No content preview
    Exploiting CVE-2014-0282
    No content preview
    Exploring macOS Calendar Alerts: Part 2 – Exfiltrating data (CVE-2020-3882)
    No content preview
    Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code
    No content preview
    Exploiting Security Gateways Via Web Interfaces
    No content preview
    Exploiting Samba CVE-2015-0240 on Ubuntu 12.04 and Debian 7 32-bit
    No content preview
    Extending a Thinkst Canary to become an interactive honeypot
    No content preview
    Exporting non-exportable RSA keys
    No content preview
    Exploring Prompt Injection Attacks
    No content preview
    Exploring Overfitting Risks in Large Language Models
    No content preview
    File Fuzzers
    No content preview
    Faux Disk Encryption: Realities of Secure Storage On Mobile Devices
    No content preview
    Fat-Finger
    No content preview
    Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record
    No content preview
    Flash security restrictions bypass: File upload by URLRequest
    No content preview
    Five Essential Machine Learning Security Papers
    No content preview
    firstexecution
    No content preview
    Firmware Rootkits: The Threat to the Enterprise
    No content preview
    Finding the weak link in binaries
    No content preview
    From ERMAC to Hook: Investigating the technical differences between two Android malware variants
    No content preview
    From CSV to CMD to qwerty
    No content preview
    Forensic Fuzzing Tools
    No content preview
    Flubot: the evolution of a notorious Android Banking Malware
    No content preview
    General Data Protection Regulation: Knowing your data
    No content preview
    General Data Protection Regulation – are you ready?
    No content preview
    Fuzzing the Easy Way Using Zulu (1)
    No content preview
    Fuzzing the Easy Way Using Zulu
    No content preview
    Fuzzbox
    No content preview
    grepify
    No content preview
    Ghost Vulnerability (CVE-2015-0235)
    No content preview
    Ghidra nanoMIPS ISA module
    No content preview
    Getting per-user Conditional Access MFA status in Azure
    No content preview
    Hackproofing MySQL
    No content preview
    Hacking Displays Made Interesting
    No content preview
    Hacking Appliances: Ironic exploits in security products
    No content preview
    Hacking a web application
    No content preview
    Grepify – a Small Tool for Code Reviewers
    No content preview
    Heartbleed (CVE-2014-0160) Advisory
    No content preview
    HDMI Ethernet Channel
    No content preview
    Harnessing GPUs Building Better Browser Based Botnets
    No content preview
    Hackproofing Oracle Application Server
    No content preview
    House
    No content preview
    hostresolver
    No content preview
    HIDDEN COBRA Volgmer: A Technical Analysis
    No content preview
    Hiccupy
    No content preview
    How to Backdoor Diffie-Hellman
    No content preview
    How much training should staff have on cyber security?
    No content preview
    How cryptography is used to monitor the spread of COVID-19
    No content preview
    How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension
    No content preview
    How will GDPR impact your communications?
    No content preview
    How we breach network infrastructures and protect them
    No content preview
    How to protect yourself & your organisation from phishing attacks
    No content preview
    IAM user management strategy
    No content preview
    Hunting SQL Injection Bugs
    No content preview
    HTTP Profiler
    No content preview
    ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks
    No content preview
    IAX Voice Over-IP Security
    No content preview
    IAM user management strategy (part 2)
    No content preview
    Implementing and Detecting a PCI Rootkit
    No content preview
    Impersonating Gamers With GPT-2
    No content preview
    Immunity Debugger Buffer Overflow
    No content preview
    Image IO Memory Corruption
    No content preview
    IETF Draft: Indicators of Compromise and Their Role in Attack and Defen[c|s]e
    No content preview
    Integrity destroying malicious code for financial or geopolitical gain: A vision of the future?
    No content preview
    Integrating DigitalOcean into ScoutSuite
    No content preview
    In-depth analysis of the new Team9 malware family
    No content preview
    Improving your Network and Application Assurance Strategy in an environment of increasing 0day vulnerabilities
    No content preview
    Interfaces.d to RCE
    No content preview
    Intent Sniffer
    No content preview
    Intent Fuzzer
    No content preview
    Intel® Software Guard Extensions (SGX): A Researcher’s Primer
    No content preview
    Intel BIOS Advisory – Memory Corruption in HID Drivers
    No content preview
    Introducing idb-Simplified Blackbox iOS App Pentesting
    No content preview
    Introducing Chuckle and the Importance of SMB Signing
    No content preview
    Internet of Things Security
    No content preview
    Inter-Protocol Communication
    No content preview
    IODIDE
    No content preview
    Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)
    No content preview
    Introspy for Android
    No content preview
    Introduction to AWS Attribute-Based Access Control
    No content preview
    iOS SSL Killswitch
    No content preview
    iOS MobileSlideShow USB Image Class arbitrary code execution.txt
    No content preview
    iOS Instrumentation Without Jailbreak
    No content preview
    iOS 7 arbitrary code execution in kernel mode
    No content preview
    ISM RAT
    No content preview
    iSEC Partners Releases SSLyze
    No content preview
    iSEC Engages in TrueCrypt Audit
    No content preview
    Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group
    No content preview
    IP-reputation-snort-rule-generator
    No content preview
    Xen SMEP (and SMAP) Bypass
    No content preview
    Dangling Cursor Snarfing: A New Class of Attack in Oracle
    No content preview
    Pentesting V. Red Teaming V. Bug Bounty
    No content preview
    Rustproofing Linux (Part 4/4 Shared Memory)
    No content preview
    iSEC’s Analysis of Microsoft’s SDL and its ROI
    No content preview
    BLEBoy
    No content preview
    Technical Advisory: Unauthenticated Remote Command Execution through Multiple Vulnerabilities in Virgin Media Hub 3.0
    No content preview
    Jenkins Plugins and Core Technical Summary Advisory
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Xerox Printers
    No content preview
    Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
    No content preview
    Real World Cryptography Conference 2023 – Part II
    No content preview
    Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise
    No content preview
    Kivlad
    No content preview
    Java RMI Registry.bind() Unvalidated Deserialization
    No content preview
    Jailbreak
    No content preview
    Ivanti Zero Day – Threat Actors observed leveraging CVE-2021-42278 and CVE-2021-42287 for quick privilege escalation to Domain Admin
    No content preview
    Premium Practical Law Content Gateway(2)
    No content preview
    Premium Practical Law Content Gateway
    No content preview
    lapith
    No content preview
    Kubernetes Security: Consider Your Threat Model
    No content preview
    Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis
    No content preview
    Public Report – BLST Cryptographic Implementation Review
    No content preview
    Public Report – Android Cloud Backup/Restore
    No content preview
    Public Report – Coda Cryptographic Review
    No content preview
    Premium Security Content Gateway
    No content preview
    Public Report – Google Privacy Sandbox Aggregation Service and Coordinator
    No content preview
    Public Report – Google Enterprise API Security Assessment
    No content preview
    Public Report – go-cose Security Assessment
    No content preview
    Public Report – Dell Secured Component Verification
    No content preview
    Public Report – Confidential Space Security Review
    No content preview
    Public Report – Penumbra Labs R1CS Implementation Review
    No content preview
    Public Report – Matrix Olm Cryptographic Review
    No content preview
    Public Report – Kubernetes 1.24 Security Audit
    No content preview
    Public Report – Keyfork Implementation Review
    No content preview
    Public Report – IOV Labs powHSM Security Assessment
    No content preview
    Public Report – Security Review of RSA Blind Signatures with Public Metadata
    No content preview
    Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review
    No content preview
    Public Report – Qredo Apache Milagro MPC Cryptographic Assessment
    No content preview
    Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review
    No content preview
    Public Report – Entropy/Rust Cryptography Review
    No content preview
    Public Report – Zcash Zebra Security Assessment
    No content preview
    Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment
    No content preview
    Public Report – VPN by Google One: Technical Security & Privacy Assessment
    No content preview
    Public Report – VPN by Google One Security Assessment
    No content preview
    Public Report – Aleo snarkVM Implementation Review
    No content preview
    Public Report – Zcash FROST Security Assessment
    No content preview
    Public Report – Solana Program Library ZK-Token Security Assessment
    No content preview
    Public Report – AWS Nitro System API & Security Claims Italian
    No content preview
    Public Report – AWS Nitro System API & Security Claims German
    No content preview
    Public Report – AWS Nitro System API & Security Claims French
    No content preview
    Public Report – AWS Nitro System API & Security Claims
    No content preview
    Analysis of setting cookies for third party websites in different browsers
    No content preview
    A Census of Deployed Pulse Connect Secure (PCS) Versions
    No content preview
    Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit
    No content preview
    Public Report - Security Risks of AI Hardware for Personal and Edge Computing Devices
    No content preview
    Public Report – AWS Nitro System API & Security Claims Spanish
    No content preview
    Nameless and shameless: Ransomware Encryption via BitLocker
    No content preview
    Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks
    No content preview
    Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)
    No content preview
    Technical Advisory: Xiaomi 13 Pro Code Execution via GetApps DOM Cross-Site Scripting (XSS)
    No content preview
    Matty McMattface: Security implications, mitigations & testing strategies for biometric facial recognition systems
    No content preview
    On Almost Signing Android Builds
    No content preview
    Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory
    No content preview
    Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats
    No content preview
    Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation
    No content preview
    Public Report: eBPF Verifier Code Review
    No content preview
    A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion
    No content preview
    A Brief Review of Bitcoin Locking Scripts and Ordinals
    No content preview
    PMKID Attacks: Debunking the 802.11r Myth
    No content preview
    Public Report: XMTP MLS Implementation Review
    No content preview
    Phish Supper: An Incident Responder’s Bread and Butter
    No content preview
    Android Malware Vultur Expands Its Wingspan
    No content preview
    Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
    No content preview
    Adventures in the land of BumbleBee – a new malicious loader
    No content preview
    A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM
    No content preview
    A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
    No content preview
    Back in Black: Unlocking a LockBit 3.0 Ransomware Attack
    No content preview
    AWS Inventory: A tool for mapping AWS resources
    No content preview
    Avoiding Pitfalls Developing with Electron
    No content preview
    Autochrome
    No content preview
    Announcing the Cryptopals Guided Tour Video 17: Padding Oracles!
    No content preview
    Cryptopals: Exploiting CBC Padding Oracles
    No content preview
    Constant-Time Data Processing At a Secret Offset, Privacy and QUIC
    No content preview
    Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)
    No content preview
    BrokenPrint: A Netgear stack overflow
    No content preview
    Blue Coat BCAAA Remote Code Execution Vulnerability
    No content preview
    Dangers of Kubernetes IAM Integrations
    No content preview
    CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 5/5 – Vulnerability detection and a better read/write primitive
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 2/5 – Patch analysis and basic triggering
    No content preview
    Discovering Smart Contract Vulnerabilities with GOATCasino
    No content preview
    Disabling Office Macros to Reduce Malware Infections
    No content preview
    Detecting Mimikatz with Busylight
    No content preview
    Detecting and Protecting when Remote Desktop Protocol (RDP) is open to the Internet
    No content preview
    Detecting and Hunting for the PetitPotam NTLM Relay Attack
    No content preview
    Metastealer – filling the Racoon void
    No content preview
    Log4Shell: Reconnaissance and post exploitation network detection
    No content preview
    Improving Software Security through C Language Standards
    No content preview
    Exploiting MS15-061 Use-After-Free Windows Kernel Vulnerability
    No content preview
    eBPF Adventures: Fiddling with the Linux Kernel and Unix Domain Sockets
    No content preview
    North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
    No content preview
    NETGEAR Routers: A Playground for Hackers?
    No content preview
    Modelling Threat Actor Phishing Behaviour
    No content preview
    Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark
    No content preview
    A brief look at Windows telemetry: CIT aka Customer Interaction Tracker
    No content preview
    44Con2013Game
    No content preview
    Applying normalised compression distance for architecture classification
    No content preview
    Past, Present and Future of Effective C
    No content preview
    OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel
    No content preview
    Autonomous AI Agents: A hidden Risk in Insecure smolagents “CodeAgent” Usage
    No content preview
    Building Security In: Software Penetration Testing
    No content preview
    Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)
    No content preview
    The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, 2nd Edition
    No content preview
    The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems
    No content preview
    Detecting Rclone – An Effective Tool for Exfiltration
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 5: Development of Prototype #1 – Text Processing and Semantic Relationships
    No content preview
    Rustproofing Linux (Part 1/4 Leaking Addresses)
    No content preview
    Analyzing AI Application Threat Models
    No content preview
    Where You Inject Matters: The Role-Specific Impact of Prompt Injection Attacks on OpenAI models
    No content preview
    An Engineer’s View: Operational Technology
    No content preview
    The Database Hacker’s Handbook
    No content preview
    IG Learner Walkthrough
    No content preview
    Chainspotting 2: The Unofficial Sequel to the 2018 Talk "Chainspotting" - OffensiveCon 2025
    No content preview
    Pumping Iron on the Musl Heap – Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap
    No content preview
    Analyzing Secure AI Architectures
    No content preview
    Handy guide to a new Fivehands ransomware variant
    No content preview
    Real World Cryptography Conference 2024
    No content preview
    Puckungfu 2: Another NETGEAR WAN Command Injection
    No content preview
    Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
    No content preview
    Shining the Light on Black Basta
    No content preview
    SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)
    No content preview
    Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
    No content preview
    Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications
    No content preview
    Stepping Stones – A Red Team Activity Hub
    No content preview
    Sifting through the spines: identifying (potential) Cactus ransomware victims
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353)
    No content preview
    Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes
    No content preview
    Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)
    No content preview
    Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328, CVE-2022-30329)
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Ricoh Printers
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Kyocera Printers
    No content preview
    Technical Advisory: CyberArk EPM Non-paged Pool Buffer Overflow
    No content preview
    Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)
    No content preview
    Tool Release – insject: A Linux Namespace Injector
    No content preview
    Tool Release – Enumerating Docker Registries with go-pillage-registries
    No content preview
    There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities
    No content preview
    The Next C Language Standard (C23)
    No content preview
    BlackHat USA 2024 - Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap
    No content preview
    Vehicle Emissions and Cyber Security
    No content preview
    Tracking a P2P network related to TA505
    No content preview
    Tool Update – ruby-trace: A Low-Level Tracer for Ruby
    No content preview
    Whitepaper – A Tour of Curve 25519 in Erlang
    No content preview
    Research Blog Test Playground
    No content preview
    RomHack – Revving Up: The Journey to Pwn2Own Automotive 2024
    No content preview
    The Dark Side: How Threat Actors Leverage AnyDesk for Malicious Activities
    No content preview
    Social Engineering Penetration Testing
    No content preview
    Technical Advisory: Cross-Site Scripting in Umbraco Rich Text Display
    No content preview
    Machine Learning 101: The Integrity of Image (Mis)Classification?
    No content preview
    Proxying PyRIT for fun and profit
    No content preview
    An Introduction to Authenticated Encryption
    No content preview
    A Primer On Slowable Encoders
    No content preview
    Security Tips For Your AI Cloud Infrastructure
    No content preview
    Technical Advisory – Hash Denial-of-Service Attack in Multiple QUIC Implementations
    No content preview
    Building Systems from Commercial Components
    No content preview
    Blind Exploitation of Stack Overflow Vulnerabilities
    No content preview
    Aurora Response Recommendations
    No content preview
    Auditing Enterprise Class Applications and Secure Containers on Android
    No content preview
    Defeating Windows DEP With A Custom ROP Chain
    No content preview
    Deception Engineering: exploring the use of Windows Service Canaries against ransomware
    No content preview
    CERT Oracle Secure Coding Standard for Java
    No content preview
    CERT C Secure Coding Standard
    No content preview
    iOS Application Security: The Definitive Guide for Hackers and Developers
    No content preview
    HTML5 Security The Modern Web Browser Perspective
    No content preview
    Exposing Vulnerabilities in Media Software
    No content preview
    Developing Secure Mobile Applications for Android
    No content preview
    Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices
    No content preview
    MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
    No content preview
    Mallory and Me: Setting up a Mobile Mallory Gateway
    No content preview
    Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
    No content preview
    Secure Coding in C and C++
    No content preview
    Professional C Programming LiveLessons, (Video Training) Part I: Writing Robust, Secure, Reliable Code
    No content preview
    Practical Considerations of Right-to-Repair Legislation
    No content preview
    Nine years of bugs at NCC Group
    No content preview
    NCLoader
    No content preview
    SQL Server Security
    No content preview
    Self-Driving Cars- The future is now…
    No content preview
    Secure Coding Rules for Java LiveLessons, Part 1
    No content preview
    Secure Coding in C and C++, 2nd Edition
    No content preview
    Technical Advisory: Mitel MiVoice 5330e Memory Corruption Flaw
    No content preview
    Technical Advisory: IP Office Stored Cross Site Scripting (XSS) Vulnerability
    No content preview
    Technical Advisory: Bypassing Workflows Protection Mechanisms – Remote Code Execution on SharePoint
    No content preview
    Tattler
    No content preview
    10 real-world stories of how we’ve compromised CI/CD pipelines
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 8: Development of Prototype #4 – Building on Takaesu’s Approach with Focus on XSS
    No content preview
    Denial of Service in Parsing a URL by ierutil.dll
    No content preview
    NCC Group’s Exploit Development Capability: Why and What
    No content preview
    Fuzzing RTSP to discover an exploitable vulnerability in VLC
    No content preview
    Rise of the Sensors: Securing LoRaWAN Networks
    No content preview
    E-mail Spoofing and CDONTS.NEWMAIL
    No content preview
    Public Report – Lantern and Replica Security Assessment
    No content preview
    Adobe flash sandbox bypass to navigate to local drives
    No content preview
    Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage
    No content preview
    Multiple security vulnerabilities in SAP NetWeaver BSP Logon
    No content preview
    Technical Advisory: Condeon CMS
    No content preview
    Pip3line – The Swiss Army Knife of Byte Manipulation
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 3: Understanding Existing Approaches and Attempts
    No content preview
    Public Report - Google Confidential Space Security Assessment
    No content preview
    xcavator
    No content preview
    The Browser Hacker’s Handbook
    No content preview
    Announcing the Cryptopals Guided Tour Video 18: Implement CTR
    No content preview
    Auditing K3s Clusters
    No content preview
    Comparing AI Against Traditional Static Analysis Tools to Highlight Buffer Overflows
    No content preview
    44CON - Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own Automotive 2024
    No content preview
    The Mobile Application Hacker’s Handbook
    No content preview
    A Rendezvous with System Management Interrupts
    No content preview
    Weak Passwords Led to (SafePay) Ransomware…Yet Again
    No content preview
    Analyzing Secure AI Design Principles
    No content preview
    Defending Your Directory: An Expert Guide to Combating Kerberoasting in Active Directory
    No content preview
    The Development of a Telco Attack Testing Tool
    No content preview
    Lights, Camera, HACKED! An insight into the world of popular IP Cameras
    No content preview
    Technical Advisory: Multiple Vulnerabilities in TCPDF
    No content preview
    Insomnihack - Pioneering Zero Days at Pwn2Own Automotive 2024
    No content preview
    Cross-Execute Your Linux Binaries, Don’t Cross-Compile Them
    No content preview
    Rustproofing Linux (Part 3/4 Integer Overflows)
    No content preview
    Rustproofing Linux (Part 2/4 Race Conditions)
    No content preview
    VeChain JavaScript SDK Cryptography and Security Review
    No content preview
    EAP-TLS: The most secure option?
    No content preview
    Public Report - VeChainThor Galactica Security Assessment
    No content preview
    Streamlining Global Automotive Cybersecurity Governance to Accelerate Innovation, Assurance, and Compliance
    No content preview
    Online Casino Roulette – A guideline for penetration testers and security researchers
    No content preview
    GSM/GPRS Traffic Interception for Penetration Testing Engagements
    No content preview
    Conference Talks – March 2020
    No content preview
    5 MCP Security Tips
    No content preview
    HTTP to MCP Bridge
    No content preview
    iSEC reviews SecureDrop
    No content preview
    iSEC Completes TrueCrypt Audit
    No content preview
    iOS 7 tool updates
    No content preview
    How organisations can properly configure SSL services to ensure the integrity and confidentiality of data in transit
    No content preview
    White Paper: Login Service Security
    No content preview
    Nagios XI Network Monitor Blind SQL Injection
    No content preview
    Why IoT Security Matters
    No content preview
    Technical Advisory – Linux RDS Protocol Local Privilege Escalation
    No content preview
    Zcash Overwinter Consensus and Sapling Cryptography Review
    No content preview
    Detecting and Hunting for the Malicious NetFilter Driver
    No content preview
    NCC Group’s 2021 Annual Research Report
    No content preview
    Technical Advisory – DelTek Vision – Arbitrary SQL Execution (SQLi)
    No content preview
    Zcash Cryptography and Code Review
    No content preview
    Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
    No content preview
    HDMI – Hacking Displays Made Interesting
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 1/5 – Introduction
    No content preview
    Writing Small Shellcode
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 4/5 – From race win to kernel read and write primitive
    No content preview
    44CON Workshop – How to assess and secure iOS apps
    No content preview
    Technical Advisory: Bypassing Microsoft XOML Workflows Protection Mechanisms using Deserialisation of Untrusted Data
    No content preview
    Samsung Galaxy S24 Pwn2Own Ireland 2024
    No content preview
    Tool Release – Carnivore: Microsoft External Assessment Tool
    No content preview
    Reverse engineering and decrypting CyberArk vault credential files
    No content preview
    Local network compromise despite good patching
    No content preview
    Potential false redirection of web site content in Internet in SAP NetWeaver web applications
    No content preview
    Bit51 Better Security WP Security Plugin – Unauthenticated Stored XSS to RCE
    No content preview
    Technical Advisory: Espressif Systems - ESP32 BluFi Reference Application Vulnerabilities
    No content preview
    Quantum Data Centre of the Future
    No content preview
    OCP S.A.F.E. How-to
    No content preview
    Multiple Vulnerabilities in MailEnable
    No content preview
    Flash local-with-filesystem Bypass in navigateToURL
    No content preview
    Finding and Exploiting .NET Remoting over HTTP using Deserialisation
    No content preview
    SmarterMail – Stored XSS in emails
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 1: Understanding the Basics and What Platforms and Frameworks Are Available
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 9: Adventures with Expert Systems
    No content preview
    Technical Advisory: Code Execution by Viewing Resource Files in .NET Reflector
    No content preview
    Fix Bounty
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 7: Development of Prototype #3 – Adventures in Anomaly Detection
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 6: Development of Prototype #2 – Creating a SQLi PoC
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 2: Going off on a Tangent – AI/ML Applications in Social Engineering
    No content preview
    Windows USB RNDIS driver kernel pool overflow
    No content preview
    YoNTMA
    No content preview
    Voice Impersonation and DeepFake Vishing in Realtime
    No content preview
    Conference Talks – January 2020
    No content preview
    Black Hat 2013 – Femtocell Presentation Slides, Videos and App
    No content preview
    Vaccine Misinformation Part 1: Misinformation Attacks as a Cyber Kill Chain
    No content preview
    Conference Talks – February 2020
    No content preview
    The ABCs of NFC chip security
    No content preview
    How To Spot a Penetration Tester in Your Network (and Catch the Real Bad Guys at the Same Time)
    No content preview
    Cisco ASA series part three: Debugging Cisco ASA firmware
    No content preview
    Getting Shell with XAMLX Files
    No content preview
    A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext
    No content preview
    5G security – how to minimise the threats to a 5G network
    No content preview
    Assessing IIS Configuration Remotely
    No content preview
    Hackproofing Lotus Domino Web Server
    No content preview
    Hardware & Embedded Systems: A little early effort in security can return a huge payoff
    No content preview
    Crave the Data: Statistics from 1,300 Phishing Campaigns
    No content preview
    Java Web Start File Inclusion via System Properties Override
    No content preview
    Chrome Password Manager Cross Origin Weakness
    No content preview
    Exploring DeepFake Capabilities & Mitigation Strategies with University College London
    No content preview
    Demystifying Multivariate Cryptography
    No content preview
    Technical Advisory – VMware Tools Multiple Vulnerabilities
    No content preview
    Technical Advisory – OpenOffice.org Multiple Memory Corruption Vulnerabilities
    No content preview
    Technical Advisory – libraptor – XXE in RDF/XML File Interpretation
    No content preview
    Technical Advisory – HTC IQRD Android Permission Leakage
    No content preview
    Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks
    No content preview
    Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
    No content preview
    WebSense content filter bypass when deployed in conjunction with Cisco filtering devices
    No content preview
    WebLogic Plugin HTTP Injection via Encoded URLs
    No content preview
    ZigTools: An Open Source 802.15.4 Framework
    No content preview
    Visualising Firewall Rulesets – Simplifying Firewall Administration and Spotting the Pivot Point
    No content preview
    Research Paper – Recovering deleted data from the Windows registry
    No content preview
    Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques
    No content preview
    Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable
    No content preview
    RIFT: F5 CVE-2020-5902 and Citrix CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 honeypot data release
    No content preview
    Tool Release – ScoutSuite 5.12.0
    No content preview
    Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
    No content preview
    Choosing the Right MCU for Your Embedded Device — Desired Security Features of Microcontrollers
    No content preview
    Tool Release: Sinking U-Boots with Depthcharge
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Nagios XI
    No content preview
    Conference Talks – March 2022
    No content preview
    log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228
    No content preview
    Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses
    No content preview
    Shaking The Foundation of An Online Collaboration Tool: Microsoft 365 Top 5 Attacks vs the CIS Microsoft 365 Foundation Benchmark
    No content preview
    Cracking Mifare Classic 1K: RFID, Charlie Cards, and Free Subway Rides
    No content preview
    Medical Devices: A Hardware Security Perspective
    No content preview
    LDAPFragger: Bypassing network restrictions using LDAP attributes
    No content preview
    Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation
    No content preview
    Software Verification and Analysis Using Z3
    No content preview
    Conference Talks – December 2020
    No content preview
    Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices
    No content preview
    Exploring the Security & Privacy of Canada’s Digital Proof of Vaccination Programs
    No content preview
    Embedded Device Security Certifications
    No content preview
    On the malicious use of large language models like GPT-3
    No content preview
    Cisco ASA series part four: dlmalloc-2.8.x, libdlmalloc, & dlmalloc on Cisco ASA
    No content preview
    Remote code execution in ImpressPages CMS
    No content preview
    Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass
    No content preview
    Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes
    No content preview
    Zulu
    No content preview
    NCC Group’s 2024 Annual Research Report
    No content preview
    VMware Workstation Guest-to-Host Escape Exploit Development
    No content preview
    Conference Talks – August 2020
    No content preview
    Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)
    No content preview
    Mallory: Transparent TCP and UDP Proxy
    No content preview
    How Microsoft Office knows a document came from the Internet and might be dangerous
    No content preview
    RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence
    No content preview
    The Case of Missing File Extensions
    No content preview
    Violating the Virtual Channel – RDP Testing
    No content preview
    FPGAs: Security Through Obscurity?
    No content preview
    Much Ado About Hardware Implants
    No content preview
    Conference Talks – December 2021
    No content preview
    Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1
    No content preview
    Windows IPC Fuzzing Tools
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Arbitrary file download is possible with a crafted URL, when logged in as any user
    No content preview
    Introduction to Anti-Fuzzing: A Defence in Depth Aid
    No content preview
    Fake CAPTCHA led to LUMMA
    No content preview
    WindowsJobLock
    No content preview
    WSSiP: A Websocket Manipulation Proxy
    No content preview
    WSMap
    No content preview
    Xendbg: A Full-Featured Debugger for the Xen Hypervisor
    No content preview
    Windows 2000 Format String Vulnerabilities
    No content preview
    Windows 10 USB Mass Storage driver arbitrary code execution in kernel mode
    No content preview
    Windows DACLs & Why There Is Still Room for Interest
    No content preview
    Windows Remote Desktop Memory Corruption Leading to RCE on XPSP3
    No content preview
    Why AI Will Not Fully Replace Humans for Web Penetration Testing
    No content preview
    Writing Secure ASP Scripts
    No content preview
    Writing FreeBSD Kernel Modules in Rust
    No content preview
    WSBang
    No content preview
    Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
    No content preview
    Whitepaper – Project Triforce: Run AFL On Everything (2017)
    No content preview
    Whitepaper: Perfect Forward Security
    No content preview
    Whitepaper: CA Alternative
    No content preview
    White Paper: An Introduction to Authenticated Encryption
    No content preview
    Whitepaper – Exploring the Security of KaiOS Mobile Applications
    No content preview
    Whitepaper: Recognizing and Preventing TOCTOU
    No content preview
    Windows Phone 7 Application Security Survey
    No content preview
    Welcome to the new NCC Group Global Research blog
    No content preview
    Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling (1)
    No content preview
    Which database is more secure? Oracle vs. Microsoft
    No content preview
    White Paper: Cryptopocalypse Reference Paper
    No content preview
    Weak Randomness Part I – Linear Congruential Random Number Generators
    No content preview
    White Paper: Browser Extension Password Managers
    No content preview
    Whitepaper – Double Fetch Vulnerabilities in C and C++
    No content preview
    Whitepaper – Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm’s TrustZone
    No content preview
    Webinar – PCI Version 3.0: Are you ready?
    No content preview
    Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling
    No content preview
    What the HEC? Security implications of HDMI Ethernet Channel and other related protocols
    No content preview
    Weaknesses and Best Practices of Public Key Kerberos with Smart Cards
    No content preview
    Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches
    No content preview
    Trusted Gateway
    No content preview
    Tor Browser Research Report Released
    No content preview
    Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)
    No content preview
    Tool Release – HTTPSignatures: A Burp Suite Extension Implementing HTTP Signatures
    No content preview
    Tool Release – JWT-Reauth
    No content preview
    U plug, we play
    No content preview
    Tool Release: Calculating SQL Permissions
    No content preview
    Tool Release: Blackbox iOS App Analysis with Introspy
    No content preview
    Understanding the insider threat & how to mitigate it
    No content preview
    Tool Release: SSLyze v 0.9 released – Heartbleed edition
    No content preview
    How I did not get a shell
    No content preview
    Compromising a Hospital Network for £118 (Plus Postage & Packaging)
    No content preview
    The Phishing Guide: Understanding & Preventing Phishing Attacks
    No content preview
    USB keyboards by post – use of embedded keystroke injectors to bypass autorun restrictions on modern desktop operating systems
    No content preview
    Tool – Windows Executable Memory Page Delta Reporter
    No content preview
    TPM Genie
    No content preview
    USB Undermining Security Barriers:further adventures with USB
    No content preview
    Username enumeration techniques and their value
    No content preview
    Using graph databases to assess the security of thingernets based on the thingabilities and thingertivity of things
    No content preview
    WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
    No content preview
    Vulnerabilities Found In Geofencing Apps
    No content preview
    Understanding and Hardening Linux Containers
    No content preview
    Updated: Technical Advisory and Proofs of Concept – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
    No content preview
    Variations in Exploit methods between Linux and Windows
    No content preview
    Vulnerability Overview: Ghost (CVE-2015-0235)
    No content preview
    Tool Release – Socks Over RDP Now Works With Citrix
    No content preview
    Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)
    No content preview
    Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902
    No content preview
    Use and enforce Multi-Factor Authentication
    No content preview
    Using Semgrep with Jupyter Notebook files
    No content preview
    Understanding Ransomware
    No content preview
    Understanding Microsoft Word OLE Exploit Primitives
    No content preview
    Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures
    No content preview
    Tool Release: tcpprox
    No content preview
    tybocer
    No content preview
    umap
    No content preview
    Understanding cyber risk management vs uncertainty with confidence in 2017
    No content preview
    TPM Genie: Interposer Attacks Against the Trusted Platform Module Serial Bus
    No content preview
    Trust in the New Internet Survey
    No content preview
    typofinder
    No content preview
    Unauthenticated XML eXternal Entity (XXE) vulnerability
    No content preview
    Tool Release: SSL pinning bypass and other Android tools
    No content preview
    Tool Release: SSLyze v0.8 released
    No content preview
    Trust in the Internet Survey
    No content preview
    UK government cyber security guidelines for connected & autonomous vehicles
    No content preview
    Tool Release: iOS SSL Kill Switch v0.5 Released
    No content preview
    Tool Release: Redirecting traffic with dnsRedir.py
    No content preview
    Tool Release: You’ll Never (Ever) Take Me Alive!
    No content preview
    Top of the Pops: Three common ransomware entry techniques
    No content preview
    Tool Release: A Simple DLL Injection Utility
    No content preview
    Tool Release: Cartographer
    No content preview
    Tool Release: iOS Secure State Preservation
    No content preview
    Tool Release: PeachFarmer
    No content preview
    Tool Release: Announcing the Release of RtspFuzzer
    No content preview
    Tool Release: Code Query (cq)
    No content preview
    Tool Release: Exploring SSL Pinning on iOS
    No content preview
    Tool Release – ScoutSuite 5.13.0
    No content preview
    Tool Release – ScoutSuite 5.11.0
    No content preview
    Tool Release – ScoutSuite 5.9.0
    No content preview
    Tool Release: Blackbox Android App Analysis with Introspy
    No content preview
    Tool Release – Socks Over RDP
    No content preview
    Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments
    No content preview
    Tool Release – Solitude: A privacy analysis tool
    No content preview
    Tool Release – ScoutSuite 5.10
    No content preview
    Toner Deaf – Printing your next persistence (Hexacon 2022)
    No content preview
    To dock or not to dock, that is the question: Using laptop docking stations as hardware-based attack platforms
    No content preview
    Tool Release – Ghostrings
    No content preview
    Tool Release – Monkey365
    No content preview
    The Sorry State of Aftermarket Head Unit Security
    No content preview
    Threat Intelligence: Benefits for the Enterprise
    No content preview
    Tool Release – Collaborator++
    No content preview
    Tool Release – ICPin, an integrity-check and anti-debug detection pintool
    No content preview
    The why behind web application penetration test prerequisites
    No content preview
    Threats and vulnerabilities within the Maritime and shipping sectors
    No content preview
    TLSPretense — SSL/TLS Client Testing Framework
    No content preview
    The Extended AWS Security Ramp-Up Guide
    No content preview
    There’s A Hole In Your SoC: Glitching The MediaTek BootROM
    No content preview
    Thin Clients: Slim Security
    No content preview
    Time Trial: Racing Towards Practical Remote Timing Attacks
    No content preview
    The disadvantages of a blacklist-based approach to input validation
    No content preview
    The factoring dead: Preparing for the cryptopocalypse
    No content preview
    The Update Framework (TUF) Security Assessment
    No content preview
    The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses
    No content preview
    The facts about BadUSB
    No content preview
    The Importance of a Cryptographic Review
    No content preview
    The Paillier Cryptosystem with Applications to Threshold ECDSA
    No content preview
    The role of security research in improving cyber security
    No content preview
    Protecting stored cardholder data (an unofficial supplement to PCI DSS V3.0)
    No content preview
    The Future of C Code Review
    No content preview
    The L4m3ne55 of Passw0rds: Notes from the field
    No content preview
    Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review
    No content preview
    Remote Exploitation of Microsoft Office DLL Hijacking (MS15-132) via Browsers
    No content preview
    SSL checklist for pentesters
    No content preview
    Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability
    No content preview
    Symantec Backup Exec 2012 – OS version and service pack information leak
    No content preview
    Symantec Backup Exec 2012 Backup/Restore Data Traverses Memory with Weak ACLs
    No content preview
    Sysinternals SDelete: When Secure Delete Fails
    No content preview
    TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
    No content preview
    TANDBERG Video Communication Server Authentication Bypass
    No content preview
    TANDBERG Video Communication Server Arbitrary File Retrieval
    No content preview
    tcpprox
    No content preview
    Technical Advisory – FUJITSU CentricStor Control Center <= V8.1 – Unauthenticated Command Injection ( CVE-2022-31794 and CVE-2022-31795)
    No content preview
    Technical Advisory – KwikTag Web Admin Authentication Bypass
    No content preview
    Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy
    No content preview
    Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)
    No content preview
    Technical Advisory – Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Post-Authentication Remote Command Execution (CVE-2021-20044)
    No content preview
    Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)
    No content preview
    Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks
    No content preview
    Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)
    No content preview
    Technical Advisory – ICTFAX 7-4 – Indirect Object Reference
    No content preview
    Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Arbitrary File Deletion
    No content preview
    Technical Advisory: Citrix Workspace / Receiver Remote Code Execution Vulnerability
    No content preview
    Public Report – Threshold ECDSA Cryptography Review
    No content preview
    LTair:  The LTE Air Interface Tool
    No content preview
    McAfee Email and Web Security Appliance Active session tokens of other users are disclosed within the UI
    No content preview
    McAfee Email and Web Security Appliance Password hashes can be recovered from a system backup and easily cracked
    No content preview
    Microsoft Zero-Day Vulnerability – OLE2Link – Threat Intelligence and Signatures
    No content preview
    NCC Con Europe 2022 – Pwn2Own Austin Presentations
    No content preview
    Oracle Retail Invoice Manager SQL Injection
    No content preview
    Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails
    No content preview
    Pointer Sequence Reverser (PSR)
    No content preview
    Preparing for Cyber Battleships – Electronic Chart Display and Information System Security
    No content preview
    Private sector cyber resilience and the role of data diodes
    No content preview
    Technical Advisory: Multiple Vulnerabilities in HP Printers
    No content preview
    Technical Advisory: Multiple Vulnerabilities in ManageEngine Desktop Central
    No content preview
    Technical Advisory: Nexpose Hard‐coded Java Key Store Passphrase Allows Decryption of Stored Credentials
    No content preview
    Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)
    No content preview
    Technical Advisory: Pulse Connect Secure – Arbitrary File Read via Logon Message (CVE-2020-8255)
    No content preview
    Technical advisory: Remote shell commands execution in ttyd
    No content preview
    Technical Advisory: Reflected Cross-Site Scripting (XSS) vulnerability in Jenkins Delivery Pipeline plugin
    No content preview
    Testing HTTP/2 only web services
    No content preview
    Technical Advisory: Unauthenticated SQL Injection in Lansweeper
    No content preview
    The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations
    No content preview
    Testing Infrastructure-as-Code Using Dynamic Tooling
    No content preview
    The Automotive Threat Modeling Template
    No content preview
    Does TypeScript Offer Security Improvements Over JavaScript?
    No content preview
    Data-mining with SQL Injection and Inference
    No content preview
    Public Report – WhatsApp opaque-ke Cryptographic Implementation Review
    No content preview  ( 7 min )
    Stepping Insyde System Management Mode
    No content preview
    Technical Advisory: Command Injection
    No content preview
    ProxMon
    No content preview  ( 7 min )
    Masquerade: You Downloaded ScreenConnect not Grok AI!
    No content preview  ( 10 min )
    State of DNS Rebinding in 2023
    Explore new DNS rebinding tactics and browser defenses like Local Network Access in NCC Group’s latest research.  ( 13 min )
    Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)
    No content preview  ( 8 min )
    Security Considerations of zk-SNARK Parameter Multi-Party Computation
    No content preview  ( 16 min )
    RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence
    No content preview  ( 8 min )
    Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call
    No content preview  ( 8 min )
    Symantec Backup Exec 2012 – Persistent XSS Vulnerability Affecting Custom Reports
    No content preview  ( 7 min )
    Technical Advisory – Citrix Access Gateway Command Injection Vulnerability
    Explore how a command injection flaw in Citrix Access Gateway could allow attackers to execute arbitrary system commands.  ( 9 min )
    Spectre and Meltdown: What you Need to Know
    No content preview  ( 12 min )
    Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite
    No content preview  ( 9 min )
    Samba _netr_ServerPasswordSet Expoitability Analysis
    No content preview  ( 11 min )
    Ruling the rules
    No content preview  ( 11 min )
    Symantec Backup Exec 2012 – Linux Backup Agent Heap Overflow
    No content preview  ( 7 min )
    Threat Modelling Cloud Platform Services by Example: Google Cloud Storage
    No content preview  ( 19 min )
    Security of Things: An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond
    No content preview  ( 7 min )
    Secure Device Manufacturing: Supply Chain Security Resilience
    No content preview  ( 7 min )
    Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond
    No content preview  ( 8 min )
    Ruxcon 2013 – Introspy Presentation Slides
    No content preview  ( 7 min )
    Technical Advisory – Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969)
    No content preview  ( 9 min )
    OS X Lion USB Hub Class Descriptor Arbitrary Code Execution
    No content preview  ( 6 min )
    Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks
    No content preview  ( 10 min )
    Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)
    No content preview  ( 8 min )
    Technical Advisory – macOS Installer Local Root Privilege Escalation (CVE-2020-9817)
    No content preview  ( 11 min )
    Password and brute-force mitigation policies
    No content preview  ( 7 min )
    Tool Release – Principal Mapper v1.1.0 Update
    No content preview  ( 7 min )
    Software Security Austerity Security Debt in Modern Software Development
    No content preview  ( 6 min )
    Oracle Forensics Part 1: Dissecting the Redo Logs
    No content preview  ( 7 min )
    Tool Release – Web3 Decoder Burp Suite Extension
    No content preview  ( 9 min )
    The death of USB autorun and the rise of the USB keyboard
    No content preview
    The economics of defensive security
    No content preview
    Ragweed
    No content preview
    Readable Thrift
    No content preview
    The Demise of Signature Based Antivirus
    No content preview
    Real World Cryptography Conference 2022
    No content preview  ( 26 min )
    Ransomware: How vulnerable is your system?
    No content preview
    Remote Directory Traversal and File Retrieval
    No content preview
    Research Insights Volume 1 – Sector Focus: Financial Services
    No content preview  ( 6 min )
    Research Paper – Machine Learning for Static Malware Analysis, with University College London
    No content preview  ( 10 min )
    RIFT: Detection capabilities for recent F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986
    No content preview  ( 11 min )
    RSA Conference – Mobile Threat War Room
    No content preview
    Rust for Security and Correctness in the embedded world
    No content preview  ( 12 min )
    RM3 – Curiosities of the wildest banking malware
    No content preview
    Reviewing Verifiable Random Functions
    No content preview
    RtspFuzzer
    No content preview
    Salesforce Security with Remote Working
    No content preview
    Securing Teradata Database
    No content preview
    Securing the continuous integration process
    No content preview
    Shocker
    No content preview
    SIAM AG23: Algebraic Geometry with Friends
    No content preview  ( 18 min )
    SAML Pummel
    No content preview
    Secure Session Management With Cookies for Web Applications
    No content preview
    Signaturing an Authenticode anomaly with Yara
    No content preview
    Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns
    No content preview
    Some Notes About the Xen XSA-122 Bug
    No content preview  ( 11 min )
    SAML XML Injection
    No content preview
    SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities
    No content preview
    Solaris 11 USB hubclass
    No content preview
    Research Insights Volume 5 – Sector Focus: Automotive
    No content preview
    Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions
    No content preview
    Spy-Pi: Do you trust your laptop docking stations?
    No content preview
    Squiz CMS File Path Traversal
    No content preview
    StreamDivert: Relaying (specific) network connections
    No content preview
    Supply Chain Security Begins with Secure Software Development
    No content preview
    Symantec Messaging Gateway – Addition of a backdoor adminstrator via CSRF
    No content preview
    Symantec Messaging Gateway – Authenticated arbritary file download
    No content preview
    Symantec Messaging Gateway – Unauthenticated detailed version disclosure
    No content preview
    Symantec Messaging Gateway – Unauthorised SSH access
    No content preview
    Symantec Messaging Gateway SSH with backdoor user account + privilege escalation to root due to very old Kernel
    No content preview
    SysAid Helpdesk stored XSS
    No content preview
    SysPWN – VR for Pwn2Own
    No content preview
    Technical Advisory – Authorization Bypass Allows for Pinboard Corruption
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043)
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Accellion File Transfer Appliance
    No content preview
    Technical Advisory: Mosquitto Broker DoS through a Memory Leak vulnerability
    No content preview
    Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)
    No content preview
    Writing Exploits for Win32 Systems from Scratch
    No content preview  ( 54 min )
    Lumension Device Control Remote Memory Corruption
    No content preview
    Man-in-the-Middling Non-Proxy Aware Wi-Fi Devices with a Pineapple
    No content preview  ( 12 min )
    Technical advisory: CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers
    No content preview
    Multiple Buffer Overflows Discovered in AFFLIB
    No content preview
    NCC Group WhitepaperUnderstanding and HardeningLinux ContainersJune 29, 2016 – Version 1.1
    No content preview
    New Sources of Microsoft Office Metadata – Tool Release MetadataPlus
    No content preview
    Order Details Screens and PII
    No content preview
    Oracle Forensics Part 7 Using the Oracle System Change Number in Forensic Investigations
    No content preview
    OSX afpserver remote code execution
    No content preview
    port-scan-automation
    No content preview
    Project Bishop: Clustering Web Pages
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Lexmark Printers
    No content preview  ( 13 min )
    Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777)
    No content preview
    Tis the Season to Be…
    No content preview  ( 9 min )
    They Ought to Know Better: Exploiting Security Gateways via their Web Interfaces
    No content preview  ( 6 min )
    vlan-hopping
    No content preview  ( 6 min )
    Whitepaper – Practical Attacks on Machine Learning Systems
    No content preview  ( 7 min )
    Owning the Virgin Media Hub 3.0: The perfect place for a backdoor
    Explore how NCC Group uncovered multiple vulnerabilities in the Virgin Media Hub 3.0, revealing a perfect setup for stealthy backdoor access  ( 21 min )
    Project Triforce: Run AFL on Everything!
    No content preview  ( 16 min )
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040)
    No content preview  ( 9 min )
    Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption
    No content preview  ( 10 min )
    Pairing over BLS12-381, Part 3: Pairing!
    No content preview  ( 13 min )
    Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application
    No content preview  ( 8 min )
    Technical Advisory – SonicWall SMA 100 Series – Multiple Unauthenticated Heap-based and Stack-based Buffer Overflow (CVE-2021-20045)
    No content preview  ( 8 min )
    Lending a hand to the community – Covenant v0.7 Updates
    No content preview  ( 12 min )
    Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities
    No content preview  ( 14 min )
    Some Musings on Common (eBPF) Linux Tracing Bugs
    No content preview  ( 18 min )
    Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
    No content preview  ( 10 min )
    Technical Advisory – Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability
    Explore how a flaw in Apple’s NSXMLParser could allow XML External Entity (XXE) attacks on iOS and macOS systems.  ( 9 min )
    Sakula: an adventure in DLL planting
    No content preview  ( 8 min )
    PhanTap (Phantom Tap): Making networks spookier one packet at a time
    No content preview  ( 11 min )
    Real World Cryptography Conference 2023 – Part I
    No content preview  ( 15 min )
    Secure Application Development on Facebook
    No content preview  ( 6 min )
    SecureCookies
    No content preview  ( 6 min )
    Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)
    No content preview  ( 12 min )
    Security First Umbrella
    No content preview  ( 7 min )
    Security Code Review With ChatGPT
    Security Code Review With ChatGPT  ( 23 min )
    Technical Advisory – Apple HFS+ Information Disclosure Vulnerability
    Explore how a flaw in Apple’s HFSPlus file system could allow unauthorized access to file metadata and system information.  ( 9 min )
    Retro Gaming Vulnerability Research: Warcraft 2
    No content preview  ( 18 min )
    Multiple Shell Metacharacter Injections in AFFLIB
    A technical breakdown of shell metacharacter injection vulnerabilities in AFFLIB and their implications for secure forensic analysis.  ( 9 min )
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS
    No content preview  ( 9 min )
    Sobelow: Static analysis for the Phoenix Framework
    No content preview  ( 7 min )
    Software-Based Fault Injection Countermeasures (Part 2/3)
    No content preview  ( 19 min )
    TA505: A Brief History Of Their Time
    No content preview  ( 14 min )
    Technical advisory: “ROHNP”- key extraction side channel in multiple crypto libraries
    No content preview  ( 10 min )
    Spectre on a Television
    No content preview  ( 13 min )
    Technical Advisory – ExpressLRS vulnerabilities allow for hijack of control link
    No content preview  ( 9 min )
    Shellshock Bash Vulnerability
    No content preview  ( 8 min )
    Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)
    No content preview  ( 10 min )
    Securing Google Cloud Platform – Ten best practices
    No content preview  ( 11 min )
    Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
    No content preview  ( 16 min )
    SMB hash hijacking & user tracking in MS Outlook
    Understand the mechanics behind SMB hash hijacking and user tracking in MS Outlook. Our advisory covers attack vectors, testing methods, and fixes.  ( 12 min )
    State-of-the-art email risk
    No content preview  ( 7 min )
    Stopping Automated Attack Tools
    No content preview  ( 6 min )
    NCC Group Research at Black Hat USA 2022 and DEF CON 30
    No content preview  ( 11 min )
    Real World Cryptography Conference 2021: A Virtual Experience
    No content preview  ( 14 min )
    Overview of Modern Memory Security Concerns
    No content preview  ( 16 min )
    Story of a Hundred Vulnerable Jenkins Plugins
    No content preview  ( 14 min )
    Symantec PC Anywhere Remote Code Extecution
    No content preview  ( 6 min )
    Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks
    No content preview  ( 10 min )
    So long and thanks for all the 0day
    No content preview  ( 21 min )
    Sharkbot is back in Google Play
    No content preview  ( 11 min )
    SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
    No content preview  ( 14 min )
    SCOMplicated? – Decrypting SCOM “RunAs” credentials
    No content preview  ( 9 min )
    Reverse Engineering Coin Hunt World’s Binary Protocol
    No content preview  ( 29 min )
    Technical Advisory – Bomgar Remote Support – Local Privilege Escalation
    Explore how a flaw in Bomgar Remote Support could allow local users to escalate privileges and compromise system security.  ( 8 min )
    Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery
    No content preview  ( 8 min )
    NCC Group’s 2020 Annual Research Report
    Explore key findings from NCC Group’s 2020 research, including vulnerability discoveries, threat intelligence, and security innovations.  ( 55 min )
    Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
    No content preview  ( 10 min )
    Technical Advisory: Authentication Bypass in libSSH
    No content preview  ( 9 min )
    Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)
    No content preview  ( 9 min )
    Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures
    Discover how malicious signatures in Outlook can expose NetNTLM hashes and how to secure your environment.  ( 12 min )
    earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis scripts
    Discover techniques for automating P-Code analysis using Ghidra’s decompiler internals for efficient security research.  ( 27 min )
    Windows Firewall Hook Enumeration
    No content preview  ( 17 min )
    Pairing over BLS12-381, Part 1: Fields
    Dive into the first part of NCC Group’s BLS12-381 series, focusing on fields and their role in pairing-based cryptography.  ( 14 min )
    When a Trusted Site in Internet Explorer was Anything But
    No content preview  ( 9 min )
    Maritime Cyber Security: Threats and Opportunities
    No content preview  ( 6 min )
    Using SharePoint as a Phishing Platform
    Explore how attackers can abuse Microsoft SharePoint’s trusted domain and scripting capabilities to host phishing campaigns and capture credentials.  ( 11 min )
    NCC Group’s 2022 & 2023 Research Report
    No content preview  ( 8 min )
    Unveiling the Dark Side: A Deep Dive into Active Ransomware Families
    No content preview  ( 15 min )
    Network Attached Security: Attacking a Synology NAS
    No content preview  ( 6 min )
    Turla PNG Dropper is back
    No content preview  ( 11 min )
    Tool Release: DIBF Tool Suite
    No content preview  ( 7 min )
    Tool Release: Code Credential Scanner (ccs)
    No content preview  ( 7 min )
    Threat Spotlight – Hydra
    No content preview  ( 12 min )
    Passive Information Gathering – The Analysis of Leaked Network Security Information
    No content preview  ( 7 min )
    The Challenges of Fuzzing 5G Protocols
    No content preview  ( 16 min )
    MSSQL Lateral Movement
    No content preview  ( 10 min )
    Smuggling HTA files in Internet Explorer/Edge
    No content preview  ( 11 min )
    Technical Advisory: Adobe ColdFusion Object Deserialisation RCE
    No content preview  ( 8 min )
    Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)
    No content preview  ( 8 min )
    Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator (for example)
    No content preview  ( 7 min )
    SecureBigIP
    No content preview  ( 6 min )
    Symantec Messaging Gateway Out of band stored XSS delivered by email
    No content preview  ( 7 min )
    Technical Advisory: Authentication rule bypass
    No content preview  ( 8 min )
    SysAid Helpdesk blind SQL injection
    No content preview  ( 6 min )
    Peeling back the layers on defence in depth…knowing your onions
    No content preview  ( 7 min )
    Technical Advisory: Multiple Vulnerabilities in MailEnable
    No content preview  ( 8 min )
    PeachFarmer
    No content preview  ( 7 min )
    Oracle Java Installer Adds a System Path Which is Writable by All
    Discover how a simple installation oversight in Oracle Java could lead to serious security consequences.  ( 7 min )
    Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
    No content preview  ( 8 min )
    Payment Card Industry Data Security Standard (PCI DSS) A Navigation and Explanation of Changes from v2.0 to v3.0
    No content preview  ( 6 min )
    Premium Content Gateway
    No content preview  ( 6 min )
    osquery Application Security Assessment Public Report
    No content preview  ( 6 min )
    Technical Advisory – Authenticated SQL Injection in SOAP Request in Broadcom CA Network Flow Analysis (CVE-2021-44050)
    No content preview  ( 8 min )
    SysAid Helpdesk Pro – Blind SQL Injection
    No content preview  ( 7 min )
    SSLyze v0.8
    No content preview  ( 6 min )
    Poison Ivy string decryption
    Explore how NCC Group reverse-engineers Poison Ivy’s string obfuscation to uncover hidden commands and payloads.  ( 8 min )
    SSLyze v0.7 Released
    No content preview  ( 7 min )
    Technical Advisory – Coda Filesystem Kernel Memory Disclosure
    This technical advisory details a kernel memory disclosure issue in the Coda filesystem and its potential impact.  ( 8 min )
    Solaris 11 USB Hub Class descriptor kernel stack overflow
    No content preview  ( 8 min )
    Oracle 11g TNS listener remote Null Pointer Dereference
    No content preview  ( 6 min )
    Post-quantum cryptography overview
    No content preview  ( 6 min )
    Quantum Cryptography – A Study Into Present Technologies and Future Applications
    No content preview  ( 7 min )
    Login Service Security
    No content preview  ( 6 min )
    Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review
    Explore NCC Group’s review of Electric Coin Company’s NU4 cryptographic specification and implementation for enhanced security.  ( 7 min )
    Microsoft’s SQL Server vs. Oracle’s RDBMS
    No content preview  ( 6 min )
    Symantec Backup Exec 2012 – Backup Exec Utility Stored XSS when adding Groups, Servers and Computers
    No content preview  ( 7 min )
    Research Report – Zephyr and MCUboot Security Assessment
    No content preview  ( 8 min )
    Oracle Retail Integration Bus Manager Directory Traversal
    No content preview  ( 6 min )
    SOC maturity & capability
    No content preview  ( 7 min )
    Nagios XI Network Monitor – OS Command Injection
    No content preview  ( 7 min )
    Technical Advisory – Shop app sends pasteboard data to Shopify’s servers
    No content preview  ( 8 min )
    Microsoft Office Memory Corruption Vulnerability
    No content preview  ( 6 min )
    Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)
    No content preview  ( 8 min )
    Technical Advisory: Shell Injection in MacVim mvim URI Handler
    No content preview  ( 7 min )
    NX Server for Linux Arbitrary Files can be read with root privileges
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance Session hijacking and bypassing client-side session timeouts
    No content preview  ( 6 min )
    Optimum Routers: Researching Managed Routers
    No content preview  ( 6 min )
    Technical Advisory: Gaining root access on Sumpple S610 IP Camera via Telnet; and Unprotected client and server data transmission between Android and IOS clients
    No content preview  ( 9 min )
    Oracle Gridengine sgepasswd Buffer Overflow
    No content preview  ( 7 min )
    Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin
    No content preview  ( 6 min )
    Technical Advisory – Jitsi Meet Electron – Limited Certificate Validation Bypass (CVE-2020-27161)
    No content preview  ( 7 min )
    Readable Thrift (1)
    No content preview  ( 6 min )
    SecureCisco
    No content preview  ( 6 min )
    Nessus Authenticated Scan – Local Privilege Escalation
    No content preview  ( 6 min )
    Technical Advisory – Linksys WRT160NL – Authenticated Remote Buffer Overflow (CVE-2020-26561)
    No content preview  ( 7 min )
    Technical Advisory – play-pac4j Authentication rule bypass
    No content preview  ( 8 min )
    Sniffle: A Sniffer for Bluetooth 5
    No content preview  ( 7 min )
    Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera
    No content preview  ( 7 min )
    Technical Advisory – Jitsi Meet Electron – Arbitrary Client Remote Code Execution (CVE-2020-27162)
    No content preview  ( 9 min )
    Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup
    No content preview  ( 7 min )
    Nerve
    No content preview  ( 6 min )
    Tales of Windows detection opportunities for an implant framework
    No content preview  ( 6 min )
    Technical Advisory: Intel Driver Support & Assistance – Local Privilege Escalation
    No content preview  ( 9 min )
    My Hash is My Passport: Understanding Web and Mobile Authentication
    No content preview  ( 7 min )
    Research Insights Volume 7: Exploitation Advancements
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance v5.6 – Any logged-in user can bypass controls to reset passwords of other administrators
    No content preview  ( 8 min )
    Symantec Message Filter Unauthenticated verbose software version information disclosure
    No content preview  ( 6 min )
    More Advanced SQL Injection
    More Advanced SQL Injection  ( 6 min )
    Singularity of Origin
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance Arbitrary file download is possible with a crafted URL, when logged in as any user
    No content preview  ( 6 min )
    Mature Security Testing Framework
    No content preview  ( 6 min )
    NCC Group co-signs the Electronic Frontier Foundation’s Statement on DMCA Use Against Security Researchers
    No content preview  ( 8 min )
    Perfect Forward Security
    No content preview  ( 6 min )
    Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)
    No content preview  ( 9 min )
    Secure Messaging for Normal People
    No content preview  ( 7 min )
    Mobile World Congress – Mobile Internet of Things
    No content preview  ( 6 min )
    Research Insights Volume 4 – Sector Focus: Maritime Sector
    No content preview  ( 7 min )
    Slotting Security into Corporate Development
    No content preview  ( 7 min )
    Microsoft announces the WMIC command is being retired, Long Live PowerShell
    No content preview  ( 10 min )
    libtalloc: A GDB plugin for analysing the talloc heap
    Explore how the libtalloc GDB plugin simplifies heap analysis for talloc-based memory structures in C applications.  ( 11 min )
    Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks
    Discover the impact of DoH on DNS rebinding attacks, why it matters for cybersecurity, and practical steps for reducing exposure.  ( 14 min )
    Shell Arithmetic Expansion and Evaluation Abuse
    No content preview  ( 10 min )
    RIFT: Analysing a Lazarus Shellcode Execution Method
    No content preview  ( 9 min )
    Puckungfu: A NETGEAR WAN Command Injection
    No content preview  ( 12 min )
    Mining data from Cobalt Strike beacons
    No content preview  ( 14 min )
    Machine learning from idea to reality: a PowerShell case study
    No content preview  ( 11 min )
    Replicating CVEs with KLEE
    No content preview  ( 10 min )
    Post-exploiting a compromised etcd – Full control over the cluster and its nodes
    No content preview  ( 15 min )
    Properly Signed Certificates on CPE Devices
    Explore how shared TLS certificates in CPE devices pose security risks—and how unique provisioning can fix them.  ( 12 min )
    Padding the struct: How a compiler optimization can disclose stack memory
    No content preview  ( 16 min )
    Paradoxical Compression with Verifiable Delay Functions
    No content preview  ( 14 min )
    LeaPFRogging PFR Implementations
    Explore NCC Group’s insights on leapfrogging PFR implementations to improve security and streamline processes.  ( 12 min )
    LAPSUS$: Recent techniques, tactics and procedures
    No content preview  ( 11 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 4: Architecture and Design
    No content preview  ( 14 min )
    Heartbleed OpenSSL vulnerability
    Learn the impact of Heartbleed on OpenSSL and how NCC Group helps secure systems against this critical flaw.  ( 9 min )
    Pairing over BLS12-381, Part 2: Curves
    A technical look at the curve foundations of BLS12-381 and their importance in pairing-based cryptography.  ( 14 min )
    Passive Decryption of Ethereum Peer-to-Peer Traffic
    No content preview  ( 10 min )
    The Password is Dead, Long Live the Password!
    Discover why passwords are vulnerable and learn about emerging technologies like biometrics and MFA that redefine secure user authentication.  ( 13 min )
    Adventures in Windows Driver Development: Part 1
    Dive into the fundamentals of Windows driver development with NCC Group’s hands-on exploration of kernel-mode programming.  ( 13 min )
    Tool Release – Reliably-checked String Library Binding
    Discover our new tool for securely handling strings with reliable checks to prevent vulnerabilities in applications.  ( 17 min )
    Practical Machine Learning for Random (Filename) Detection
    No content preview  ( 11 min )
    NIST Selects Post-Quantum Algorithms for Standardization
    No content preview  ( 11 min )
    On Multiplications with Unsaturated Limbs
    No content preview  ( 14 min )
    Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust
    No content preview  ( 20 min )
    Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath
    Learn how the Castryck-Decru SIDH attack works and how NCC Group demonstrates its implementation in SageMath.  ( 33 min )
    Non Obvious PE Parsers – The .NET runtime – Part 1
    No content preview  ( 12 min )
    On the Use of Pedersen Commitments for Confidential Payments
    No content preview  ( 12 min )
    Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly
    No content preview  ( 18 min )
    NSA & CISA Kubernetes Security Guidance – A Critical Review
    No content preview  ( 16 min )
    Multiple Format String Injections in AFFLIB
    Explore how multiple format string injection flaws in AFFLIB could lead to memory corruption and security breaches.  ( 9 min )
    NCC Group’s Upcoming Trainings at Black Hat USA 2021
    No content preview  ( 8 min )
    Windows DACL Enum Project
    No content preview  ( 6 min )
    whitebox
    No content preview  ( 6 min )
    When Security Gets in the Way: PenTesting Mobile Apps That Use Certificate Pinning
    No content preview  ( 6 min )
    WebRATS
    No content preview  ( 7 min )
    Whatsupgold Premium Directory traversal
    No content preview  ( 6 min )
    Webinar: SMACK, SKIP-TLS & FREAK SSL/TLS vulnerabilities
    No content preview  ( 6 min )
    Webinar: 4 Secrets to a Robust Incident Response Plan
    No content preview  ( 6 min )
    VoIP Security Methodology and Results
    No content preview  ( 7 min )
    Virtual Access Monitor Multiple SQL Injection Vulnerabilities
    No content preview  ( 6 min )
    Violating Database – Enforced Security Mechanisms
    No content preview  ( 7 min )
    Use of Deserialisation in .NET Framework Methods and Classes
    No content preview  ( 7 min )
    USB under the bonnet: Implications of USB security vulnerabilities in vehicle systems
    No content preview  ( 6 min )
    USB attacks need physical access right? Not any more…
    No content preview  ( 6 min )
    Understanding Ransomware: Impact, Evolution and Defensive Strategies
    No content preview  ( 6 min )
    Understanding Microsoft Word OLE Exploit Primitives: Exploiting CVE-2015-1642 Microsoft Office CTaskSymbol Use-After-Free Vulnerability
    No content preview  ( 7 min )
    Tool: WStalker – an easy proxy to support Web API assessments
    No content preview  ( 8 min )
    Tool Release: YoNTMA
    No content preview  ( 7 min )
    Tool Release: Introducing opinel: Scout2’s favorite tool
    No content preview  ( 8 min )
    Tool Release – ScoutSuite 5.8.0
    No content preview  ( 7 min )
    Threat Profiling Microsoft SQL Server
    No content preview  ( 6 min )
    Third party assurance
    No content preview  ( 6 min )
    The SSL Conservatory
    No content preview  ( 6 min )
    The Pentesters Guide to Akamai
    No content preview  ( 7 min )
    The Pharming Guide – Understanding and preventing DNS related attacks by phishers
    No content preview  ( 7 min )
    The Myth of Twelve More Bytes: Security on the Post-Scarcity Internet
    No content preview  ( 6 min )
    The CIS Security Standard for Docker available now
    No content preview  ( 8 min )
    Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)
    No content preview  ( 8 min )
    Technical Advisory: Stored and Reflected XSS Vulnerability in Nagios Log Server (CVE-2021-35478,CVE-2021-35479)
    No content preview  ( 8 min )
    Technical Advisory: Shell Injection in SourceTree
    No content preview  ( 7 min )
    Technical Advisory: Insufficient Proxyman HelperTool XPC Validation
    No content preview  ( 11 min )
    Technical Advisory: Adobe ColdFusion RMI Registry.bind() Deserialisation RCE
    No content preview  ( 8 min )
    Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)
    No content preview  ( 8 min )
    Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)
    No content preview  ( 7 min )
    Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in
    Learn how NCC Group researchers uncovered a directory traversal vulnerability in IBM TAM that exposes critical system files.  ( 8 min )
    Symantec Messaging Gateway – Out of band stored XSS via email
    No content preview  ( 6 min )
    Symantec Message Filter Session Hijacking via session
    No content preview  ( 6 min )
    Social Engineering
    No content preview  ( 6 min )
    Sobelow Update
    No content preview  ( 7 min )
    Shellshock Advisory
    No content preview  ( 9 min )
    Security Best Practice: Host Naming & URL Conventions
    No content preview  ( 6 min )
    RokRat Analysis
    No content preview  ( 11 min )
    Rigging the Vote: Uniqueness in Verifiable Random Functions
    No content preview  ( 11 min )
    Return of the hidden number problem
    No content preview  ( 7 min )
    Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions 2013
    No content preview  ( 7 min )
    Research Insights Volume 9 – Modern Security Vulnerability Discovery
    No content preview  ( 7 min )
    Nagios XI Network Monitor – Stored and Reflective XSS
    No content preview  ( 7 min )
    Proxy Re-Encryption Protocol: IronCore Public Report
    No content preview  ( 7 min )
    Samba on the BlackBerry PlayBook
    No content preview  ( 6 min )
    NCC Group placed first in global 5G Cyber Security Hack competition
    No content preview  ( 9 min )
    Secure Device Provisioning Best Practices: Heavy Truck Edition
    No content preview  ( 7 min )
    Manifest Explorer
    No content preview  ( 7 min )
    Rise of the machines: Machine Learning & its cyber security applications
    No content preview  ( 7 min )
    Managing Cyber Risk in the Supply Chain
    No content preview  ( 6 min )
    Security Compliance as an Engineering Discipline
    No content preview  ( 6 min )
    Public Report: Aleo snarkOS Implementation and Consensus Mechanism Review
    No content preview  ( 7 min )
    metasploitavevasion
    No content preview  ( 6 min )
    PRTG Network Monitor Command injection
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance v5.6 – Session hijacking (and bypassing client-side session timeouts)
    No content preview  ( 7 min )
    Scenester – A Small Tool for Cross-Platform Web Application
    No content preview  ( 7 min )
    Phishing Stories
    No content preview  ( 6 min )
    pySimReader
    No content preview  ( 6 min )
    Ransomware: what organisations can do to survive
    No content preview  ( 6 min )
    scenester
    No content preview  ( 6 min )
    Research Insights Volume 3 – How are we breaking in: Mobile Security
    No content preview  ( 7 min )
    Lumension Device Control (formerly Sanctuary) remote memory corruption
    No content preview  ( 7 min )
    Second-Order Code Injection Attacks
    No content preview  ( 6 min )
    Managing PowerShell in a modern corporate environment
    No content preview  ( 7 min )
    Samba Andx Request Remote Code Execution
    No content preview  ( 6 min )
    Oracle E-Business Suite Pre-Auth SQLi with DBA Privileges
    NCC Group breaks down a serious Oracle EBS vulnerability that allows unauthenticated users to execute privileged SQL commands.  ( 7 min )
    Principal Mapper (pmapper)
    No content preview  ( 6 min )
    Low Cost Attacks on Smart Cards – The Electromagnetic Side-Channel
    No content preview  ( 7 min )
    NCC Group’s Juan Garrido named to Microsoft’s MSRC Office Security Researcher Leaderboard
    No content preview  ( 7 min )
    Public cloud
    No content preview  ( 6 min )
    Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often
    No content preview  ( 7 min )
    Latest threats to the connected car & intelligent transport ecosystem
    No content preview  ( 6 min )
    Research Insights Volume 6: Common Issues with Environment Breakouts
    No content preview  ( 7 min )
    NCC Group Malware Technical Note
    No content preview  ( 6 min )
    Lessons learned from 50 bugs: Common USB driver vulnerabilities
    No content preview  ( 7 min )
    LibAVCodec AMV Out of Array Write
    No content preview  ( 7 min )
    Securing PL/SQL Applications with DBMS_ASSERT
    No content preview  ( 6 min )
    POC2021 – Pwning the Windows 10 Kernel with NTFS and WNF Slides
    No content preview  ( 7 min )
    Pip3line
    No content preview  ( 6 min )
    Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT 2000 XP
    No content preview  ( 6 min )
    Oracle Forensics Part 2: Locating Dropped Objects
    No content preview  ( 6 min )
    Practical SME security on a shoestring
    No content preview  ( 6 min )
    Python Class Informer: an IDAPython plugin for viewing run-time type information (RTTI)
    No content preview  ( 7 min )
    Research Insights Volume 2 – Defensive Trends
    No content preview  ( 6 min )
    Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)
    Learn about the Sercomm H500s remote command execution flaw and NCC Group’s technical advisory for mitigation.  ( 8 min )
    Launching the first in our series of Research Insights
    No content preview  ( 7 min )
    Microsoft SQL Server Passwords
    No content preview  ( 6 min )
    Porting the Misfortune Cookie Exploit: A Look into Router Exploitation Using the TD-8817
    No content preview  ( 7 min )
    Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing
    No content preview  ( 7 min )
    Ricochet Security Assessment Public Report
    No content preview  ( 6 min )
    NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020
    No content preview  ( 8 min )
    Oracle Passwords and OraBrute
    No content preview  ( 6 min )
    Package Play
    No content preview  ( 6 min )
    My name is Matt – My voice is my password
    No content preview  ( 7 min )
    NCC Group’s Jeremy Boone recognized for Highest Quality and Most Eligible Reports through the Intel Circuit Breaker program
    No content preview  ( 7 min )
    OS X 10.6.6 Camera Raw Library Memory Corruption
    No content preview  ( 7 min )
    Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication Mechanism
    No content preview  ( 7 min )
    Conference Talks – February/March 2021
    Explore NCC Group’s expert talks from Feb–Mar 2021, covering cybersecurity trends, research insights, and industry best practices.  ( 8 min )
    Oracle Forensics Part 4: Live Response
    No content preview  ( 7 min )
    Non-Deterministic Nature of Prompt Injection
    No content preview  ( 8 min )
    Nagios XI Network Monitor Stored and Reflected XSS
    No content preview  ( 6 min )
    New Attack Vectors and a Vulnerability Dissection of MS03-007
    No content preview  ( 6 min )
    Non-flood/non-volumetric Distributed Denial of Service (DDoS)
    No content preview  ( 7 min )
    Oracle Hyperion 11 Directory Traversal
    No content preview  ( 7 min )
    PDF Form Filling and Flattening Tool Buffer Overflow
    Explore how a buffer overflow vulnerability in a PDF form filling and flattening tool could lead to memory corruption and security risks.  ( 8 min )
    Oracle 11g TNS listener remote Invalid Pointer Read
    No content preview  ( 6 min )
    Mergers & Acquisitions (M&A) cyber security due diligence
    No content preview  ( 6 min )
    Microsoft Internet Explorer CMarkup Use-After-Free
    No content preview  ( 7 min )
    Mobile apps and security by design
    No content preview  ( 6 min )
    ncccodenavi
    No content preview  ( 6 min )
    NCC CON Europe 2017
    No content preview  ( 7 min )
    On Linux’s Random Number Generation
    No content preview  ( 13 min )
    Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads
    No content preview  ( 12 min )
    Drones: Detect, Identify, Intercept, and Hijack
    A technical look at how drones can be exploited and the methods used to counter unauthorized UAV activity.  ( 13 min )
    NCC Group Research at Black Hat USA 2021 and DEF CON 29
    No content preview  ( 17 min )
    Multiple Cisco CSS / ACE Client Certificate and HTTP Header
    A technical breakdown of multiple vulnerabilities in Cisco CSS ACE and their implications for secure network operations.  ( 15 min )
    Machine Learning for Static Analysis of Malware – Expansion of Research Scope
    No content preview  ( 17 min )
    Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes
    Discover how incremental machine learning improves threat detection using Zeek logs, River, and JA3 fingerprinting.  ( 17 min )
    Setting a New Standard for Kubernetes Deployments
    No content preview  ( 9 min )
    SecureIE.ActiveX
    No content preview  ( 6 min )
    Research Insights Volume 8 – Hardware Design: FPGA Security Risks
    No content preview  ( 7 min )
    Open Banking: Security considerations & potential risks
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance Any logged-in user can bypass controls to reset passwords of other administrators
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance v5.6 – Active session tokens of other users are disclosed within the UI
    No content preview  ( 8 min )
    McAfee Email and Web Security Appliance v5.6 – Password hashes can be recovered from a system backup and easily cracked
    No content preview  ( 8 min )
    McAfee Email and Web Security Appliance Reflective XSS allowing an attacker to gain session tokens
    No content preview  ( 6 min )
    Memory Gap
    No content preview  ( 6 min )
    Logs, Logs, the Audit Trail – Features of a Successful Log Management Solution
    No content preview  ( 9 min )
    Lessons learned from 50 USB bugs
    No content preview  ( 7 min )
    Machine Learning 103: Exploring LLM Code Generation
    No content preview  ( 7 min )
    Mobile & web browser credential management: Security implications, attack cases & mitigations
    No content preview  ( 7 min )
    Machine Learning 104: Breaking AES With Power Side-Channels
    No content preview  ( 7 min )
    NCC Con Europe 2016
    No content preview  ( 7 min )
    Medium Risk Vulnerability in Symantec Enterprise Security Management
    No content preview  ( 6 min )
    Working with the Open Technology Fund
    Discover how NCC Group collaborates with the Open Technology Fund to advance secure, open-source technology worldwide.  ( 7 min )
    Memory Scanning for the Masses
    No content preview  ( 9 min )
    Medium Risk Vulnerability in Symantec Network Access Control
    No content preview  ( 6 min )
    Live Incident Blog: June Global Ransomware Outbreak
    No content preview  ( 10 min )
    An offensive guide to the Authorization Code grant
    Discover NCC Group’s offensive security perspective on Authorization Code Grant vulnerabilities and mitigations.  ( 14 min )
    Writing Robust Yara Detection Rules for Heartbleed
    Explore NCC Group’s approach to writing effective YARA rules for detecting Heartbleed in OpenSSL implementations.  ( 11 min )

  • Open

    Microsoft Entra certificate change: what admins need to do now
    Microsoft will transition Microsoft Entra identity services from DigiCert Global Root G1 to G2 certificates on January 7, 2026. Organizations that do not prepare for this change risk authentication failures across their Microsoft 365 and Azure environments. Source

  • Open

    Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass
    Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass  ( 12 min )

  • Open

    Beyond good ol’ Run key, Part 152
    Forgot to post this one before 153… As this is often the case in this series, this persistence mechanism is a documented feature of Microsoft Windows. The following Registry entry: HKLM\Software\Microsoft\MSDTC\XADLL can store a list of DLL files that can … Continue reading →  ( 2 min )
    Beyond good ol’ Run key, Part 149 – update
    In my older post, I described the persistence mechanism (GPExtensionDLL Registry entry) that I couldn’t make to work at that time. I eventually found a way to trigger it, using a function LoadGPExtensionDll exported by the fwpolicyiomgr.dll. One can execute: … Continue reading →  ( 2 min )

  • Open

    Syncing passkeys with Microsoft Entra ID
    Microsoft Entra ID introduces synced passkeys to simplify multi-factor authentication and reduce the security risks associated with traditional methods such as passwords and SMS codes. This feature, announced at Microsoft Ignite 2025, enables users to authenticate with biometrics or device PINs without entering passwords when syncing credentials across devices via cloud-based passkey providers. The implementation also includes high-assurance account recovery using government-issued ID verification to restore access when users lose all authentication methods. Source

  • Open

    Detect Go’s silent arithmetic bugs with go-panikint
    Go’s arithmetic operations on standard integer types are silent by default, meaning overflows “wrap around” without panicking. This behavior has hidden an entire class of security vulnerabilities from fuzzing campaigns. Today we’re changing that by releasing go-panikint, a modified Go compiler that turns silent integer overflows into explicit panics. We used it to find a live integer overflow in the Cosmos SDK’s RPC pagination logic, showing how this approach eliminates a major blind spot for anyone fuzzing Go projects. (The issue in the Cosmos SDK has not been fixed, but a pull request has been created to mitigate it.) The sound of silence In Rust, debug builds are designed to panic on integer overflow, a feature that is highly valuable for fuzzing. Go, however, takes a different approach…  ( 5 min )

  • Open

    Agentic ProbLLMs: Exploiting AI Computer-Use And Coding Agents (39C3 Video + Slides)
    It was great to attend the 39C3 - Power Cycles in Hamburg this year. The Chaos Communication Congress was once again packed with great talks, amazing people, awesome events and side quests - and I even got to present! You can watch the talk with translation options on media.ccc.de. I also uploaded the English version to the Embrace The Red YouTube channel. I hope it’s interesting and helpful. The talk is titled “Agentic ProbLLMs: Exploiting AI Computer-Use and Coding Agents” and is about my security research on vulnerabilities in agentic systems and the Month of AI Bugs with lots of demos.  ( 1 min )

  • Open

    GenAI DevOps: More Code, More Problems
    GenAI has made it possible for anyone to ship production code, but security hasn’t caught up. The real risk isn’t bad AI code, it’s how quickly unsafe behavior reaches production. Here’s how to build guardrails so speed doesn’t become liability.  ( 9 min )

  • Open

    ManageEngine DEX Manager Plus: Real-time endpoint monitoring and management
    ManageEngine DEX Manager Plus is a cloud-based digital employee experience management platform designed to continuously understand, measure, and improve how employees interact with their digital workplace. By combining endpoint telemetry, experience analytics, proactive issue identification, and guided remediation, it enables IT teams to ensure reliable performance, minimize disruptions, and deliver a consistently productive and frustration-free employee experience. Source

  • Open

    Public Report: Meta Whatsapp message summarization service
    No content preview  ( 7 min )

  • Open

    S2D and SAN coexistence in Windows Server failover clustering for Hyper‑V, SQL Server, and file services
    Organizations running modern data centers increasingly need flexible storage architectures that balance performance, resiliency, and investment protection. With Windows Server 2022 and Windows Server 2025, Microsoft now enables true S2D and SAN coexistence—allowing Storage Spaces Direct (S2D) to operate alongside traditional SAN storage within the same failover clustering environment. This mixed-storage approach lets IT teams optimize workloads such as Hyper-V, SQL Server, and file services by combining high-performance local storage with existing enterprise SAN infrastructure, all while maintaining full cluster support and operational consistency. Source

  • Open

    Adventures in EM Side-channel Attacks
    Adventures in EM Side-channel Attacks Eucleak  ( 7 min )

  • Open

    Crack the Riddle, Secure the Oasis: Core NetWars Version 11 is Here
    A blog about SANS Institute's new Core NetWars Version 11  ( 12 min )

  • Open

    Expanding on ChunkyIngress - Clippy Goes Rogue (GoClipC2)
    GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.  ( 10 min )
    Expanding on ChunkyIngress - Clippy Goes Rogue (GoClipC2)
    GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.  ( 10 min )

  • Open

    The Cost Savings of Fixing Security Flaws in Development
    No content preview  ( 7 min )

  • Open

    A New Approach to Proving Cybersecurity Value (That Isn’t ROI)
    In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders.  ( 6 min )
    Celebrating 10 Years of Partnership: Snap and HackerOne Reach $1M in Bounties
    At Snap, security is more than a priority—it’s a core mission. Over the past decade, Snap has partnered with HackerOne to build and sustain a robust bug bounty program. This collaboration has led to major milestones, including paying security researchers over $1M in bounties. To celebrate this achievement and their 10-year partnership, we spoke with Jim Higgins, Snap's Chief Information Security Officer, Vinay Prabhushankar, Snap’s Security Engineering Manager, and Ilana Arbisser, Snap’s Privacy Engineer.

  • Open

    Women@ Kicks Off the Year with a Vision Board Event
    No content preview  ( 4 min )

  • Open

    Gain Actionable, Data-backed Insights with HackerOne Recommendations
    What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can.  ( 5 min )

  • Open

    Welcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discovery
    What are Hackbots and how are they impacting vulnerability discovery and the researcher community?  ( 6 min )

  • Open

    DORA Compliance Is Here: What Financial Entities Should Know
    The new DORA regulation: everything your organization needs to know about its impact and how to comply.  ( 5 min )

  • Open

    Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies
    The term “special relationship,” coined by Winston Churchill, describes the close, longstanding alliance between the United States and the United Kingdom. It has been applied to cooperation during war, to trade and commerce, and even to intelligence sharing. That special relationship has clearly influenced the two nations’ recent policy papers on national cybersecurity. The U.K. […] The post Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies appeared first on Synack.  ( 7 min )

  • Open

    Scoping Adventures: How to Get the Most Out of Your Synack Pentesting
    Scoping Adventures is a series of blogs about some of the more interesting penetration tests that the Synack Customer Success teams have worked on over the last few months. Each blog outlines how we engage with the client to achieve the best results from a pentest. Pentesters love colors—red, blue, purple, black, white and grey […] The post Scoping Adventures: How to Get the Most Out of Your Synack Pentesting appeared first on Synack.  ( 11 min )

  • Open

    Applying Strategic Thinking in Your Pentesting Program
    The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common vulnerabilities and exposures (CVEs) were published. At the same time, organization attack surfaces are expanding. […] The post Applying Strategic Thinking in Your Pentesting Program appeared first on Synack.  ( 7 min )

  • Open

    The U.S. has a new cybersecurity strategy. What’s next for CISOs?
    One week ago, the Biden administration unveiled its long-awaited U.S. National Cybersecurity Strategy, with an eye toward centralizing government cyber resources and holding IT vendors more accountable for their digital defenses. Now that the ink is dry on the 35-page document, top officials like Acting National Cyber Director Kemba Walden are busy putting it into […] The post The U.S. has a new cybersecurity strategy. What’s next for CISOs? appeared first on Synack.  ( 7 min )
2026-01-27T01:03:48.343Z osmosfeed 1.15.1