• Open

    ntprint.exe lolbin
    You can copy c:\WINDOWS\system32\ntprint.exe to a folder of your liking f.ex. c:\test, and then launch it with command line arguments like this: ntprint.exe PSetupElevatedLegacyPrintDriverInstallW {} This will load c:\test\ntprint.dll:  ( 2 min )

  • Open

    Using .LNK files as lolbins
    I am not sure if I or anyone else pointed it out before. Highly possible. I kinda lost track of it at this stage… So, anyway… this is a pretty dumb lolbin functionality that is exhibited by many native .lnk … Continue reading →  ( 2 min )
  • Open

    State of the Art of Private Key Security in Blockchain Ops - 1. Concepts, Types of Wallets and Signing Strategies
    Concepts, Types of Wallets and Signing Strategies  ( 11 min )
  • Open

    A History of Active Directory Security
    During the Summer of 2024, I had a talk at Troopers called “A Decade of Active Directory Attacks:What We’ve Learned & What’s Next” (Slides & Video). I focused on the key milestones of Active Directory security. This post covers this in some detail which was correlated with public information and GitHub release information. This article … Continue reading  ( 8 min )
    Active Directory Security Tip #11: Print Service on Domain Controllers
    The Print Spooler service is a default service on Windows Servers and is set to run at startup. There are a number of attacks that are enabled by having the Print Spooler service running on Domain Controllers (ex.: Printer Bug: https://adsecurity.org/?p=4056) At this point it’s best to configure a GPO to disable the Print Spooler … Continue reading  ( 5 min )
  • Open

    Lucid Dreams I: Lucid’s First Time Fuzzing
    Background We’ve spent a lot of time so far on this blog documenting the development process of Lucid, our full-system snapshot fuzzer, and I really wanted to start using it to do some real fuzzing. So the focus of this blog post will be documenting the process I had to take to get Lucid up and fuzzing on a real target. So far, Lucid has only worked on a toy harness/example, and so we need to see what kind of things need tweaking when a real target comes into play.  ( 26 min )

  • Open

    Sending encrypted emails with Gmail Client-side Encryption (CSE) to external recipients
    On October 2, 2025, Google announced that Gmail Client-side Encryption (CSE) now enables Google Workspace Enterprise Plus users with the Assured Controls add-on to send end-to-end encrypted emails to external recipients across any email platform. The encryption occurs in the browser before data reaches Google's servers, allowing organizations to maintain control over their encryption keys while external recipients access encrypted messages through guest accounts without requiring S/MIME certificate exchanges. Source
  • Open

    It's Never Simple Until It Is (Dell UnityVSA Pre-Auth Command Injection CVE-2025-36604)
    Welcome back, and what a week! We’re glad that happened for you and/or sorry that happened to you. It will get better and/or worse, and you will likely survive. Today, we’re walking down the garden path and digging into the archives, publishing our analysis  ( 6 min )
  • Open

    [ru] Kernel-hack-drill и новый эксплойт для CVE-2024-50264 в ядре Linux
    Некоторые уязвимости, связанные с повреждением памяти, невероятно сложны для эксплуатации. Они могут вызывать состояния гонки, приводить к сбоям системы и накладывать разные ограничения, которые усложняют жизнь исследователя. Работа с такими «хрупкими» багами требует значительно больше времени и усилий. CVE-2024-50264 в ядре Linux — как раз одна из таких сложных уязвимостей, которая получила премию Pwnie Award 2025 в категории «Лучшее повышение привилегий» (Best Privilege Escalation). В этой статье я представлю свой проект kernel-hack-drill и покажу, как он помог мне разработать прототип эксплойта для уязвимости CVE-2024-50264.  ( 23 min )
  • Open

    Your point of departure for forensic readiness
    Your point of departure for forensic readiness - Digital Forensics Incident Response  ( 9 min )

  • Open

    Microsoft Intune September 2025 update: Intel vPro integration, PowerShell app scripts, iOS/macOS 26 support, and Copilot enhancements
    Microsoft Intune's September 2025 update introduces hardware-level device recovery through Intel vPro integration, PowerShell installer script support for Enterprise Application Management, and day-zero compatibility for Apple's iOS/iPadOS and macOS 26 operating systems. Service release 2509 also expands Copilot capabilities for Windows 365 Cloud PC management and updates the minimum supported versions for Apple platforms. Source
  • Open

    YoSmart YoLink Hub version 0382
    The following document describes identified vulnerabilities in the YoLink Hub smart device version 0382.  ( 11 min )
    How a $20 Smart Device Gave Me Access to Your Home
    Bishop Fox research uncovered zero-day vulnerabilities in the YoLink Smart Hub. Anyone using the YoLink Smart Hub v0382 is at risk.  ( 12 min )
  • Open

    Spot trouble early with honeypots and Suricata
    TL;DR  Introduction It’s strange how satisfying it is to turn off the lights, set up a tent under the stars, and watch the kids swap screen time for mud pies and marshmallows. Before I left for a 3-day family camping trip, I had one last thing to do: set up a T-Pot honeypot safely in […] The post Spot trouble early with honeypots and Suricata appeared first on Pen Test Partners.  ( 10 min )
  • Open

    What Did the Attacker Read? MailItemAccessed Tells You
    The Growing Threat of BEC Business Email Compromise (BEC) is a growing threat vector that often results in significant financial and reputational damage. Typically, BEC attacks aim to commit fraud, steal data, or compromise supply chains. A common characteristic of these attacks is gaining access to the victim’s emails, often going in pair with the … Continue reading What Did the Attacker Read? MailItemAccessed Tells You →  ( 16 min )
  • Open

    Active Directory Security Tip #10: FSMO Roles
    Getting Microsoft supported backups of Domain Controllers is an important part of recovery strategy. A best practice is to locate all Flexible Master Single Operator (FSMO) roles on a single DC in the domain. That way you can more easily target the DC that hosts the FSMOs for backup. PowerShell code to check for FSMO … Continue reading  ( 5 min )
  • Open

    Overview of Content Published in September
    Here is an overview of content I published in September: SANS ISC Diary entries: BASE64 Over DNS Web Searches For Archives  ( 11 min )

  • Open

    Proxmox Datacenter Manager: A new alternative to VMware vCenter?
    Proxmox Datacenter Manager (PDM) is a brand new, open-source platform designed to provide centralized management and monitoring for Proxmox VE clusters and nodes. Launched in late 2024, PDM offers a modern web interface that simplifies large-scale virtualization administration across multiple datacenters. As organizations seek alternatives to VMware’s increasingly costly and restrictive ecosystem, Proxmox Datacenter Manager emerges as a promising vCenter competitor for cost-effective and flexible enterprise virtualization management. Source
  • Open

    Hacking smarter with Burp AI: NahamSec puts Burp AI to the test
    Bug bounty legend, NahamSec, has taken Burp AI for a spin. If you're curious how Burp AI fits into a real workflow, his new video is the perfect place to start. Watch on YouTube Burp AI was built to a  ( 3 min )
  • Open

    Lunar Spider Expands their Web via FakeCaptcha
    Key Findings Introduction NVISO has observed and correlated information regarding the latest attack chain employed by Lunar Spider. Lunar Spider, also known as Gold SwathMore, is a Russian-speaking cybercriminal group motivated by financial gain. They have built their reputation on developing and operating the IcedID (also known as BokBot) Malware-as-a-Service (MaaS) since 2019. Following the … Continue reading Lunar Spider Expands their Web via FakeCaptcha →  ( 28 min )
  • Open

    RSA Conference – Mobile Threat War Room
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance v5.6 – Password hashes can be recovered from a system backup and easily cracked
    No content preview
    Java RMI Registry.bind() Unvalidated Deserialization
    No content preview
    iOS User Enrollment and Trusted Certificates
    No content preview
    In-depth analysis of the new Team9 malware family
    No content preview  ( 16 min )
    Research Insights Volume 1 – Sector Focus: Financial Services
    No content preview  ( 6 min )
    Curve9767 and Fast Signature Verification
    No content preview  ( 14 min )
    Cracking RDP NLA Supplied Credentials for Threat Intelligence
    No content preview  ( 9 min )
    Experiments in Extending Thinkst Canary – Part 1
    No content preview  ( 7 min )
    New Sources of Microsoft Office Metadata – Tool Release MetadataPlus
    No content preview  ( 11 min )
    How to Backdoor Diffie-Hellman
    No content preview
    eBook – Do you know how your organisation would react in a real-world attack scenario?
    No content preview
    Decrypting OpenSSH sessions for fun and profit
    No content preview
    IP-reputation-snort-rule-generator
    No content preview  ( 6 min )
    Exploiting CVE-2014-0282 (1)
    No content preview  ( 6 min )
    Improving Your Embedded Linux Security Posture With Yocto
    No content preview  ( 6 min )
    Extracting the Payload from a CVE-2014-1761 RTF Document
    No content preview  ( 10 min )
    Erlang Security 101
    No content preview  ( 6 min )
    Some Notes About the Xen XSA-122 Bug
    No content preview  ( 11 min )
    SOC maturity & capability
    No content preview  ( 6 min )
    Impersonating Gamers With GPT-2
    No content preview  ( 19 min )
    Jackson Deserialization Vulnerabilities
    No content preview  ( 6 min )
    metasploitavevasion
    No content preview
    Code Patterns for API Authorization: Designing for Security
    No content preview  ( 12 min )
    Spectre and Meltdown: What you Need to Know
    No content preview  ( 11 min )
    Machine Learning 103: Exploring LLM Code Generation
    No content preview
    D0nut encrypt me, I have a wife and no backups
    No content preview
    Technical Advisory – Apple HFS+ Information Disclosure Vulnerability
    No content preview
    How cryptography is used to monitor the spread of COVID-19
    No content preview
    Conference Talks – October 2021
    No content preview
    Secure Device Manufacturing: Supply Chain Security Resilience
    No content preview
    Ethics in Security Testing
    No content preview
    Conference Talks – January 2020
    No content preview  ( 7 min )
    firstexecution
    No content preview  ( 6 min )
    NCC Group co-signs the Electronic Frontier Foundation’s Statement on DMCA Use Against Security Researchers
    No content preview  ( 8 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 4: Architecture and Design
    No content preview  ( 14 min )
    Lumension Device Control (formerly Sanctuary) remote memory corruption
    No content preview  ( 7 min )
    Exploring the Security & Privacy of Canada’s Digital Proof of Vaccination Programs
    No content preview  ( 29 min )
    Fix Bounty
    No content preview  ( 9 min )
    Cyber Essentials Scheme
    No content preview  ( 6 min )
    Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust
    No content preview  ( 20 min )
    How To Spot a Penetration Tester in Your Network (and Catch the Real Bad Guys at the Same Time)
    No content preview  ( 13 min )
    Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha-Based PRNG
    No content preview  ( 10 min )
    Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server
    No content preview  ( 7 min )
    Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
    No content preview  ( 17 min )
    Database Security: A Christmas Carol
    No content preview  ( 7 min )
    Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code
    No content preview  ( 14 min )
    CVE-2017-8570 RTF and the Sisfader RAT
    No content preview  ( 11 min )
    Decoding network data from a Gh0st RAT variant
    No content preview  ( 8 min )
    Cyber Security of New Space Paper
    No content preview  ( 7 min )
    IAX Voice Over-IP Security
    No content preview  ( 6 min )
    CyberVillainsCA
    No content preview  ( 6 min )
    Conference Talks – August 2020
    No content preview  ( 11 min )
    IAM user management strategy (part 2)
    No content preview  ( 9 min )
    Hiccupy
    No content preview  ( 6 min )
    Hacking Appliances: Ironic exploits in security products
    No content preview  ( 6 min )
    Heartbleed OpenSSL vulnerability
    No content preview  ( 9 min )
    House
    No content preview  ( 6 min )
    Enterprise-scale seamless onboarding and deployment of Azure Sentinel using Lighthouse for multi-tenant environments
    No content preview  ( 21 min )
    Passive Decryption of Ethereum Peer-to-Peer Traffic
    No content preview  ( 10 min )
    Mining data from Cobalt Strike beacons
    No content preview  ( 14 min )
    On Multiplications with Unsaturated Limbs
    No content preview  ( 14 min )
    Medical Devices: A Hardware Security Perspective
    No content preview  ( 14 min )
    Ruling the rules
    No content preview  ( 11 min )
    Non Obvious PE Parsers – The .NET runtime – Part 1
    No content preview  ( 12 min )
    On the Use of Pedersen Commitments for Confidential Payments
    No content preview  ( 12 min )
    Public Report – Android Cloud Backup/Restore
    No content preview  ( 6 min )
    Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly
    No content preview  ( 18 min )
    Overview of Modern Memory Security Concerns
    No content preview  ( 16 min )
    SIAM AG23: Algebraic Geometry with Friends
    No content preview  ( 17 min )
    Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures
    No content preview  ( 12 min )
    Replicating CVEs with KLEE
    No content preview  ( 10 min )
    Symantec Backup Exec 2012 – Linux Backup Agent Heap Overflow
    No content preview  ( 7 min )
    TA505: A Brief History Of Their Time
    No content preview  ( 14 min )
    Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption
    No content preview  ( 10 min )
    Technical Advisory – DelTek Vision – Arbitrary SQL Execution (SQLi)
    No content preview  ( 8 min )
    Hackproofing Oracle Application Server
    No content preview
    libtalloc: A GDB plugin for analysing the talloc heap
    No content preview
    Fuzzbox
    No content preview
    dotnetpaddingoracle
    No content preview
    Security Considerations of zk-SNARK Parameter Multi-Party Computation
    No content preview
    Logs, Logs, the Audit Trail – Features of a Successful Log Management Solution
    No content preview
    Login Service Security
    No content preview
    Oracle Passwords and OraBrute
    No content preview
    Inter-Protocol Exploitation
    No content preview
    Common Insecure Practices with Configuring and Extending Salesforce
    No content preview
    Flubot: the evolution of a notorious Android Banking Malware
    No content preview
    Flash security restrictions bypass: File upload by URLRequest
    No content preview
    Extractor
    No content preview
    Ransomware: what organisations can do to survive
    No content preview
    Nagios XI Network Monitor Blind SQL Injection
    No content preview
    Inter-Protocol Communication
    No content preview
    pySimReader
    No content preview
    iOS 7 arbitrary code execution in kernel mode
    No content preview
    Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study
    No content preview
    Shell Arithmetic Expansion and Evaluation Abuse
    No content preview
    eBook – Planning a robust incident response process
    No content preview
    E-mail Spoofing and CDONTS.NEWMAIL
    No content preview
    HTTP Profiler
    No content preview
    dotnetpefuzzing
    No content preview
    Cisco VPN Client Privilege Escalation
    No content preview
    Remote code execution in ImpressPages CMS
    No content preview
    G-Scout
    No content preview
    Estimating the Bit Security of Pairing-Friendly Curves
    No content preview
    CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service
    No content preview
    Latest threats to the connected car & intelligent transport ecosystem
    No content preview
    Internet of Things Security
    No content preview
    Exploring DeepFake Capabilities & Mitigation Strategies with University College London
    No content preview
    Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)
    No content preview
    How will GDPR impact your communications?
    No content preview
    HDMI – Hacking Displays Made Interesting
    No content preview
    Drones: Detect, Identify, Intercept, and Hijack
    No content preview
    How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension
    No content preview
    Cyber Security in UK Agriculture
    No content preview
    CloudWatch: Amazon Web Services & Shellshock
    No content preview
    Image IO Memory Corruption
    No content preview
    Deep Dive into Real-World Kubernetes Threats
    No content preview
    Protecting stored cardholder data (an unofficial supplement to PCI DSS V3.0)
    No content preview
    DDoS Common Approaches and Failings
    No content preview
    Cyber red-teaming business-critical systems while managing operational risk
    No content preview
    Cleaning Up After Cookies
    No content preview
    FPGAs: Security Through Obscurity?
    No content preview
    Exploiting Rich Content
    No content preview  ( 6 min )
    General Data Protection Regulation – are you ready?
    No content preview
    Data-mining with SQL Injection and Inference
    No content preview
    Jailbreak
    No content preview
    Intel BIOS Advisory – Memory Corruption in HID Drivers
    No content preview
    How much training should staff have on cyber security?
    No content preview
    Cisco ASA series part seven: Checkheaps
    No content preview
    Oracle Hyperion 11 Directory Traversal
    No content preview
    Nagios XI Network Monitor – OS Command Injection
    No content preview
    Compromising Apache Tomcat via JMX access
    No content preview
    Exploiting Noisy Oracles with Bayesian Inference
    No content preview
    DECTbeacon
    No content preview
    Command Injection in XML Signatures and Encryption
    No content preview
    Post-quantum cryptography overview
    No content preview
    Critical Risk Vulnerability in Ingres (Pointer Overwrite 2)
    No content preview
    Firmware Rootkits: The Threat to the Enterprise
    No content preview
    Early CCS Attack Analysis
    No content preview
    Distributed Ledger (Blockchain) Security and Quantum Computing Implications
    No content preview
    Cracking Random Number Generators using Machine Learning – Part 2: Mersenne Twister
    No content preview
    Conference Talks – May 2021
    No content preview
    Cisco IPSec VPN Implementation Group Name Enumeration
    No content preview
    Fuzzing USB devices using Frisbee Lite
    No content preview
    Exploiting PL/SQL Injection Flaws with only CREATE SESSION Privileges
    No content preview
    DeLux Edition: Getting root privileges on the eLux Thin Client OS
    No content preview  ( 8 min )
    Cisco ASA series part three: Debugging Cisco ASA firmware
    No content preview
    Exploiting Security Gateways Via Web Interfaces
    No content preview
    Encryption at rest: Not the panacea to data protection
    No content preview
    Domestic IoT Nightmares: Smart Doorbells
    No content preview
    Conference Talks – February/March 2021
    No content preview
    Going “AUTH the Rails” on a Crazy Train
    No content preview  ( 6 min )
    Exporting non-exportable RSA keys
    No content preview
    Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT 2000 XP
    No content preview
    Ghidra nanoMIPS ISA module
    No content preview
    Software-Based Fault Injection Countermeasures (Part 2/3)
    No content preview
    Getting per-user Conditional Access MFA status in Azure
    No content preview
    CowCloud
    No content preview
    Enumerating System Management Interrupts
    No content preview
    Database Security Brief: The Oracle Critical Patch Update for April 2007
    No content preview
    Cloud Security Presentation
    No content preview
    Extending a Thinkst Canary to become an interactive honeypot
    No content preview
    Cranim: A Toolkit for Cryptographic Visualization
    No content preview
    Compromising a Hospital Network for £118 (Plus Postage & Packaging)
    No content preview
    Hacking the Extensible Firmware Interface
    No content preview
    Detecting Karakurt – an extortion focused threat actor
    No content preview
    Conference Talks – September 2020
    No content preview
    Mergers & Acquisitions (M&A) cyber security due diligence
    No content preview
    From ERMAC to Hook: Investigating the technical differences between two Android malware variants
    No content preview
    Finding the weak link in binaries
    No content preview
    Microsoft SQL Server Passwords
    No content preview
    From CSV to CMD to qwerty
    No content preview
    Perfect Forward Security
    No content preview
    Exploring Verifiable Random Functions in Code
    No content preview
    Deception Engineering: exploring the use of Windows Installer Packages against first stage payloads
    No content preview
    Cisco ASA series part one: Intro to the Cisco ASA
    No content preview
    Exploit mitigations: keeping up with evolving and complex software/hardware
    No content preview  ( 7 min )
    Double-odd Elliptic Curves
    No content preview
    Dissecting social engineering attacks
    No content preview
    Conference Talks – February 2020
    No content preview
    Nessus Authenticated Scan – Local Privilege Escalation
    No content preview
    hostresolver
    No content preview
    Cross Site Request Forgery: An Introduction to a Common Web Application Weakness
    No content preview
    Conference Talks – November 2020
    No content preview
    Grepify – a Small Tool for Code Reviewers
    No content preview
    Endpoint connectivity
    No content preview
    Exploiting Samba CVE-2015-0240 on Ubuntu 12.04 and Debian 7 32-bit
    No content preview
    Database Servers on Windows XP and the unintended consequences of simple file sharing
    No content preview
    Climbing Mount Everest: Black-Byte Bytes Back?
    No content preview
    End-of-life pragmatism
    No content preview  ( 6 min )
    Creating Arbitrary Shellcode In Unicode Expanded Strings
    No content preview
    Cracking Random Number Generators using Machine Learning – Part 1: xorshift128
    No content preview
    Embedded Device Security Certifications
    No content preview
    Implementing and Detecting a PCI Rootkit
    No content preview
    Cisco ASA series part six: Cisco ASA mempools
    No content preview
    Machine Learning 104: Breaking AES With Power Side-Channels
    No content preview
    Introspy for Android
    No content preview
    Gizmo
    No content preview
    Conti-nuation: methods and techniques observed in operations post the leaks
    No content preview
    Detecting Rclone – An Effective Tool for Exfiltration
    No content preview
    Sakula: an adventure in DLL planting
    No content preview
    HITB Phuket 2023 – Exploiting the Lexmark PostScript Stack
    No content preview
    Conference Talks – December 2021
    No content preview
    Intent Fuzzer
    No content preview
    File Fuzzers
    No content preview
    Conference Talks – December 2020
    No content preview
    NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020
    No content preview
    Hunting SQL Injection Bugs
    No content preview  ( 6 min )
    Critical Risk Vulnerability in SAP DB Web Server (Stack Overflow)
    No content preview
    Conference Talks – March 2022
    No content preview
    Spy-Pi: Do you trust your laptop docking stations?
    No content preview
    Conference Talks – September/October 2022
    No content preview
    Conference Talks – October 2020
    No content preview
    Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation
    No content preview
    Hackproofing MySQL
    No content preview
    Content Security Policies and Popular CMS Systems
    No content preview
    CMakerer: A small tool to aid CLion’s indexing
    No content preview  ( 6 min )
    Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record
    No content preview
    EternalGlue part one: Rebuilding NotPetya to assess real-world resilience
    No content preview
    Decoder Improved Burp Suite plugin release part one
    No content preview
    Managing Cyber Risk in the Supply Chain
    No content preview  ( 6 min )
    Derusbi: A Case Study in Rapid Capability Development
    No content preview
    NCC Group Research at Black Hat USA 2021 and DEF CON 29
    No content preview
    Immunity Debugger Buffer Overflow
    No content preview
    HDMI Ethernet Channel
    No content preview
    D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow
    No content preview
    DARPA OnStar Vulnerability Analysis
    No content preview  ( 8 min )
    POC2021 – Pwning the Windows 10 Kernel with NTFS and WNF Slides
    No content preview
    Content Security Policies Best Practices
    No content preview
    SecureCookies
    No content preview
    Samba Andx Request Remote Code Execution
    No content preview
    D-Link routers vulnerable to Remote Code Execution (RCE)
    No content preview
    Helping Engineering Teams Tackle Security Debt in Embedded Systems: U-Boot Configuration Auditing Introduced in Depthcharge v0.2.0
    No content preview
    Exploring Overfitting Risks in Large Language Models
    No content preview
    Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit
    No content preview
    EasyDA – Easy Windows Domain Access Script
    No content preview
    Introduction to Anti-Fuzzing: A Defence in Depth Aid
    No content preview
    Fuzzing the Easy Way Using Zulu
    No content preview
    Critical Risk Vulnerability in Ingres (Pointer Overwrite 1)
    No content preview
    Public Report – Kubernetes 1.24 Security Audit
    No content preview
    Hardware & Embedded Systems: A little early effort in security can return a huge payoff
    No content preview
    Hacking a web application
    No content preview
    Elephant in the Boardroom Survey 2016
    No content preview  ( 6 min )
    NCC CON Europe 2017
    No content preview
    Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE-2015-0057) bug on both 32-bit and 64-bit
    No content preview
    iOS MobileSlideShow USB Image Class arbitrary code execution.txt
    No content preview
    Detecting anomalous Vectored Exception Handlers on Windows
    No content preview
    CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation
    No content preview
    Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)
    No content preview
    Dangling Cursor Snarfing: A New Class of Attack in Oracle
    No content preview
    Common Flaws of Distributed Identity and Authentication Systems
    No content preview
    Premium Practical Law Content Gateway(2)
    No content preview
    Microsoft Office Memory Corruption Vulnerability
    No content preview
    easyda
    No content preview
    Common Security Issues in Financially-Oriented Web Applications
    No content preview
    Readable Thrift
    No content preview
    Password and brute-force mitigation policies
    No content preview
    Harnessing GPUs Building Better Browser Based Botnets
    No content preview
    Medium Risk Vulnerability in Symantec Network Access Control
    No content preview  ( 6 min )
    Faux Disk Encryption: Realities of Secure Storage On Mobile Devices
    No content preview
    NX Server for Linux Arbitrary Files can be read with root privileges
    No content preview
    General Data Protection Regulation: Knowing your data
    No content preview
    Don’t throw a hissy fit; defend against Medusa
    No content preview
    Demystifying Multivariate Cryptography
    No content preview
    Decoder Improved Burp Suite Plugin
    No content preview
    Five Essential Machine Learning Security Papers
    No content preview
    Creating a Safer OAuth User Experience
    No content preview
    grepify
    No content preview
    Combating Java Deserialisation Vulnerabilities with Look-Ahead Object Input Streams (LAOIS)
    No content preview  ( 6 min )
    Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability
    No content preview
    Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns
    No content preview
    Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit
    No content preview
    Eurocrypt 2023: Death of a KEM
    No content preview
    eBook: Breach notification under GDPR – How to communicate a personal data breach
    No content preview
    DIBF – Updated
    No content preview
    Exploiting CVE-2014-0282
    No content preview
    cisco-SNMP-enumeration
    No content preview
    Cisco ASA series part two: Static analysis & datamining of Cisco ASA firmware
    No content preview
    Critical Risk Vulnerability in SAP Message Server (Heap Overflow)
    No content preview  ( 7 min )
    Low Cost Attacks on Smart Cards – The Electromagnetic Side-Channel
    No content preview
    DNS Pinning and Web Proxies
    No content preview
    Ghost Vulnerability (CVE-2015-0235)
    No content preview
    Exception Handling and Data Integrity in Salesforce
    No content preview
    Does TypeScript Offer Security Improvements Over JavaScript?
    No content preview
    Oracle Forensics Part 1: Dissecting the Redo Logs
    No content preview
    Detection Engineering for Kubernetes clusters
    No content preview
    creep-web-app-scanner
    No content preview  ( 6 min )
    FrisbeeLite
    No content preview  ( 6 min )
    Exploring Prompt Injection Attacks
    No content preview
    How to protect yourself & your organisation from phishing attacks
    No content preview  ( 6 min )
    Research Insights Volume 9 – Modern Security Vulnerability Discovery
    No content preview
    Do not use your AWS root account
    No content preview
    Fuzzing RTSP to discover an exploitable vulnerability in VLC
    No content preview
    Emissary Panda – A potential new malicious tool
    No content preview
    Conference Talks – June 2021
    No content preview
    NCC Con Europe 2016
    No content preview
    Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks
    No content preview
    Game Security
    No content preview
    Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group
    No content preview
    Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass
    No content preview
    Drupal Vulnerability
    No content preview
    Managing PowerShell in a modern corporate environment
    No content preview  ( 6 min )
    OS X 10.6.6 Camera Raw Library Memory Corruption
    No content preview
    NCC Con Europe 2022 – Pwn2Own Austin Presentations
    No content preview
    Demystifying Cobalt Strike’s “make_token” Command
    No content preview
    Research Insights Volume 3 – How are we breaking in: Mobile Security
    No content preview
    port-scan-automation
    No content preview
    Kubernetes Security: Consider Your Threat Model
    No content preview
    Manifest Explorer
    No content preview
    EDIDFuzzer
    No content preview
    Disclosure Policy
    No content preview
    Conference Talks – November 2021
    No content preview
    Public Report – Matrix Olm Cryptographic Review
    No content preview
    Maritime Cyber Security: Threats and Opportunities
    No content preview
    NCC Group’s Upcoming Trainings at Black Hat USA 2021
    No content preview
    Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes
    No content preview
    Public Report – Caliptra Security Assessment
    No content preview
    iSEC Partners Releases SSLyze
    No content preview
    Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm
    No content preview
    ncccodenavi
    No content preview
    Introducing idb-Simplified Blackbox iOS App Pentesting
    No content preview
    Demystifying AWS’ AssumeRole and sts:ExternalId
    No content preview
    Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath
    No content preview
    ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks
    No content preview
    Forensic Fuzzing Tools
    No content preview
    NCC Group’s 2020 Annual Research Report
    No content preview
    Impress Pages CMS Remote Code Execution
    No content preview
    How we breach network infrastructures and protect them
    No content preview  ( 6 min )
    IAM user management strategy
    No content preview
    Research Insights Volume 6: Common Issues with Environment Breakouts
    No content preview
    Introducing Azucar
    No content preview
    Intent Sniffer
    No content preview
    Slotting Security into Corporate Development
    No content preview
    Integrity destroying malicious code for financial or geopolitical gain: A vision of the future?
    No content preview  ( 7 min )
    Fuzzing the Easy Way Using Zulu (1)
    No content preview
    Public Report – VPN by Google One: Technical Security & Privacy Assessment
    No content preview
    Public Report – Coda Cryptographic Review
    No content preview
    McAfee Email and Web Security Appliance Any logged-in user can bypass controls to reset passwords of other administrators
    No content preview
    Exploring macOS Calendar Alerts: Part 2 – Exfiltrating data (CVE-2020-3882)
    No content preview
    Oracle E-Business Suite Pre-Auth SQLi with DBA Privileges
    No content preview  ( 7 min )
    Man-in-the-Middling Non-Proxy Aware Wi-Fi Devices with a Pineapple
    No content preview
    IETF Draft: Indicators of Compromise and Their Role in Attack and Defen[c|s]e
    No content preview
    Public Report – Zcash Zebra Security Assessment
    No content preview
    ISM RAT
    No content preview
    Pairing over BLS12-381, Part 2: Curves
    No content preview
    New Attack Vectors and a Vulnerability Dissection of MS03-007
    No content preview
    log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228
    No content preview
    Lessons learned from 50 USB bugs
    No content preview
    Intel® Software Guard Extensions (SGX): A Researcher’s Primer
    No content preview
    Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication Mechanism
    No content preview
    Microsoft Internet Explorer CMarkup Use-After-Free
    No content preview
    Lumension Device Control Remote Memory Corruption
    No content preview
    iSEC Engages in TrueCrypt Audit
    No content preview
    Public Report – Zcash FROST Security Assessment
    No content preview
    Memory Scanning for the Masses
    No content preview
    McAfee Email and Web Security Appliance Session hijacking and bypassing client-side session timeouts
    No content preview
    Heartbleed (CVE-2014-0160) Advisory
    No content preview  ( 8 min )
    Mobile apps and security by design
    No content preview
    Jailbreak, updated and open-sourced
    No content preview
    How to Spot and Prevent an Eclipse Attack
    No content preview
    Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices
    No content preview
    Phishing Stories
    No content preview
    Launching the first in our series of Research Insights
    No content preview
    Nerve
    No content preview  ( 6 min )
    Microsoft announces the WMIC command is being retired, Long Live PowerShell
    No content preview
    Lending a hand to the community – Covenant v0.7 Updates
    No content preview
    Padding the struct: How a compiler optimization can disclose stack memory
    No content preview
    Multiple Buffer Overflows Discovered in AFFLIB
    No content preview
    lapith
    No content preview
    IODIDE
    No content preview
    SAML XML Injection
    No content preview
    McAfee Email and Web Security Appliance Arbitrary file download is possible with a crafted URL, when logged in as any user
    No content preview
    Hacking Displays Made Interesting
    No content preview
    LibAVCodec AMV Out of Array Write
    No content preview
    LeaPFRogging PFR Implementations
    No content preview
    LAPSUS$: Recent techniques, tactics and procedures
    No content preview
    Rigging the Vote: Uniqueness in Verifiable Random Functions
    No content preview
    iOS Instrumentation Without Jailbreak
    No content preview
    Integrating DigitalOcean into ScoutSuite
    No content preview
    Ragweed
    No content preview
    Public Report – Penumbra Labs R1CS Implementation Review
    No content preview
    NCC Group’s 2021 Annual Research Report
    No content preview
    On Linux’s Random Number Generation
    No content preview
    NCC Group’s 2022 & 2023 Research Report
    No content preview
    Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review
    No content preview
    Public Report – Confidential Space Security Review
    No content preview
    Kivlad
    No content preview
    Memory Gap
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Active session tokens of other users are disclosed within the UI
    No content preview
    Live Incident Blog: June Global Ransomware Outbreak
    No content preview
    Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis
    No content preview  ( 6 min )
    Multiple Format String Injections in AFFLIB
    No content preview
    Multiple Cisco CSS / ACE Client Certificate and HTTP Header
    No content preview
    Public Report – Penumbra Labs Decaf377 Implementation and Poseidon Parameter Selection Review
    No content preview
    Machine learning from idea to reality: a PowerShell case study
    No content preview
    Interfaces.d to RCE
    No content preview
    Shocker
    No content preview
    NCC Group Malware Technical Note
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Any logged-in user can bypass controls to reset passwords of other administrators
    No content preview
    McAfee Email and Web Security Appliance Reflective XSS allowing an attacker to gain session tokens
    No content preview
    Public Report – Zendoo Proof Verifier Cryptography Review
    No content preview
    NCC Group’s Juan Garrido named to Microsoft’s MSRC Office Security Researcher Leaderboard
    No content preview
    Improving your Network and Application Assurance Strategy in an environment of increasing 0day vulnerabilities
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Session hijacking (and bypassing client-side session timeouts)
    No content preview  ( 7 min )
    Mature Security Testing Framework
    No content preview
    McAfee Email and Web Security Appliance Active session tokens of other users are disclosed within the UI
    No content preview
    iSEC audit of MediaWiki
    No content preview
    Machine Learning for Static Analysis of Malware – Expansion of Research Scope
    No content preview
    Lessons learned from 50 bugs: Common USB driver vulnerabilities
    No content preview
    Introduction to AWS Attribute-Based Access Control
    No content preview
    Order Details Screens and PII
    No content preview
    Open Banking: Security considerations & potential risks
    No content preview
    NSA & CISA Kubernetes Security Guidance – A Critical Review
    No content preview
    Research Insights Volume 8 – Hardware Design: FPGA Security Risks
    No content preview
    Public Report – Google Privacy Sandbox Aggregation Service and Coordinator
    No content preview
    NCC Group placed first in global 5G Cyber Security Hack competition
    No content preview
    Peeling back the layers on defence in depth…knowing your onions
    No content preview
    Multiple Shell Metacharacter Injections in AFFLIB
    No content preview
    Mobile World Congress – Mobile Internet of Things
    No content preview
    LDAPFragger: Bypassing network restrictions using LDAP attributes
    No content preview
    Non-flood/non-volumetric Distributed Denial of Service (DDoS)
    No content preview
    Java Web Start File Inclusion via System Properties Override
    No content preview
    Signaturing an Authenticode anomaly with Yara
    No content preview
    Microsoft’s SQL Server vs. Oracle’s RDBMS
    No content preview
    iOS certificate pinning code updated for iOS 7
    No content preview
    NCC Group Research at Black Hat USA 2022 and DEF CON 30
    No content preview
    Mobile & web browser credential management: Security implications, attack cases & mitigations
    No content preview  ( 6 min )
    Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin
    No content preview
    LTair:  The LTE Air Interface Tool
    No content preview
    Secure Application Development on Facebook
    No content preview
    RtspFuzzer
    No content preview
    On the malicious use of large language models like GPT-3
    No content preview
    Research Insights Volume 4 – Sector Focus: Maritime Sector
    No content preview
    Ivanti Zero Day – Threat Actors observed leveraging CVE-2021-42278 and CVE-2021-42287 for quick privilege escalation to Domain Admin
    No content preview
    Oracle 11g TNS listener remote Invalid Pointer Read
    No content preview  ( 6 min )
    NCC Group’s Jeremy Boone recognized for Highest Quality and Most Eligible Reports through the Intel Circuit Breaker program
    No content preview  ( 7 min )
    Oracle Forensics Part 2: Locating Dropped Objects
    No content preview
    Secure Device Provisioning Best Practices: Heavy Truck Edition
    No content preview
    Oracle Java Installer Adds a System Path Which is Writable by All
    No content preview
    More Advanced SQL Injection
    No content preview
    Paradoxical Compression with Verifiable Delay Functions
    No content preview
    Non-Deterministic Nature of Prompt Injection
    No content preview  ( 8 min )
    NIST Selects Post-Quantum Algorithms for Standardization
    No content preview
    MSSQL Lateral Movement
    No content preview
    Research Paper – Recovering deleted data from the Windows registry
    No content preview
    Post-exploiting a compromised etcd – Full control over the cluster and its nodes
    No content preview
    Passive Information Gathering – The Analysis of Leaked Network Security Information
    No content preview
    Ransomware: How vulnerable is your system?
    No content preview
    Public Report – AWS Nitro System API & Security Claims
    No content preview  ( 6 min )
    Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often
    No content preview
    Nagios XI Network Monitor Stored and Reflected XSS
    No content preview  ( 6 min )
    Medium Risk Vulnerability in Symantec Enterprise Security Management
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance Password hashes can be recovered from a system backup and easily cracked
    No content preview
    Project Triforce: Run AFL on Everything!
    No content preview
    Pairing over BLS12-381, Part 3: Pairing!
    No content preview
    Oracle Forensics Part 4: Live Response
    No content preview
    So long and thanks for all the 0day
    No content preview
    Poison Ivy string decryption
    No content preview
    Microsoft Zero-Day Vulnerability – OLE2Link – Threat Intelligence and Signatures
    No content preview
    Private sector cyber resilience and the role of data diodes
    No content preview
    Porting the Misfortune Cookie Exploit: A Look into Router Exploitation Using the TD-8817
    No content preview
    Oracle Retail Invoice Manager SQL Injection
    No content preview
    Optimum Routers: Researching Managed Routers
    No content preview  ( 6 min )
    Principal Mapper (pmapper)
    No content preview
    My Hash is My Passport: Understanding Web and Mobile Authentication
    No content preview
    Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review
    No content preview
    Oracle Gridengine sgepasswd Buffer Overflow
    No content preview
    Network Attached Security: Attacking a Synology NAS
    No content preview
    Preparing for Cyber Battleships – Electronic Chart Display and Information System Security
    No content preview
    Practical SME security on a shoestring
    No content preview
    Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails
    No content preview
    Oracle 11g TNS listener remote Null Pointer Dereference
    No content preview
    Remote Directory Traversal and File Retrieval
    No content preview
    Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review
    No content preview
    Package Play
    No content preview
    Real World Cryptography Conference 2021: A Virtual Experience
    No content preview
    Oracle Retail Integration Bus Manager Directory Traversal
    No content preview
    Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing
    No content preview
    OS X Lion USB Hub Class Descriptor Arbitrary Code Execution
    No content preview
    My name is Matt – My voice is my password
    No content preview
    Ruxcon 2013 – Introspy Presentation Slides
    No content preview
    Oracle Forensics Part 7 Using the Oracle System Change Number in Forensic Investigations
    No content preview  ( 6 min )
    Sharkbot is back in Google Play
    No content preview
    Owning the Virgin Media Hub 3.0: The perfect place for a backdoor
    No content preview
    Pointer Sequence Reverser (PSR)
    No content preview  ( 7 min )
    Securing the continuous integration process
    No content preview
    Research Report – Zephyr and MCUboot Security Assessment
    No content preview
    RIFT: Analysing a Lazarus Shellcode Execution Method
    No content preview
    PDF Form Filling and Flattening Tool Buffer Overflow
    No content preview  ( 8 min )
    PeachFarmer
    No content preview
    Payment Card Industry Data Security Standard (PCI DSS) A Navigation and Explanation of Changes from v2.0 to v3.0
    No content preview
    SSLyze v0.7 Released
    No content preview
    Premium Security Content Gateway
    No content preview
    Practical Machine Learning for Random (Filename) Detection
    No content preview
    Solaris 11 USB Hub Class descriptor kernel stack overflow
    No content preview
    Public Report – Google Enterprise API Security Assessment
    No content preview
    Project Bishop: Clustering Web Pages
    No content preview
    Second-Order Code Injection Attacks
    No content preview  ( 6 min )
    RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence
    No content preview
    Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions 2013
    No content preview
    Properly Signed Certificates on CPE Devices
    No content preview
    Solaris 11 USB hubclass
    No content preview
    Public Report – IOV Labs powHSM Security Assessment
    No content preview
    Pairing over BLS12-381, Part 1: Fields
    No content preview
    Public Report – Keyfork Implementation Review
    No content preview
    Public Report – Dell Secured Component Verification
    No content preview
    Proxy Re-Encryption Protocol: IronCore Public Report
    No content preview
    OSX afpserver remote code execution
    No content preview
    Public Report – Solana Program Library ZK-Token Security Assessment
    No content preview  ( 6 min )
    Python Class Informer: an IDAPython plugin for viewing run-time type information (RTTI)
    No content preview
    Public Report – AWS Nitro System API & Security Claims French
    No content preview
    PhanTap (Phantom Tap): Making networks spookier one packet at a time
    No content preview
    StreamDivert: Relaying (specific) network connections
    No content preview  ( 9 min )
    Premium Content Gateway
    No content preview
    Shellshock Advisory
    No content preview
    Public Report – BLST Cryptographic Implementation Review
    No content preview
    Reviewing Verifiable Random Functions
    No content preview
    Pip3line
    No content preview
    Public Report – Qredo Apache Milagro MPC Cryptographic Assessment
    No content preview  ( 6 min )
    Squiz CMS File Path Traversal
    No content preview  ( 7 min )
    Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond
    No content preview
    Public Report – AWS Nitro System API & Security Claims German
    No content preview
    Public Report – Aleo snarkVM Implementation Review
    No content preview
    Public cloud
    No content preview
    Research Insights Volume 5 – Sector Focus: Automotive
    No content preview
    Public Report – Entropy/Rust Cryptography Review
    No content preview
    Premium Practical Law Content Gateway
    No content preview
    SSL checklist for pentesters
    No content preview
    Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions
    No content preview
    Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review
    No content preview
    Sniffle: A Sniffer for Bluetooth 5
    No content preview
    SecureIE.ActiveX
    No content preview
    RIFT: F5 CVE-2020-5902 and Citrix CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 honeypot data release
    No content preview
    Public Report – go-cose Security Assessment
    No content preview
    PRTG Network Monitor Command injection
    No content preview  ( 6 min )
    Public Report – Zcash NU5 Cryptography Review
    No content preview
    Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review
    No content preview
    SecureCisco
    No content preview
    Reverse Engineering Coin Hunt World’s Binary Protocol
    No content preview
    Quantum Cryptography – A Study Into Present Technologies and Future Applications
    No content preview
    Public Report – AWS Nitro System API & Security Claims Spanish
    No content preview
    Public Report – Security Review of RSA Blind Signatures with Public Metadata
    No content preview
    Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review
    No content preview
    Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment
    No content preview  ( 6 min )
    Salesforce Security with Remote Working
    No content preview
    Real World Cryptography Conference 2022
    No content preview
    SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities
    No content preview
    SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
    No content preview
    SAML Pummel
    No content preview
    RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence
    No content preview
    Symantec Backup Exec 2012 – Persistent XSS Vulnerability Affecting Custom Reports
    No content preview
    Rise of the Sensors: Securing LoRaWAN Networks
    No content preview
    Research Paper – Machine Learning for Static Malware Analysis, with University College London
    No content preview
    SSLyze v0.8
    No content preview  ( 6 min )
    Supply Chain Security Begins with Secure Software Development
    No content preview
    Some Musings on Common (eBPF) Linux Tracing Bugs
    No content preview
    SecureBigIP
    No content preview
    Puckungfu: A NETGEAR WAN Command Injection
    No content preview
    Research Insights Volume 2 – Defensive Trends
    No content preview  ( 6 min )
    Scenester – A Small Tool for Cross-Platform Web Application
    No content preview
    Real World Cryptography Conference 2023 – Part I
    No content preview
    Samba on the BlackBerry PlayBook
    No content preview
    Rise of the machines: Machine Learning & its cyber security applications
    No content preview
    Ricochet Security Assessment Public Report
    No content preview
    Symantec Messaging Gateway – Authenticated arbritary file download
    No content preview
    Secure Session Management With Cookies for Web Applications
    No content preview
    RM3 – Curiosities of the wildest banking malware
    No content preview
    Stopping Automated Attack Tools
    No content preview
    Samba _netr_ServerPasswordSet Expoitability Analysis
    No content preview
    Public Report – WhatsApp opaque-ke Cryptographic Implementation Review
    No content preview
    Spectre on a Television
    No content preview
    Readable Thrift (1)
    No content preview
    Setting a New Standard for Kubernetes Deployments
    No content preview
    Research Insights Volume 7: Exploitation Advancements
    No content preview  ( 6 min )
    Symantec Backup Exec 2012 – Backup Exec Utility Stored XSS when adding Groups, Servers and Computers
    No content preview  ( 7 min )
    Secure Messaging for Normal People
    No content preview
    Sobelow Update
    No content preview
    Singularity of Origin
    No content preview
    Securing Teradata Database
    No content preview
    Cups-filters remote code execution
    No content preview  ( 6 min )
    Conference Talks – June 2022
    No content preview
    Symantec Messaging Gateway – Unauthorised SSH access
    No content preview
    Symantec Messaging Gateway – Unauthenticated detailed version disclosure
    No content preview
    Symantec Messaging Gateway – Out of band stored XSS via email
    No content preview
    Symantec Messaging Gateway Out of band stored XSS delivered by email
    No content preview
    Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator (for example)
    No content preview
    Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL (authenticated)
    No content preview
    SysAid Helpdesk Pro – Blind SQL Injection
    No content preview
    SysAid Helpdesk blind SQL injection
    No content preview
    Symantec PC Anywhere Remote Code Extecution
    No content preview
    TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
    No content preview
    SysPWN – VR for Pwn2Own
    No content preview
    Sysinternals SDelete: When Secure Delete Fails
    No content preview
    SysAid Helpdesk stored XSS
    No content preview
    TANDBERG Video Communication Server Arbitrary File Retrieval
    No content preview
    Tales of Windows detection opportunities for an implant framework
    No content preview
    tcpprox
    No content preview
    TANDBERG Video Communication Server Static SSH Host Keys
    No content preview
    TANDBERG Video Communication Server Authentication Bypass
    No content preview
    Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)
    No content preview
    Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
    No content preview
    Technical Advisory – Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability
    No content preview
    Technical Advisory – Authenticated SQL Injection in SOAP Request in Broadcom CA Network Flow Analysis (CVE-2021-44050)
    No content preview
    Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)
    No content preview
    Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks
    No content preview
    Technical Advisory – Authorization Bypass Allows for Pinboard Corruption
    No content preview
    Technical Advisory – Citrix Access Gateway Command Injection Vulnerability
    No content preview
    Technical Advisory – Bomgar Remote Support – Local Privilege Escalation
    No content preview
    Technical Advisory – Coda Filesystem Kernel Memory Disclosure
    No content preview
    Technical Advisory – FUJITSU CentricStor Control Center <= V8.1 – Unauthenticated Command Injection ( CVE-2022-31794 and CVE-2022-31795)
    No content preview
    Technical Advisory – ExpressLRS vulnerabilities allow for hijack of control link
    No content preview
    Detecting and Hunting for the Malicious NetFilter Driver
    No content preview  ( 8 min )
    5G security – how to minimise the threats to a 5G network
    5G security – how to minimise the threats to a 5G network  ( 25 min )
    Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications
    No content preview  ( 14 min )
    Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
    No content preview  ( 21 min )
    Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
    No content preview  ( 30 min )
    There’s A Hole In Your SoC: Glitching The MediaTek BootROM
    No content preview  ( 18 min )
    Technical advisory: CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers
    No content preview  ( 8 min )
    A Guide to Improving Security Through Infrastructure-as-Code
    No content preview
    WSBang
    No content preview  ( 6 min )
    Public Report: Aleo snarkOS Implementation and Consensus Mechanism Review
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Kyocera Printers
    No content preview  ( 12 min )
    Smuggling HTA files in Internet Explorer/Edge
    No content preview
    Crave the Data: Statistics from 1,300 Phishing Campaigns
    No content preview
    Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)
    No content preview  ( 24 min )
    MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
    No content preview  ( 30 min )
    iOS SSL Killswitch
    No content preview
    HIDDEN COBRA Volgmer: A Technical Analysis
    No content preview
    DataArmor Full Disk Encryption 3.0.12c – Restricted Environment breakout, Privilege Escalation and Full Disk Decryption
    No content preview
    Rust for Security and Correctness in the embedded world
    No content preview
    Security First Umbrella
    No content preview
    osquery Application Security Assessment Public Report
    No content preview
    Fat-Finger
    No content preview
    Conference Talks – September 2021
    No content preview
    Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)
    No content preview  ( 10 min )
    Whatsupgold Premium Directory traversal
    No content preview  ( 6 min )
    Trust in the Internet Survey
    No content preview  ( 6 min )
    How I did not get a shell
    No content preview  ( 16 min )
    Tool Release – ICPin, an integrity-check and anti-debug detection pintool
    No content preview  ( 7 min )
    Technical Advisory – Jitsi Meet Electron – Limited Certificate Validation Bypass (CVE-2020-27161)
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Multiple Unauthenticated Heap-based and Stack-based Buffer Overflow (CVE-2021-20045)
    No content preview
    Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage
    No content preview
    Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)
    No content preview
    Technical Advisory – macOS Installer Local Root Privilege Escalation (CVE-2020-9817)
    No content preview
    Technical Advisory – Linksys WRT160NL – Authenticated Remote Buffer Overflow (CVE-2020-26561)
    No content preview
    Technical Advisory – play-pac4j Authentication rule bypass
    No content preview
    Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Post-Authentication Remote Command Execution (CVE-2021-20044)
    No content preview
    Technical Advisory – libraptor – XXE in RDF/XML File Interpretation
    No content preview
    Technical Advisory – HTC IQRD Android Permission Leakage
    No content preview
    Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043)
    No content preview
    Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
    No content preview
    Technical Advisory – Linux RDS Protocol Local Privilege Escalation
    No content preview
    Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
    No content preview
    Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in
    No content preview
    Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
    No content preview
    Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery
    No content preview
    Technical Advisory – Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969)
    No content preview
    Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks
    No content preview
    Technical advisory: “ROHNP”- key extraction side channel in multiple crypto libraries
    No content preview
    Technical Advisory – Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)
    No content preview
    Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)
    No content preview
    Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy
    No content preview
    Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)
    No content preview
    Technical Advisory – Shop app sends pasteboard data to Shopify’s servers
    No content preview
    Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)
    No content preview
    Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup
    No content preview
    Technical Advisory – OpenOffice.org Multiple Memory Corruption Vulnerabilities
    No content preview
    Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)
    No content preview
    Technical Advisory – ICTFAX 7-4 – Indirect Object Reference
    No content preview
    Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)
    No content preview
    Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS
    No content preview
    Treat your points as cash
    No content preview  ( 10 min )
    Technical Advisory – VMware Tools Multiple Vulnerabilities
    No content preview
    Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks
    No content preview
    Technical Advisory – Jitsi Meet Electron – Arbitrary Client Remote Code Execution (CVE-2020-27162)
    No content preview
    Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)
    No content preview
    Technical Advisory: Gaining root access on Sumpple S610 IP Camera via Telnet; and Unprotected client and server data transmission between Android and IOS clients
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Arbitrary File Deletion
    No content preview
    Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities
    No content preview
    Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)
    No content preview
    The Importance of a Cryptographic Review
    No content preview  ( 6 min )
    Windows Remote Desktop Memory Corruption Leading to RCE on XPSP3
    No content preview  ( 7 min )
    Welcome to the new NCC Group Global Research blog
    No content preview  ( 6 min )
    Social Engineering Penetration Testing
    No content preview  ( 6 min )
    Tool Release – ScoutSuite 5.12.0
    No content preview  ( 7 min )
    PMKID Attacks: Debunking the 802.11r Myth
    No content preview  ( 11 min )
    Tool Release: SSL pinning bypass and other Android tools
    No content preview  ( 6 min )
    Understanding cyber risk management vs uncertainty with confidence in 2017
    No content preview  ( 6 min )
    A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
    No content preview  ( 12 min )
    Tool Release – HTTPSignatures: A Burp Suite Extension Implementing HTTP Signatures
    No content preview  ( 11 min )
    Technical Advisory: Authentication rule bypass
    No content preview  ( 7 min )
    Understanding the insider threat & how to mitigate it
    No content preview  ( 6 min )
    Tool Release: Blackbox Android App Analysis with Introspy
    No content preview  ( 6 min )
    A Census of Deployed Pulse Connect Secure (PCS) Versions
    No content preview  ( 9 min )
    Technical Advisory: Multiple Vulnerabilities in Accellion File Transfer Appliance
    No content preview  ( 11 min )
    A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion
    No content preview  ( 16 min )
    Trust in the New Internet Survey
    No content preview  ( 6 min )
    White Paper: Login Service Security
    No content preview  ( 6 min )
    State of DNS Rebinding in 2023
    No content preview  ( 13 min )
    Tool Release: iOS Secure State Preservation
    No content preview  ( 7 min )
    They Ought to Know Better: Exploiting Security Gateways via their Web Interfaces
    No content preview  ( 6 min )
    Tool Release – ScoutSuite 5.8.0
    No content preview  ( 6 min )
    Threat Actors: exploiting the pandemic
    No content preview  ( 8 min )
    Tool Release – Reliably-checked String Library Binding
    No content preview  ( 16 min )
    Weak Passwords Led to (SafePay) Ransomware…Yet Again
    No content preview  ( 12 min )
    An adventure in PoEKmon NeutriGo land
    No content preview
    AssetHook
    No content preview
    Analysis of Boomerang Differential Trials via a SAT-Based Constraint Solver URSA
    No content preview
    A Peek Behind the Great Firewall of Russia
    No content preview
    A New Flying Kitten?
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 5/5 – Vulnerability detection and a better read/write primitive
    No content preview  ( 26 min )
    Threat Profiling Microsoft SQL Server
    No content preview  ( 6 min )
    Apache Struts Vulnerability
    No content preview
    Violating Database – Enforced Security Mechanisms
    No content preview  ( 7 min )
    Choosing the Right MCU for Your Embedded Device — Desired Security Features of Microcontrollers
    No content preview
    A jq255 Elliptic Curve Specification, and a Retrospective
    No content preview
    An Introduction to Heap overflows on AIX 5.3L
    No content preview
    Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity
    No content preview
    Apple QuickTime Player m4a Processing Buffer Overflow
    No content preview
    An Illustrated Guide to Elliptic Curve Cryptography Validation
    No content preview
    Abusing Privileged and Unprivileged Linux Containers
    No content preview
    Abusing Blu-ray Players Part 1 – Sandbox Escapes
    No content preview
    A few notes on usefully exploiting libstagefright on Android 5.x
    No content preview
    An Analysis of Mobile Geofencing App Security
    No content preview
    Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling (1)
    No content preview  ( 17 min )
    Assessing IIS Configuration Remotely
    No content preview
    A Simple and Practical Approach to Input Validation
    No content preview
    Advice for security decision makers contemplating the value of Antivirus
    No content preview
    Advanced Exploitation of Oracle PL/SQL Flaws
    No content preview
    Adobe Acrobat Reader XML Forms Data Format Buffer Overflow
    No content preview
    A WarCon 2017 Presentation: Cisco ASA – Exploiting the IKEv1 Heap Overflow – CVE-2016-1287
    No content preview
    Attacking the Windows Kernel (Black Hat Las Vegas 2007)
    No content preview
    An Introduction to Fault Injection (Part 1/3)
    No content preview
    A Survey of Istio’s Network Security Features
    No content preview
    Black Hat 2013 – Bluetooth Smart Presentation Available
    No content preview
    Accessing Private Fields Outside of Classes in Java
    No content preview
    Advisory-CraigSBlackie-CVE-2016-9795
    No content preview
    An Introduction to Ultrasound Security Research
    No content preview
    Adversarial Machine Learning: Approaches & defences
    No content preview
    Adventures in Xen Exploitation
    No content preview
    Advanced SQL Injection in SQL Server Applications
    No content preview
    Automated Reverse Engineering of Relationships Between Data Structures in C++ Binaries
    No content preview
    Announcing NCC Group’s Cryptopals Guided Tour: Set 2
    No content preview
    An Adventure in Contingency Debugging: Ruby IO#read/IO#write Considered Harmful
    No content preview
    An Adaptive-Ciphertext Attack Against “I ⊕ C” Block Cipher Modes With an Oracle
    No content preview
    Alternative Approaches for Fault Injection Countermeasures (Part 3/3)
    No content preview
    Beyond data loss prevention
    No content preview
    APT15 is Alive and Strong: An Analysis of RoyalCli and RoyalDNS
    No content preview
    Android-SSL-TrustKiller
    No content preview
    Analysing a recent Poison Ivy sample
    No content preview
    Announcing the AWS blog post series
    No content preview
    Android-OpenDebug
    No content preview
    Android Cloud Backup/Restore
    No content preview
    Analysis of the Linux backdoor used in freenode IRC network compromise
    No content preview
    An Introduction to Quantum Computing for Security Professionals
    No content preview
    Best Practices for the use of Static Code Analysis within a Real-World Secure Development Lifecycle
    No content preview
    Automating extraction from malware and recent campaign analysis
    No content preview
    Application Layer Attacks – The New DDoS Battleground
    No content preview
    An offensive guide to the Authorization Code grant
    No content preview
    AutoRepeater: Automated HTTP Request Repeating With Burp Suite
    No content preview
    Apple OSX/iPhone iOS ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow
    No content preview
    Apple CoreAnimation Heap Overflow
    No content preview
    Android-KillPermAndSigChecks
    No content preview
    Android SSL Bypass
    No content preview
    Berserko: Kerberos Authentication for Burp Suite
    No content preview
    Batten down the hatches: Cyber threats facing DP operations
    No content preview
    Attacks on SSL
    No content preview
    ASE 12.5.1 datatype overflow
    No content preview
    Testing HTTP/2 only web services
    No content preview  ( 12 min )
    Assessing Unikernel Security
    No content preview
    Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
    No content preview
    Announcing NCC Group’s Cryptopals Guided Tour!
    No content preview
    AtHoc Toolbar
    No content preview
    Assuring Your DDoS Defences
    No content preview
    Anti Brute Force Resource Metering
    No content preview
    Back Office Web Administration Authentication Bypass
    No content preview
    ASP.NET Security and the Importance of KB2698981 in Cloud Environments Threat Brief
    No content preview
    ASP.NET Security and the Importance of KB2698981 in Cloud Environments
    No content preview
    Apple Mac OS X ImageIO TIFF Integer Overflow
    No content preview
    Black Hat USA 2015 presentation: Broadcasting your attack-DAB security
    No content preview
    Best practices with BYOD
    No content preview
    Assessing the security and privacy of Vaccine Passports
    No content preview
    Are you oversharing (in Salesforce)? Our new tool could sniff it out!
    No content preview
    Archived Technical Advisories
    No content preview
    Breaking into Security Research at NCC Group
    No content preview
    BlackBerry PlayBook Security – Part Two – BlackBerry Bridge
    No content preview
    AWS environment security assessment with Scout2
    No content preview
    Authorisation
    No content preview
    Browser Extension Password Managers
    No content preview
    BlackBerry Link WebDav Server Bound to the BlackBerry VPN Adapter
    No content preview
    Black Hat Europe 2013 Andy Davis: To dock or not to dock…
    No content preview
    Automated enumeration of email filtering solutions
    No content preview
    Broadcasting your attack – DAB security
    No content preview
    BlackHat Asia USB Physical Access
    No content preview
    Black Hat 2013 – Cryptopocalypse Presentation Available
    No content preview
    BAT: a Fast and Small Key Encapsulation Mechanism
    No content preview
    Azucar
    No content preview
    Blind Return Oriented Programming
    No content preview
    Black Hat 2013 – Femtocell Presentation Slides, Videos and App
    No content preview
    Chafer backdoor analysis
    No content preview
    Blind Security Testing – An Evolutionary Approach
    No content preview
    Blackbox iOS App Assessments Using idb
    No content preview
    BlackBerry PlayBook Security – Part One
    No content preview
    Cisco ASA series part five: libptmalloc gdb plugin
    No content preview
    Buffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform
    No content preview
    Breaking Pedersen Hashes in Practice
    No content preview
    Call Map: A Tool for Navigating Call Graphs in Python
    No content preview
    Building WiMap the Wi-Fi Mapping Drone
    No content preview
    Building Intuition for Lattice-Based Signatures – Part 1: Trapdoor Signatures
    No content preview
    Building an RDP Credential Catcher for Threat Intelligence
    No content preview
    Build Your Own Wi-Fi Mapping Drone Capability
    No content preview
    Building Intuition for Lattice-Based Signatures – Part 2: Fiat-Shamir with Aborts
    No content preview
    Bypassing Android’s Network Security Configuration
    No content preview
    Business Insights: Cyber Security in the Financial Sector
    No content preview
    CertPortal: Building Self-Service Secure S/MIME Provisioning Portal
    No content preview
    CECSTeR
    No content preview
    C Language Standards Update – Zero-size Reallocations are Undefined Behavior
    No content preview
    Bypassing Oracle DBMS_ASSERT (in certain situations)
    No content preview
    Chrome Password Manager Cross Origin Weakness
    No content preview
    Check out our new Microcorruption challenges!
    No content preview
    Celebrating NCC Con Europe 2018
    No content preview
    Cisco ASA series part four: dlmalloc-2.8.x, libdlmalloc, & dlmalloc on Cisco ASA
    No content preview
    Retro Gaming Vulnerability Research: Warcraft 2
    No content preview
    Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1
    No content preview
    Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes
    No content preview  ( 17 min )
    Symantec Backup Exec 2012 Backup/Restore Data Traverses Memory with Weak ACLs
    No content preview
    Symantec Backup Exec 2012 – OS version and service pack information leak
    No content preview
    Story of a Hundred Vulnerable Jenkins Plugins
    No content preview
    Symantec Messaging Gateway – Addition of a backdoor adminstrator via CSRF
    No content preview
    State-of-the-art email risk
    No content preview
    Sobelow: Static analysis for the Phoenix Framework
    No content preview
    Security of Things: An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond
    No content preview
    Symantec Message Filter Session Hijacking via session
    No content preview
    Social Engineering
    No content preview
    scenester
    No content preview
    Return of the hidden number problem
    No content preview
    Introducing Chuckle and the Importance of SMB Signing
    No content preview
    External Enumeration and Exploitation of Email and Web Security Solutions
    No content preview
    VoIP Security Methodology and Results
    No content preview  ( 6 min )
    The Automotive Threat Modeling Template
    No content preview  ( 8 min )
    To dock or not to dock, that is the question: Using laptop docking stations as hardware-based attack platforms
    No content preview  ( 6 min )
    How Microsoft Office knows a document came from the Internet and might be dangerous
    No content preview  ( 7 min )
    Understanding and Hardening Linux Containers
    No content preview  ( 6 min )
    Tool: WStalker – an easy proxy to support Web API assessments
    No content preview  ( 8 min )
    Vaccine Misinformation Part 1: Misinformation Attacks as a Cyber Kill Chain
    No content preview  ( 15 min )
    USB under the bonnet: Implications of USB security vulnerabilities in vehicle systems
    No content preview  ( 6 min )
    White Paper: Cryptopocalypse Reference Paper
    No content preview  ( 7 min )
    Testing Infrastructure-as-Code Using Dynamic Tooling
    No content preview  ( 10 min )
    Technical Advisory: Authentication Bypass in libSSH
    No content preview  ( 9 min )
    Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)
    No content preview  ( 9 min )
    USB keyboards by post – use of embedded keystroke injectors to bypass autorun restrictions on modern desktop operating systems
    No content preview  ( 6 min )
    Exposing Vulnerabilities in Media Software
    No content preview  ( 6 min )
    Time Trial: Racing Towards Practical Remote Timing Attacks
    No content preview  ( 6 min )
    CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1
    No content preview  ( 31 min )
    Past, Present and Future of Effective C
    No content preview  ( 14 min )
    Samsung Galaxy S24 Pwn2Own Ireland 2024
    No content preview  ( 6 min )
    Vehicle Emissions and Cyber Security
    No content preview  ( 9 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 5: Development of Prototype #1 – Text Processing and Semantic Relationships
    No content preview  ( 11 min )
    Public Report: WhatsApp Contacts Security Assessment
    No content preview  ( 6 min )
    Technical Advisory: Multiple Vulnerabilities in Brother Printers
    No content preview  ( 9 min )
    White Paper: Browser Extension Password Managers
    No content preview  ( 7 min )
    umap
    No content preview  ( 6 min )
    The Update Framework (TUF) Security Assessment
    No content preview  ( 6 min )
    Detecting and Protecting when Remote Desktop Protocol (RDP) is open to the Internet
    No content preview  ( 13 min )
    There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities
    No content preview  ( 19 min )
    Windows Firewall Hook Enumeration
    No content preview  ( 16 min )
    NETGEAR Routers: A Playground for Hackers?
    No content preview  ( 26 min )
    Why IoT Security Matters
    No content preview  ( 13 min )
    Cryptopals: Exploiting CBC Padding Oracles
    No content preview  ( 16 min )
    Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)
    No content preview  ( 20 min )
    Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation
    No content preview  ( 16 min )
    Technical Advisory: Shell Injection in SourceTree
    No content preview  ( 7 min )
    Visualising Firewall Rulesets – Simplifying Firewall Administration and Spotting the Pivot Point
    No content preview  ( 9 min )
    Zcash Overwinter Consensus and Sapling Cryptography Review
    No content preview  ( 6 min )
    WebLogic Plugin HTTP Injection via Encoded URLs
    No content preview  ( 11 min )
    44CON - Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own Automotive 2024
    No content preview  ( 7 min )
    The CIS Security Standard for Docker available now
    No content preview  ( 7 min )
    Whitepaper: Perfect Forward Security
    No content preview  ( 7 min )
    Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures
    No content preview  ( 8 min )
    Blue Coat BCAAA Remote Code Execution Vulnerability
    No content preview  ( 7 min )
    typofinder
    No content preview  ( 6 min )
    Public Report - Security Risks of AI Hardware for Personal and Edge Computing Devices
    No content preview  ( 6 min )
    WebSense content filter bypass when deployed in conjunction with Cisco filtering devices
    No content preview  ( 10 min )
    Tool Release: SSLyze v0.8 released
    No content preview  ( 6 min )
    Threats and vulnerabilities within the Maritime and shipping sectors
    No content preview  ( 6 min )
    Research Blog Test Playground
    No content preview  ( 6 min )
    Public Report – Threshold ECDSA Cryptography Review
    No content preview  ( 6 min )
    Whitepaper – Double Fetch Vulnerabilities in C and C++
    No content preview  ( 6 min )
    Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses
    No content preview  ( 6 min )
    Technical Advisory: Mosquitto Broker DoS through a Memory Leak vulnerability
    No content preview  ( 9 min )
    Decoder Improved Burp Suite plugin release part two
    No content preview  ( 9 min )
    Tool Release: YoNTMA
    No content preview  ( 7 min )
    WSMap
    No content preview  ( 6 min )
    vlan-hopping
    No content preview  ( 6 min )
    Windows USB RNDIS driver kernel pool overflow
    No content preview  ( 6 min )
    Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches
    No content preview  ( 8 min )
    BrokenPrint: A Netgear stack overflow
    No content preview  ( 21 min )
    Avoiding Pitfalls Developing with Electron
    No content preview  ( 10 min )
    The death of USB autorun and the rise of the USB keyboard
    No content preview  ( 7 min )
    Threat Intelligence: Benefits for the Enterprise
    No content preview  ( 7 min )
    Log4Shell: Reconnaissance and post exploitation network detection
    No content preview  ( 17 min )
    Tool Release – insject: A Linux Namespace Injector
    No content preview  ( 12 min )
    Tool Release – Socks Over RDP
    No content preview  ( 8 min )
    Testing Two-Factor Authentication
    No content preview  ( 21 min )
    Stepping Insyde System Management Mode
    No content preview  ( 17 min )
    CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 2
    No content preview  ( 28 min )
    The Extended AWS Security Ramp-Up Guide
    No content preview  ( 13 min )
    Technical Advisory: Citrix Workspace / Receiver Remote Code Execution Vulnerability
    No content preview  ( 7 min )
    Tool Release – ScoutSuite 5.10
    No content preview  ( 7 min )
    whitebox
    No content preview  ( 6 min )
    U plug, we play
    No content preview  ( 6 min )
    Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
    No content preview  ( 26 min )
    Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads
    No content preview  ( 11 min )
    Tool Release: PeachFarmer
    No content preview  ( 7 min )
    Windows remote desktop memory corruptoin leading to RCE on XPSP3
    No content preview  ( 6 min )
    xcavator
    No content preview  ( 6 min )
    SnapMC skips ransomware, steals data
    No content preview  ( 10 min )
    Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
    No content preview  ( 6 min )
    Analyzing AI Application Threat Models
    No content preview  ( 25 min )
    Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats
    No content preview  ( 9 min )
    tybocer
    No content preview  ( 6 min )
    Understanding Microsoft Word OLE Exploit Primitives
    No content preview  ( 6 min )
    The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations
    No content preview  ( 7 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 8: Development of Prototype #4 – Building on Takaesu’s Approach with Focus on XSS
    No content preview  ( 10 min )
    Technical Advisory: Adobe ColdFusion RMI Registry.bind() Deserialisation RCE
    No content preview  ( 7 min )
    Technical Advisory: Shell Injection in MacVim mvim URI Handler
    No content preview  ( 7 min )
    iSEC’s Analysis of Microsoft’s SDL and its ROI
    No content preview  ( 6 min )
    Tool Release: Sinking U-Boots with Depthcharge
    No content preview  ( 23 min )
    Thin Clients: Slim Security
    No content preview  ( 6 min )
    Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)
    No content preview  ( 7 min )
    Technical Advisory: Pulse Connect Secure – Arbitrary File Read via Logon Message (CVE-2020-8255)
    No content preview  ( 7 min )
    Improving Software Security through C Language Standards
    No content preview  ( 11 min )
    SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)
    No content preview  ( 51 min )
    Threat Modelling Cloud Platform Services by Example: Google Cloud Storage
    No content preview  ( 19 min )
    Constant-Time Data Processing At a Secret Offset, Privacy and QUIC
    No content preview  ( 21 min )
    Technical Advisory – Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284)
    No content preview  ( 11 min )
    A Brief Review of Bitcoin Locking Scripts and Ordinals
    No content preview  ( 16 min )
    Real World Cryptography Conference 2024
    No content preview  ( 18 min )
    Technical Advisory: Multiple Vulnerabilities in Lexmark Printers
    No content preview  ( 13 min )
    Technical Advisory: Multiple Vulnerabilities in HP Printers
    No content preview  ( 10 min )
    Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques
    No content preview  ( 6 min )
    The Password is Dead, Long Live the Password!
    No content preview  ( 12 min )
    Technical Advisory: Bypassing Workflows Protection Mechanisms – Remote Code Execution on SharePoint
    No content preview  ( 8 min )
    Variations in Exploit methods between Linux and Windows
    No content preview  ( 7 min )
    Tool Release – Principal Mapper v1.1.0 Update
    No content preview  ( 7 min )
    Tool Release: You’ll Never (Ever) Take Me Alive!
    No content preview  ( 7 min )
    Windows 10 USB Mass Storage driver arbitrary code execution in kernel mode
    No content preview  ( 6 min )
    Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902
    No content preview  ( 10 min )
    The Dark Side: How Threat Actors Leverage AnyDesk for Malicious Activities
    No content preview  ( 13 min )
    Work daily with enforced MFA-protected API access
    No content preview  ( 8 min )
    Unauthenticated XML eXternal Entity (XXE) vulnerability
    No content preview  ( 8 min )
    Proxying PyRIT for fun and profit
    No content preview  ( 10 min )
    Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling
    No content preview  ( 17 min )
    The Sorry State of Aftermarket Head Unit Security
    No content preview  ( 16 min )
    Turla PNG Dropper is back
    No content preview  ( 11 min )
    Android Malware Vultur Expands Its Wingspan
    No content preview  ( 23 min )
    Much Ado About Hardware Implants
    No content preview  ( 15 min )
    ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again
    No content preview  ( 24 min )
    Dangers of Kubernetes IAM Integrations
    No content preview  ( 11 min )
    Technical Advisory: Xiaomi 13 Pro Code Execution via GetApps DOM Cross-Site Scripting (XSS)
    No content preview  ( 12 min )
    Chainspotting 2: The Unofficial Sequel to the 2018 Talk "Chainspotting" - OffensiveCon 2025
    No content preview  ( 6 min )
    Technical Advisory: Stored and Reflected XSS Vulnerability in Nagios Log Server (CVE-2021-35478,CVE-2021-35479)
    No content preview  ( 7 min )
    USB attacks need physical access right? Not any more…
    No content preview  ( 6 min )
    Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite
    No content preview  ( 9 min )
    Violating the Virtual Channel – RDP Testing
    No content preview  ( 12 min )
    AWS Inventory: A tool for mapping AWS resources
    No content preview  ( 6 min )
    Whitepaper – Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm’s TrustZone
    No content preview  ( 7 min )
    Nagios XI Network Monitor – Stored and Reflective XSS
    No content preview  ( 7 min )
    The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, 2nd Edition
    No content preview  ( 6 min )
    Self-Driving Cars- The future is now…
    No content preview  ( 6 min )
    Use of Deserialisation in .NET Framework Methods and Classes
    No content preview  ( 6 min )
    TPM Genie
    No content preview  ( 7 min )
    Threat Spotlight – Hydra
    No content preview  ( 12 min )
    Tool Release – ScoutSuite 5.11.0
    No content preview  ( 6 min )
    Tracking a P2P network related to TA505
    No content preview  ( 15 min )
    Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments
    No content preview  ( 11 min )
    Tool Release – Solitude: A privacy analysis tool
    No content preview  ( 8 min )
    Trusted Gateway
    No content preview  ( 6 min )
    The SSL Conservatory
    No content preview  ( 6 min )
    The Pharming Guide – Understanding and preventing DNS related attacks by phishers
    No content preview  ( 6 min )
    Technical Advisory: Adobe ColdFusion Object Deserialisation RCE
    No content preview  ( 8 min )
    What the HEC? Security implications of HDMI Ethernet Channel and other related protocols
    No content preview  ( 6 min )
    Technical Advisory: Reflected Cross-Site Scripting (XSS) vulnerability in Jenkins Delivery Pipeline plugin
    No content preview  ( 7 min )
    HITBAMS – Your Not so “Home” Office – Soho Hacking at Pwn2Own
    No content preview  ( 8 min )
    The Future of C Code Review
    No content preview  ( 6 min )
    The disadvantages of a blacklist-based approach to input validation
    No content preview  ( 6 min )
    A Look At Some Real-World Obfuscation Techniques
    No content preview  ( 17 min )
    Whitepaper – Project Triforce: Run AFL On Everything (2017)
    No content preview  ( 6 min )
    Tool Update – ruby-trace: A Low-Level Tracer for Ruby
    No content preview  ( 10 min )
    WebRATS
    No content preview  ( 6 min )
    Exploiting MS15-061 Use-After-Free Windows Kernel Vulnerability
    No content preview  ( 6 min )
    Understanding the Impact of Ransomware on Patient Outcomes – Do We Know Enough?
    No content preview  ( 15 min )
    Modelling Threat Actor Phishing Behaviour
    No content preview  ( 6 min )
    Tool Release: Exploring SSL Pinning on iOS
    No content preview  ( 8 min )
    The Case of Missing File Extensions
    No content preview  ( 11 min )
    The role of security research in improving cyber security
    No content preview  ( 6 min )
    Tis the Season to Be…
    No content preview  ( 9 min )
    Tool Release: Announcing the Release of RtspFuzzer
    No content preview  ( 8 min )
    Technical Advisory: Insufficient Proxyman HelperTool XPC Validation
    No content preview  ( 10 min )
    Conference Talks – March 2020
    No content preview  ( 8 min )
    The facts about BadUSB
    No content preview  ( 8 min )
    TLSPretense — SSL/TLS Client Testing Framework
    No content preview  ( 6 min )
    Tool – Windows Executable Memory Page Delta Reporter
    No content preview  ( 8 min )
    Webinar: SMACK, SKIP-TLS & FREAK SSL/TLS vulnerabilities
    No content preview  ( 6 min )
    The economics of defensive security
    No content preview  ( 6 min )
    Tool Release – JWT-Reauth
    No content preview  ( 8 min )
    Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)
    No content preview  ( 7 min )
    Technical Advisory: Intel Driver Support & Assistance – Local Privilege Escalation
    No content preview  ( 9 min )
    Understanding Ransomware
    No content preview  ( 6 min )
    Tool Release: DIBF Tool Suite
    No content preview  ( 7 min )
    Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call
    No content preview  ( 8 min )
    A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM
    No content preview  ( 9 min )
    Tool Release – Web3 Decoder Burp Suite Extension
    No content preview  ( 9 min )
    Back in Black: Unlocking a LockBit 3.0 Ransomware Attack
    No content preview  ( 10 min )
    The Paillier Cryptosystem with Applications to Threshold ECDSA
    No content preview  ( 20 min )
    Understanding Ransomware: Impact, Evolution and Defensive Strategies
    No content preview  ( 6 min )
    Tool Release: A Simple DLL Injection Utility
    No content preview  ( 6 min )
    Tool Release: Code Credential Scanner (ccs)
    No content preview  ( 7 min )
    UK government cyber security guidelines for connected & autonomous vehicles
    No content preview  ( 8 min )
    Using graph databases to assess the security of thingernets based on the thingabilities and thingertivity of things
    No content preview  ( 6 min )
    Whitepaper – Practical Attacks on Machine Learning Systems
    No content preview  ( 6 min )
    CVE-2018-8611 Exploiting Windows KTM Part 1/5 – Introduction
    No content preview  ( 22 min )
    Technical Advisory – Hash Denial-of-Service Attack in Multiple QUIC Implementations
    No content preview  ( 13 min )
    Virtual Access Monitor Multiple SQL Injection Vulnerabilities
    No content preview  ( 6 min )
    Tool Release – ScoutSuite 5.13.0
    No content preview  ( 7 min )
    The L4m3ne55 of Passw0rds: Notes from the field
    No content preview  ( 6 min )
    Webinar – PCI Version 3.0: Are you ready?
    No content preview  ( 6 min )
    Top of the Pops: Three common ransomware entry techniques
    No content preview  ( 9 min )
    Immortalising 20 Years of Epic Research
    No content preview  ( 42 min )
    eBPF Adventures: Fiddling with the Linux Kernel and Unix Domain Sockets
    No content preview  ( 56 min )
    Public Report – VPN by Google One Security Assessment
    No content preview
    Hardware Security By Design: ESP32 Guidance
    No content preview  ( 18 min )
    SCOMplicated? – Decrypting SCOM “RunAs” credentials
    No content preview  ( 9 min )
    RIFT: Detection capabilities for recent F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986
    No content preview  ( 11 min )
    Puckungfu 2: Another NETGEAR WAN Command Injection
    No content preview  ( 13 min )
    Securing Google Cloud Platform – Ten best practices
    No content preview  ( 11 min )
    Updated: Technical Advisory and Proofs of Concept – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
    No content preview  ( 14 min )
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040)
    No content preview  ( 8 min )
    Phish Supper: An Incident Responder’s Bread and Butter
    No content preview  ( 10 min )
    Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory
    No content preview  ( 10 min )
    Technical Advisory – KwikTag Web Admin Authentication Bypass
    No content preview  ( 8 min )
    The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses
    No content preview  ( 12 min )
    WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
    No content preview  ( 20 min )
    McAfee Email and Web Security Appliance v5.6 – Arbitrary file download is possible with a crafted URL, when logged in as any user
    No content preview  ( 7 min )
    RokRat Analysis
    No content preview  ( 11 min )
    Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353)
    No content preview  ( 24 min )
    Technical Advisory: Multiple Vulnerabilities in Ricoh Printers
    No content preview  ( 14 min )
    Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
    No content preview  ( 12 min )
    Tool Release – Ghostrings
    No content preview  ( 9 min )
    Tool Release – Collaborator++
    No content preview  ( 8 min )
    Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets
    No content preview  ( 16 min )
    Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328, CVE-2022-30329)
    No content preview  ( 10 min )
    Symantec Messaging Gateway SSH with backdoor user account + privilege escalation to root due to very old Kernel
    No content preview  ( 8 min )
    The Challenges of Fuzzing 5G Protocols
    No content preview  ( 16 min )
    Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)
    No content preview  ( 12 min )
    Tool Release: Introducing opinel: Scout2’s favorite tool
    No content preview  ( 8 min )
    The ABCs of NFC chip security
    No content preview  ( 14 min )
    Remote Exploitation of Microsoft Office DLL Hijacking (MS15-132) via Browsers
    No content preview  ( 10 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps
    No content preview  ( 11 min )
    Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)
    No content preview  ( 9 min )
    Technical Advisory: Multiple Vulnerabilities in Xerox Printers
    No content preview  ( 11 min )
    Handy guide to a new Fivehands ransomware variant
    No content preview  ( 12 min )
    Car Parking Apps Vulnerable To Hacks
    No content preview  ( 13 min )
    Announcing the Cryptopals Guided Tour Video 17: Padding Oracles!
    No content preview  ( 9 min )
    Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777)
    No content preview  ( 9 min )
    Technical Advisory: Multiple Vulnerabilities in ManageEngine Desktop Central
    No content preview  ( 10 min )
    Software Verification and Analysis Using Z3
    No content preview  ( 38 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 1: Understanding the Basics and What Platforms and Frameworks Are Available
    No content preview  ( 12 min )
    Writing FreeBSD Kernel Modules in Rust
    No content preview  ( 16 min )
    Forensic Readiness in Container Environments
    No content preview  ( 9 min )
    Analyzing Secure AI Design Principles
    No content preview  ( 17 min )
    Analysis of setting cookies for third party websites in different browsers
    No content preview  ( 9 min )
    Rustproofing Linux (Part 2/4 Race Conditions)
    No content preview  ( 13 min )
    Online Casino Roulette – A guideline for penetration testers and security researchers
    No content preview  ( 19 min )
    Use and enforce Multi-Factor Authentication
    No content preview  ( 9 min )
    Vulnerability Overview: Ghost (CVE-2015-0235)
    No content preview  ( 9 min )
    Shaking The Foundation of An Online Collaboration Tool: Microsoft 365 Top 5 Attacks vs the CIS Microsoft 365 Foundation Benchmark
    No content preview  ( 10 min )
    Username enumeration techniques and their value
    No content preview  ( 13 min )
    Real World Cryptography Conference 2023 – Part II
    No content preview  ( 13 min )
    Writing Exploits for Win32 Systems from Scratch
    No content preview  ( 53 min )
    Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
    No content preview  ( 18 min )
    Technical Advisory: Multiple Vulnerabilities in TCPDF
    No content preview  ( 12 min )
    A brief look at Windows telemetry: CIT aka Customer Interaction Tracker
    A brief look at Windows telemetry: CIT aka Customer Interaction Tracker  ( 24 min )
    Pumping Iron on the Musl Heap – Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap
    No content preview  ( 32 min )
    Windows 2000 Format String Vulnerabilities
    No content preview  ( 6 min )
    WSSiP: A Websocket Manipulation Proxy
    No content preview  ( 6 min )
    Zcash Cryptography and Code Review
    No content preview  ( 6 min )
    Xen HYPERVISOR_xen_version stack memory revelation
    No content preview  ( 6 min )
    Security Best Practice: Host Naming & URL Conventions
    No content preview  ( 6 min )
    Aurora Response Recommendations
    No content preview  ( 6 min )
    Technical Advisory: SMB Hash Hijacking and User Tracking in MS Outlook
    No content preview  ( 7 min )
    Machine Learning 101: The Integrity of Image (Mis)Classification?
    No content preview  ( 7 min )
    Securing PL/SQL Applications with DBMS_ASSERT
    No content preview  ( 6 min )
    Technical Advisory: Command Injection
    No content preview  ( 7 min )
    Public Report – AWS Nitro System API & Security Claims Italian
    No content preview  ( 6 min )
    Tool Release: Magisk Module – Conscrypt Trust User Certs
    No content preview  ( 8 min )
    Software Security Austerity Security Debt in Modern Software Development
    No content preview  ( 6 min )
    Tool Release – ScoutSuite 5.9.0
    No content preview  ( 7 min )
    Third party assurance
    No content preview  ( 6 min )
    Shellshock Bash Vulnerability
    No content preview  ( 8 min )
    Discovering Smart Contract Vulnerabilities with GOATCasino
    No content preview  ( 9 min )
    Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application
    No content preview  ( 8 min )
    Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit
    No content preview  ( 6 min )
    Tool Release: iOS SSL Kill Switch v0.5 Released
    No content preview  ( 8 min )
    Public Report: XMTP MLS Implementation Review
    No content preview  ( 6 min )
    Technical Advisory: Nexpose Hard‐coded Java Key Store Passphrase Allows Decryption of Stored Credentials
    No content preview  ( 8 min )
    The Myth of Twelve More Bytes: Security on the Post-Scarcity Internet
    No content preview  ( 6 min )
    Symantec Message Filter Unauthenticated verbose software version information disclosure
    No content preview  ( 6 min )
    Tool Release: Calculating SQL Permissions
    No content preview  ( 7 min )
    Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)
    No content preview  ( 7 min )
    HTML5 Security The Modern Web Browser Perspective
    No content preview  ( 6 min )
    Weaknesses and Best Practices of Public Key Kerberos with Smart Cards
    No content preview  ( 6 min )
    Tor Browser Research Report Released
    No content preview  ( 8 min )
    Pip3line – The Swiss Army Knife of Byte Manipulation
    No content preview  ( 7 min )
    Whitepaper – Exploring the Security of KaiOS Mobile Applications
    No content preview  ( 6 min )
    Tool Release – Monkey365
    No content preview  ( 7 min )
    Tool Release: Redirecting traffic with dnsRedir.py
    No content preview  ( 7 min )
    The Pentesters Guide to Akamai
    No content preview  ( 6 min )
    Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices
    No content preview  ( 6 min )
    Understanding Microsoft Word OLE Exploit Primitives: Exploiting CVE-2015-1642 Microsoft Office CTaskSymbol Use-After-Free Vulnerability
    No content preview  ( 6 min )
    Autochrome
    No content preview  ( 6 min )
    Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera
    No content preview  ( 7 min )
    Webinar: 4 Secrets to a Robust Incident Response Plan
    No content preview  ( 6 min )
    The Demise of Signature Based Antivirus
    No content preview  ( 6 min )
    Vulnerabilities Found In Geofencing Apps
    No content preview  ( 7 min )
    Whitepaper – A Tour of Curve 25519 in Erlang
    No content preview  ( 6 min )
    CERT C Secure Coding Standard
    No content preview  ( 6 min )
    Technical Advisory: Multiple Vulnerabilities in MailEnable
    No content preview  ( 8 min )
    Writing Robust Yara Detection Rules for Heartbleed
    No content preview  ( 10 min )
    How organisations can properly configure SSL services to ensure the integrity and confidentiality of data in transit
    No content preview  ( 7 min )
    Technical Advisory: Unauthenticated Remote Command Execution through Multiple Vulnerabilities in Virgin Media Hub 3.0
    No content preview  ( 8 min )
    USB Undermining Security Barriers:further adventures with USB
    No content preview  ( 6 min )
    Technical Advisory: Espressif Systems - ESP32 BluFi Reference Application Vulnerabilities
    No content preview  ( 7 min )
    Applying normalised compression distance for architecture classification
    No content preview  ( 6 min )
    Toner Deaf – Printing your next persistence (Hexacon 2022)
    No content preview  ( 7 min )
    BLEBoy
    No content preview  ( 6 min )
    Using Semgrep with Jupyter Notebook files
    No content preview  ( 8 min )
    Writing Secure ASP Scripts
    No content preview  ( 6 min )
    The factoring dead: Preparing for the cryptopocalypse
    No content preview  ( 6 min )
    Security Compliance as an Engineering Discipline
    No content preview  ( 6 min )
    Hackproofing Lotus Domino Web Server
    No content preview  ( 6 min )
    Technical Advisory: Unauthenticated SQL Injection in Lansweeper
    No content preview  ( 7 min )
    Technical Advisory: Code Execution by Viewing Resource Files in .NET Reflector
    No content preview  ( 7 min )
    Building Security In: Software Penetration Testing
    Build secure software from the start. NCC Group’s blog explores the role of penetration testing in modern, resilient app development.  ( 6 min )
    Tool Release: Cartographer
    No content preview  ( 9 min )
    When a Trusted Site in Internet Explorer was Anything But
    No content preview  ( 9 min )
    Technical Advisory: IP Office Stored Cross Site Scripting (XSS) Vulnerability
    No content preview  ( 7 min )
    TPM Genie: Interposer Attacks Against the Trusted Platform Module Serial Bus
    No content preview  ( 6 min )
    Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable
    No content preview  ( 6 min )
    ZigTools: An Open Source 802.15.4 Framework
    No content preview  ( 6 min )
    Deception Engineering: exploring the use of Windows Service Canaries against ransomware
    No content preview  ( 8 min )
    CERT Oracle Secure Coding Standard for Java
    No content preview  ( 6 min )
    Writing Small Shellcode
    No content preview  ( 6 min )
    Tool Release: tcpprox
    No content preview  ( 6 min )
    Tool Release: Code Query (cq)
    No content preview  ( 6 min )
    Tool Release – Socks Over RDP Now Works With Citrix
    No content preview  ( 7 min )
    Windows DACLs & Why There Is Still Room for Interest
    No content preview  ( 7 min )
    VeChain JavaScript SDK Cryptography and Security Review
    No content preview  ( 6 min )
    Tool Release: SSLyze v 0.9 released – Heartbleed edition
    No content preview  ( 7 min )
    The Phishing Guide: Understanding & Preventing Phishing Attacks
    No content preview  ( 6 min )
    Which database is more secure? Oracle vs. Microsoft
    No content preview  ( 6 min )
    Detecting and Hunting for the PetitPotam NTLM Relay Attack
    No content preview  ( 8 min )
    Whitepaper: CA Alternative
    No content preview  ( 7 min )
    Working with the Open Technology Fund
    No content preview  ( 7 min )
    Blind Exploitation of Stack Overflow Vulnerabilities
    No content preview  ( 7 min )
    Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks
    No content preview  ( 9 min )
    Weak Randomness Part I – Linear Congruential Random Number Generators
    No content preview  ( 6 min )
    Jenkins Plugins and Core Technical Summary Advisory
    No content preview  ( 8 min )
    Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)
    No content preview  ( 8 min )
    NCC Group Connected Health Whitepaper July 2019
    No content preview  ( 7 min )
    Matty McMattface: Security implications, mitigations & testing strategies for biometric facial recognition systems
    No content preview  ( 6 min )
    Absolute Security
    No content preview  ( 6 min )
    Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)
    No content preview  ( 7 min )
    Windows DACL Enum Project
    No content preview  ( 6 min )
    The why behind web application penetration test prerequisites
    NCC Group explains why pen test prerequisites are essential for accurate, efficient, and secure web application assessments.  ( 6 min )
    Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
    No content preview  ( 6 min )
    Flash local-with-filesystem Bypass in navigateToURL
    No content preview  ( 6 min )
    iSEC reviews SecureDrop
    No content preview  ( 7 min )
    Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks
    No content preview  ( 6 min )
    Auditing K3s Clusters
    No content preview  ( 8 min )
    YoNTMA
    No content preview  ( 6 min )
    An Introduction to Authenticated Encryption
    No content preview  ( 6 min )
    Windows IPC Fuzzing Tools
    No content preview  ( 6 min )
    CVE-2018-8611 Exploiting Windows KTM Part 4/5 – From race win to kernel read and write primitive
    No content preview  ( 33 min )
    Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)
    No content preview  ( 11 min )
    Security Code Review With ChatGPT
    Security Code Review With ChatGPT  ( 20 min )
    Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches
    No content preview  ( 19 min )
    Adventures in Windows Driver Development: Part 1
    No content preview  ( 12 min )
    Technical advisory: Remote shell commands execution in ttyd
    No content preview  ( 9 min )
    earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis scripts
    No content preview  ( 27 min )
    Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark
    No content preview  ( 12 min )
    Unveiling the Dark Side: A Deep Dive into Active Ransomware Families
    No content preview  ( 14 min )
    CVE-2018-8611 Exploiting Windows KTM Part 2/5 – Patch analysis and basic triggering
    No content preview  ( 30 min )
    Technical Advisory – Multiple Vulnerabilities in Nagios XI
    No content preview  ( 24 min )
    Adventures in the land of BumbleBee – a new malicious loader
    No content preview  ( 11 min )
    Reverse engineering and decrypting CyberArk vault credential files
    No content preview  ( 10 min )
    Shining the Light on Black Basta
    No content preview  ( 12 min )
    Popping Blisters for research: An overview of past payloads and exploring recent developments
    No content preview  ( 23 min )
    Xen SMEP (and SMAP) Bypass
    No content preview  ( 13 min )
    CVE-2018-8611 Exploiting Windows KTM Part 3/5 – Triggering the race condition and debugging tricks
    No content preview  ( 24 min )
    A Primer On Slowable Encoders
    No content preview  ( 12 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 2: Going off on a Tangent – AI/ML Applications in Social Engineering
    No content preview  ( 14 min )
    Defeating Windows DEP With A Custom ROP Chain
    No content preview  ( 27 min )
    Finding and Exploiting .NET Remoting over HTTP using Deserialisation
    No content preview  ( 12 min )
    Detecting Mimikatz with Busylight
    No content preview  ( 10 min )
    Sifting through the spines: identifying (potential) Cactus ransomware victims
    No content preview  ( 11 min )
    Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise
    No content preview  ( 15 min )
    North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
    No content preview  ( 10 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 3: Understanding Existing Approaches and Attempts
    No content preview  ( 18 min )
    Tool Release – Enumerating Docker Registries with go-pillage-registries
    No content preview  ( 8 min )
    Using SharePoint as a Phishing Platform
    No content preview  ( 11 min )
    The Next C Language Standard (C23)
    No content preview  ( 8 min )
    Metastealer – filling the Racoon void
    No content preview  ( 10 min )
    Analyzing Secure AI Architectures
    No content preview  ( 15 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 7: Development of Prototype #3 – Adventures in Anomaly Detection
    No content preview  ( 19 min )
    Rustproofing Linux (Part 3/4 Integer Overflows)
    No content preview  ( 10 min )
    Tool Release – Carnivore: Microsoft External Assessment Tool
    No content preview  ( 9 min )
    5 MCP Security Tips
    No content preview  ( 11 min )
    Technical Advisory: Cross-Site Scripting in Umbraco Rich Text Display
    No content preview  ( 9 min )
    Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
    No content preview  ( 10 min )
    Nameless and shameless: Ransomware Encryption via BitLocker
    No content preview  ( 14 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 9: Adventures with Expert Systems
    No content preview  ( 13 min )
    Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs
    No content preview  ( 10 min )
    Defending Your Directory: An Expert Guide to Combating Kerberoasting in Active Directory
    No content preview  ( 11 min )
    Technical Advisory: Multiple Vulnerabilities in SmarterMail
    No content preview  ( 14 min )
    Mallory and Me: Setting up a Mobile Mallory Gateway
    No content preview  ( 12 min )
    The Development of a Telco Attack Testing Tool
    No content preview  ( 11 min )
    Practical Considerations of Right-to-Repair Legislation
    No content preview  ( 17 min )
    GSM/GPRS Traffic Interception for Penetration Testing Engagements
    Discover how GSM/GPRS traffic interception enhances mobile security testing. A technical guide from NCC Group’s research team.  ( 18 min )
    Autonomous AI Agents: A hidden Risk in Insecure smolagents “CodeAgent” Usage
    No content preview  ( 11 min )
    Cracking Mifare Classic 1K: RFID, Charlie Cards, and Free Subway Rides
    No content preview  ( 16 min )
    Streamlining Global Automotive Cybersecurity Governance to Accelerate Innovation, Assurance, and Compliance
    No content preview  ( 16 min )
    Windows Phone 7 Application Security Survey
    No content preview  ( 6 min )
    A Rendezvous with System Management Interrupts
    No content preview  ( 9 min )
    Tool Release: Blackbox iOS App Analysis with Introspy
    No content preview  ( 7 min )
    Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
    No content preview  ( 6 min )
    Whitepaper: Recognizing and Preventing TOCTOU
    No content preview  ( 7 min )
    The Browser Hacker’s Handbook
    No content preview  ( 6 min )
    Zulu
    No content preview  ( 6 min )
    Professional C Programming LiveLessons, (Video Training) Part I: Writing Robust, Secure, Reliable Code
    No content preview  ( 6 min )
    Public Report: eBPF Verifier Code Review
    No content preview  ( 6 min )
    Multiple Vulnerabilities in MailEnable
    No content preview  ( 6 min )
    NCC Group WhitepaperUnderstanding and HardeningLinux ContainersJune 29, 2016 – Version 1.1
    No content preview  ( 6 min )
    ProxMon
    No content preview  ( 6 min )
    Stepping Stones – A Red Team Activity Hub
    No content preview  ( 8 min )
    Insomnihack - Pioneering Zero Days at Pwn2Own Automotive 2024
    No content preview  ( 7 min )
    Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)
    No content preview  ( 9 min )
    WindowsJobLock
    No content preview  ( 6 min )
    Secure Coding in C and C++
    No content preview  ( 6 min )
    Denial of Service in Parsing a URL by ierutil.dll
    No content preview  ( 6 min )
    44Con2013Game
    Game from 44CON 2013  ( 6 min )
    Multiple security vulnerabilities in SAP NetWeaver BSP Logon
    No content preview  ( 6 min )
    Freddy: An extension for automatically identifying deserialisation issues in Java and .NET applications
    No content preview  ( 7 min )
    Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes
    No content preview  ( 7 min )
    SQL Server Security
    No content preview  ( 6 min )
    The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems
    No content preview  ( 6 min )
    iOS Application Security: The Definitive Guide for Hackers and Developers
    No content preview  ( 6 min )
    Secure Coding Rules for Java LiveLessons, Part 1
    No content preview  ( 6 min )
    Xendbg: A Full-Featured Debugger for the Xen Hypervisor
    No content preview  ( 7 min )
    Technical Advisory: CyberArk EPM Non-paged Pool Buffer Overflow
    No content preview  ( 7 min )
    Where You Inject Matters: The Role-Specific Impact of Prompt Injection Attacks on OpenAI models
    No content preview  ( 8 min )
    On Almost Signing Android Builds
    No content preview  ( 8 min )
    White Paper: An Introduction to Authenticated Encryption
    No content preview  ( 7 min )
    Disabling Office Macros to Reduce Malware Infections
    No content preview  ( 8 min )
    OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel
    No content preview  ( 7 min )
    The Mobile Application Hacker’s Handbook
    No content preview  ( 6 min )
    When Security Gets in the Way: PenTesting Mobile Apps That Use Certificate Pinning
    No content preview  ( 6 min )
    Quantum Data Centre of the Future
    No content preview  ( 10 min )
    Auditing Enterprise Class Applications and Secure Containers on Android
    No content preview  ( 6 min )
    The Database Hacker’s Handbook
    No content preview  ( 6 min )
    Developing Secure Mobile Applications for Android
    No content preview  ( 6 min )
    RomHack – Revving Up: The Journey to Pwn2Own Automotive 2024
    No content preview  ( 7 min )
    Nine years of bugs at NCC Group
    No content preview  ( 6 min )
    Mallory: Transparent TCP and UDP Proxy
    No content preview  ( 7 min )
    Machine Learning 102: Attacking Facial Authentication with Poisoned Data
    No content preview  ( 7 min )
    Tattler
    No content preview  ( 7 min )
    NCC Group’s 2024 Annual Research Report
    No content preview  ( 7 min )
    Bit51 Better Security WP Security Plugin – Unauthenticated Stored XSS to RCE
    No content preview  ( 7 min )
    BlackHat USA 2024 - Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap
    No content preview  ( 8 min )
    Adobe flash sandbox bypass to navigate to local drives
    No content preview  ( 6 min )
    Technical Advisory: Mitel MiVoice 5330e Memory Corruption Flaw
    No content preview  ( 7 min )
    HTTP to MCP Bridge
    No content preview  ( 9 min )
    An Engineer’s View: Operational Technology
    No content preview  ( 15 min )
    Pentesting V. Red Teaming V. Bug Bounty
    Explore the differences between penetration testing, red teaming, and bug bounty programs. NCC Group helps you choose the right approach.  ( 10 min )
    Security Tips For Your AI Cloud Infrastructure
    No content preview  ( 10 min )
    IG Learner Walkthrough
    No content preview  ( 14 min )
    In-Depth Technical Analysis of the Bybit Hack
    No content preview  ( 15 min )
    Lights, Camera, HACKED! An insight into the world of popular IP Cameras
    No content preview  ( 14 min )
    Masquerade: You Downloaded ScreenConnect not Grok AI!
    No content preview  ( 9 min )
    10 real-world stories of how we’ve compromised CI/CD pipelines
    10 real-world stories of how we’ve compromised CI/CD pipelines  ( 15 min )
    NCC Group’s Exploit Development Capability: Why and What
    No content preview  ( 9 min )
    Getting Shell with XAMLX Files
    No content preview  ( 8 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 6: Development of Prototype #2 – Creating a SQLi PoC
    No content preview  ( 15 min )
    Rustproofing Linux (Part 1/4 Leaking Addresses)
    No content preview  ( 13 min )
    Comparing AI Against Traditional Static Analysis Tools to Highlight Buffer Overflows
    No content preview  ( 12 min )
    EAP-TLS: The most secure option?
    No content preview  ( 14 min )
    Rustproofing Linux (Part 4/4 Shared Memory)
    No content preview  ( 11 min )
    SMB hash hijacking & user tracking in MS Outlook
    No content preview  ( 12 min )
    Technical Advisory: Bypassing Microsoft XOML Workflows Protection Mechanisms using Deserialisation of Untrusted Data
    No content preview  ( 10 min )
    Fake CAPTCHA led to LUMMA
    No content preview  ( 9 min )
    Cross-Execute Your Linux Binaries, Don’t Cross-Compile Them
    No content preview  ( 10 min )
    A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext
    A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext  ( 14 min )
    Adobe Flash Player Cross Domain Policy Bypass
    No content preview  ( 6 min )
    Public Report – Lantern and Replica Security Assessment
    From September 28th through October 23rd, 2020, Lantern – in partnership with the Open Technology Fund – engaged NCC Group to conduct a security assessment of the Lantern client. Lantern provides a proxy in order to circumvent internet censorship. This assessment was open ended and time-boxed, providing a best-effort security analysis in a fixed amount […]  ( 7 min )
    OCP S.A.F.E. How-to
    No content preview  ( 9 min )
    iSEC Completes TrueCrypt Audit
    No content preview  ( 8 min )
    Secure Coding in C and C++, 2nd Edition
    No content preview  ( 6 min )
    SmarterMail – Stored XSS in emails
    No content preview  ( 6 min )
    Technical Advisory: Code Execution by Unsafe Resource Handling in Multiple Microsoft Products
    No content preview  ( 8 min )
    NCLoader
    No content preview  ( 7 min )
    VMware Workstation Guest-to-Host Escape Exploit Development
    VMware Workstation Guest-to-Host Escape Exploit Development  ( 6 min )
    iOS 7 tool updates
    No content preview  ( 7 min )
    44CON Workshop – How to assess and secure iOS apps
    44CON Workshop – How to assess and secure iOS apps  ( 6 min )
    Why AI Will Not Fully Replace Humans for Web Penetration Testing
    Explore why AI alone isn’t enough for web penetration testing. NCC Group explains the irreplaceable value of human expertise in security assessments.  ( 8 min )
    Building Systems from Commercial Components
    No content preview  ( 6 min )
    Announcing the Cryptopals Guided Tour Video 18: Implement CTR
    No content preview  ( 8 min )
    Public Report - VeChainThor Galactica Security Assessment
    No content preview  ( 6 min )
    Potential false redirection of web site content in Internet in SAP NetWeaver web applications
    No content preview  ( 6 min )
    Technical Advisory: Condeon CMS
    No content preview  ( 7 min )
    Local network compromise despite good patching
    No content preview  ( 7 min )
    Public Report - Google Confidential Space Security Assessment
    No content preview  ( 6 min )
    Voice Impersonation and DeepFake Vishing in Realtime
    Voice Impersonation and DeepFake Vishing in Realtime  ( 6 min )

  • Open

    Windows 10 end of support: Extended Security Updates (ESU), Windows 11 hardware requirements, upgrade options
    With Windows 10's end of support approaching on October 14, 2025, many organizations and users face critical decisions about their computers' future security and functionality. Microsoft will cease providing essential security updates and technical support for Windows 10, leaving devices vulnerable to emerging cyber threats and compatibility issues. While some users can upgrade to Windows 11, strict hardware requirements, including TPM 2.0 and newer processors, mean many functional computers won't qualify for the transition. Organizations and consumers must now evaluate their options, from purchasing Extended Security Updates (ESU) to exploring alternative operating systems or investing in new hardware. User communities are expressing growing frustration with Microsoft's hardware requirements, viewing them as forced obsolescence that creates unnecessary electronic waste and unfair costs for owners of perfectly functional devices. Source
  • Open

    Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass
    Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass  ( 11 min )
  • Open

    Active Directory Security Tip #9: Active Directory Backups
    Microsoft supported backups of Active Directory are very important to have. For backing up Domain Controllers, this is typically a System State backup. Why a Microsoft supported backup? If you are using a backup solution that isn’t fully AD aware, performing a restore may involve getting Microsoft involved and that costs $$. I know companies … Continue reading  ( 5 min )

  • Open

    What is Microsoft Azure Logic Apps? Now with MCP support
    Microsoft Azure Logic Apps is a cloud-based low-code/no-code integration and workflow orchestration service that lets you automate business processes across Azure, Microsoft 365, Google, Salesforce, SAP, Oracle, SQL Server, social media, file systems, and many other cloud or on-premises systems with minimal custom coding. Azure Logic Apps now includes new Model Context Protocol (MCP) server support, announced in public preview in September, enabling AI agents and Large Language Models to use Logic Apps workflows as discoverable tools. Source
  • Open

    You name it, VMware elevates it (CVE-2025-41244)
    NVISO has identified zero-day exploitation of CVE-2025-41244, a local privilege escalation vulnerability impacting VMware's guest service discovery features.  ( 13 min )

  • Open

    Public Report: Meta Whatsapp message summarization service
    No content preview  ( 6 min )

  • Open

    Pointer leaks through pointer-keyed data structures
    Posted by Jann Horn, Google Project Zero Introduction Some time in 2024, during a Project Zero team discussion, we were talking about how remote ASLR leaks would be helpful or necessary for exploiting some types of memory corruption bugs, specifically in the context of Apple devices. Coming from the angle of "where would be a good first place to look for a remote ASLR leak", this led to the discovery of a trick that could potentially be used to leak a pointer remotely, without any memory safety violations or timing attacks, in scenarios where an attack surface can be reached that deserializes attacker-provided data, re-serializes the resulting objects, and sends the re-serialized data back to the attacker. The team brainstormed, and we couldn't immediately come up with any specific atta…  ( 21 min )
  • Open

    Upgrade from Office 2016, 2019 – Office 2024 vs Microsoft 365 Apps
    The end of support for Office 2016 and Office 2019 on October 14, 2025, forces organizations to choose between upgrading to Office 2024 or adopting Microsoft 365 Apps. Both solutions offer Office applications like Word, Excel, and PowerPoint, but differ significantly in pricing models, AI capabilities, cloud integration, and update cycles. While Office 2024 delivers a one-time purchase with long-term stability and offline functionality, Microsoft 365 Apps provides continuous feature updates, AI-powered Copilot integration, and collaborative cloud tools through a subscription model. This guide compares Office 2024 vs. Microsoft 365 Apps to help you make the right upgrade decision before support ends. Source

  • Open

    Executing Shellcode with ReadDirectoryChanges’s Hidden Callback
    While digging into the ReadDirectoryChanges API, I noticed it supports an asynchronous callback via LPOVERLAPPED_COMPLETION_ROUTINE. Most people use this API to monitor file system changes, but what if we could hijack that callback to execute shellcode? This led me to develop a proof-of-concept (PoC) that turns a mundane filesystem monitoring function into a stealthy shellcode […]  ( 11 min )
  • Open

    It Is Bad (Exploitation of Fortra GoAnywhere MFT CVE-2025-10035) - Part 2
    We’re back, just over 24 hours later, to share our evolving understanding of CVE-2025-10035. Thanks to everyone who reached out after Part 1, and especially to the individual who shared credible intel that informed this update. In Part 1 we laid out an odd and worrying picture: A  ( 3 min )
  • Open

    Convert VMware VMs to Hyper-V in Windows Admin Center
    Windows Admin Center introduces a new tool that enables you to convert VMware virtual machines into Hyper-V, supporting agentless migration with minimal downtime. The extension supports batch conversions of up to 10 VMs at once and uses change block tracking for efficient data replication. Source
  • Open

    Taming 2,500 compiler warnings with CodeQL, an OpenVPN2 case study
    We created a CodeQL query that reduced 2,500+ compiler warnings about implicit conversions in OpenVPN2 to just 20 high-priority cases, demonstrating how to effectively identify potentially dangerous type conversions in C code.  ( 5 min )
  • Open

    Securing Microsoft Entra ID: Lessons from the Field – Part 1
    This multipart blog series is focused on the real-world lessons learned while securing Microsoft Entra ID. Based on hands-on experience across various environments and organizations, we’ll explore the practical, high-impact strategies that work and more importantly, the common misconfigurations, overlooked settings, and pitfalls that can expose your identity perimeter. Throughout the series, we’ll cover both … Continue reading Securing Microsoft Entra ID: Lessons from the Field – Part 1 →  ( 14 min )

  • Open

    Yet Another Random Story: VBScript's Randomize Internals
    In one of our recent posts, Dennis shared an interesting case study of C# exploitation that rode on Random-based password-reset tokens. He demonstrated how to use the single-packet attack, or a bit of old-school math, to beat the game. Recently, I performed a security test on a target which had a dependency written in VBScript. This blog post focuses on VBS’s Rnd and shows that the situation there is even worse. Target Application The application was responsible for generating a secret token. The token was supposed to be unpredictable and expected to remain secret. Here’s a rough copy of the token generation code: Dim chars, n chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789()*&^%$#@!" n = 32 function GenerateToken(chars, n) Dim result, pos, i, charsLength cha…  ( 8 min )
  • Open

    Cross-Agent Privilege Escalation: When Agents Free Each Other
    During the Month of AI Bugs, I described an emerging vulnerability pattern that shows how commonly agentic systems have a design flaw that allows an agent to overwrite its own configuration and security settings. This allows the agent to break out of its sandbox and escape by executing arbitrary code. My research with GitHub Copilot, AWS Kiro and a few others demonstrated how this can be exploited by an adversary with an indirect prompt injection.  ( 3 min )
  • Open

    CVE-2025-23298: Getting Remote Code Execution in NVIDIA Merlin
    While investigating the security posture of various machine learning (ML) and artificial intelligence (AI) frameworks, the Trend Micro Zero Day Initiative (ZDI) Threat Hunting Team discovered a critical vulnerability in the NVIDIA Merlin Transformers4Rec library that could allow an attacker to achieve remote code execution with root privileges. This vulnerability, tracked as CVE-2025-23298, stems from unsafe deserialization practices in the model checkpoint loading functionality. What makes this finding particularly interesting is not just the vulnerability itself, but how it highlights the endemic security challenges facing the ML/AI ecosystem’s reliance on Python’s pickle serialization. In this post, I’ll walk through the discovery process, demonstrate the exploitation technique, analyze…
  • Open

    New Administrative Templates (ADMX/ADML) for Windows, Outlook, Word, Excel, and OneNote
    Microsoft has released significant updates to Administrative Templates (ADMX/ADML files) throughout 2025, introducing new Group Policy options for Windows 11 and Microsoft Office applications. These templates enable IT administrators to manage registry-based policy settings through Group Policy and Microsoft Intune. Source
  • Open

    Welcome to AI pentesting - add on-demand AI assistance directly to your workflow with new, agentic Burp AI capabilities
    Whether you’re navigating a client pentest or chasing a bounty target, even the most experienced testers hit roadblocks, burn time on repetitive tasks, or just want a second opinion. Burp AI is design  ( 5 min )
  • Open

    Is This Bad? This Feels Bad. (Fortra GoAnywhere CVE-2025-10035)
    File transfer used to be simple fun - fire up your favourite FTP client, log in to a glFTPd site, and you were done. Fast forward to 2025, and the same act requires a procurement team, a web interface, and a vendor proudly waving their Secure by Design pledge. Ever  ( 9 min )
  • Open

    Supply chain attacks are exploiting our assumptions
    Supply chain attacks exploit fundamental trust assumptions in modern software development, from typosquatting to compromised build pipelines, while new defensive tools are emerging to make these trust relationships explicit and verifiable.  ( 10 min )

  • Open

    How to install a MySQL MCP server
    The Model Context Protocol (MCP) is an open, standardized, client-server protocol (built on JSON-RPC 2.0) that enables AI models to access and invoke external tools and data sources. In this post, I explain how to install the MCP Database Server, an open-source local MCP server that supports SQLite, SQL Server, PostgreSQL, and MySQL databases, and connect it to Anthropic's Claude Desktop. This enables you to manage MySQL databases in natural language without knowing the actual SQL commands. Source
  • Open

    Detection Engineering: Practicing Detection-as-Code – Deployment – Part 6
    The deployment phase is one of the most challenging steps in the Detection Development Life Cycle due to its implementation complexity. In this part, we will explore the principles and practices of deploying rules to target platforms. Additionally, we will go through some of the challenges encountered when designing and implementing a deployment pipeline, along with suggestions on how to overcome them, to ensure that our Continuous Deployment pipeline operates smoothly.  ( 21 min )

  • Open

    Your Vulnerability Scanner Might Be Your Weakest Link
    Overview Vulnerability scanners are a cornerstone of modern security programs, helping teams identify weaknesses before attackers do. But when these tools are configured with privileged credentials, they can themselves become high-value targets. In one case, while running continuous testing through our Chariot platform for a Fortune 500 financial services company, we compromised a server and […] The post Your Vulnerability Scanner Might Be Your Weakest Link appeared first on Praetorian.  ( 30 min )
  • Open

    Windows 365 Boot: Enhanced Connection Center, cross-region disaster recovery, improved troubleshooting
    Windows 365 Boot is a Microsoft feature that allows users to sign in directly to a virtualized Windows desktop (Cloud PC) from Windows 11 Enterprise, Pro, or IoT Enterprise devices (OS build 22621.3374 or later). Windows 365 Boot receives major updates with enhanced Connection Center access, cross-region disaster recovery capabilities, and improved troubleshooting tools. These features aim to streamline Cloud PC management and provide better business continuity for organizations using Windows 11 devices. Source
  • Open

    What Does “Good” Look Like in Red Teaming
    Most red team exercises fail to deliver real value. They check compliance boxes but don't address actual business risks. Learn the difference between good and bad offensive security, plus the strategic framework that transforms red teaming from expense into ROI.  ( 9 min )

  • Open

    Active Directory Security Tip #8: The Domain Kerberos Service Account – KRBTGT
    The domain Kerberos service account, KRBTGT (https://adsecurity.org/?p=483), is an important account since it is used to sign & encrypt Kerberos tickets. The account is disabled and the password doesn’t change except when moving from Windows 2000/2003 to Windows Server 2008 (or newer). This is a highly privileged account and if an attacker can gain knowledge … Continue reading  ( 6 min )

  • Open

    Active Directory Security Tip #7: The Tombstone Lifetime
    The Tombstone lifetime (TSL) in Active Directory is the limit as to how long a deleted object can remain in AD. The original value was 60 (days). Windows versions since Windows 2003 SP2 have this set to 180 (days). Note that this also affects backups, how long a backup is valid and replication – if … Continue reading  ( 5 min )

  • Open

    RunDll Exporters
    One of the most interesting classes of functions that are exported by DLLs are functions that use the RunDll interface (this archived article describes it). Thanks to traditional (today kinda old-school) programming conventions, many coders name their exported functions compatible … Continue reading →  ( 4 min )
    Enter Sandbox 30: Static Analysis gone wrong
    This series is quite old, and I kinda abandoned it at some stage, but today I am reviving it to talk about … static analysis… Let’s be honest – last 2 decades changed the way we do malware analysis, and … Continue reading →  ( 6 min )
  • Open

    Prompts as Code & Embedded Keys | The Hunt for LLM-Enabled Malware
    LLM-enabled malware poses new challenges for detection. SentinelLABS presents groundbreaking research on how to hunt for this new class of threats.  ( 31 min )
  • Open

    VMware vCenter Converter Standalone 9.0 new features
    VMware has released vCenter Converter Standalone 9.0, introducing support for VMware Cloud Foundation 9.0, virtual hardware version 22, and expanded Linux synchronization capabilities. The latest iteration brings technical enhancements and addresses several conversion limitations while maintaining the tool's core physical-to-virtual machine migration functionality. Source
  • Open

    A Look at RTEMS Security
    No content preview  ( 6 min )
  • Open

    Active Directory Security Tip #6: Domain Controller Operating System Versions
    Ensuring proper Domain Controller configuration is key for Active Directory security. Part of this is making sure they are running supported versions of Windows. At this point, DCs should be running at least Windows Server 2016, preferably Windows Server 2019 or 2022. Hold off on deploying Windows Server 2025 DCs for now due to the … Continue reading  ( 5 min )

  • Open

    Global AI adoption—Europe is only a bystander in the US-China AI race
    AI adoption has reached a critical inflection point globally. However, progress is highly uneven across regions, creating distinct divides that reflect cultural attitudes and regulatory frameworks. Europe, in particular, is showing worrying signs of stagnation. It is no secret that the Old Continent is far behind the US and China. However, did you know that AI adoption in businesses in the EU is even lower than in Africa? This technological surrender is accelerating Europe's decline in both economic competitiveness and political influence. Source
  • Open

    How to join the desync endgame: Practical tips from pentester Tom Stacey
    Note: This is a guest post by pentester and researcher, Tom Stacey (@t0xodile). You'd think that after almost 21 years since its initial public discovery, HTTP Request Smuggling would be barely exploi  ( 10 min )
  • Open

    Use mutation testing to find the bugs your tests don't catch
    Mutation testing reveals blind spots in test suites by systematically introducing bugs and checking if tests catch them. Blockchain developers should use mutation testing to measure the effectiveness of their test suites and find bugs that traditional testing can miss.  ( 7 min )
  • Open

    When Guardrails Aren't Enough: Reinventing Agentic AI Security With Architectural Controls
    David Brauchler III delivers a fascinating Black Hat talk on the root cause of AI-based vulnerabilities and why security architecture is the real solution.  ( 6 min )
  • Open

    Active Directory Security Tip #5: The Default Domain Administrator Account
    In every Active Directory domain, there’s the default domain Administrator account. Here are some key items to check: PowerShell for current domain using the AD PowerShell cmdlets:  ( 5 min )

  • Open

    Migrate a Print Server to Windows Server 2025
    The Print and Document Services role facilitates the deployment and configuration of print servers. This article explains how to migrate a Print Server role to Windows Server 2025, covering the transfer of queues, drivers, and configurations. Source
  • Open

    One Token to rule them all - obtaining Global Admin in every Entra ID tenant via Actor tokens
    While preparing for my Black Hat and DEF CON talks in July of this year, I found the most impactful Entra ID vulnerability that I will probably ever find. One that could have allowed me to compromise every Entra ID tenant in the world (except probably those in national cloud deployments). If you are an Entra ID admin reading this, yes that means complete access to your tenant. The vulnerability consisted of two components: undocumented impersonation tokens that Microsoft uses in their backend for service-to-service (S2S) communication, called "Actor tokens", and a critical vulnerability in the (legacy) Azure AD Graph API that did not properly validate the originating tenant, allowing these tokens to be used for cross-tenant access.  ( 13 min )
  • Open

    WebSocket Turbo Intruder: Unearthing the WebSocket Goldmine
    Many testers and tools give up the moment a protocol upgrade to WebSocket occurs, or only perform shallow analysis. This is a huge blind spot, leaving many bugs like Broken Access Controls, Race condi  ( 7 min )
  • Open

    Active Directory Security Tip #4: Default/Built-In Active Directory Groups
    There are several default/built-in privileged groups that should be reviewed: https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-security-groups PowerShell Script leveraging the Active Directory PowerShell module: https://github.com/PyroTek3/Misc/blob/main/Get-ADBuiltInAdmins.ps1  ( 5 min )
    Active Directory Lab Build Script
    Over the summer, I rebuilt my Active Directory lab environment with multiple regional domains. Instead of manually configuring common issues, I decided to create a PowerShell script to do this for me. My Invoke-ADLabBuildOut script does the following: PowerShell AD lab build out script leveraging the Active Directory PowerShell module:https://github.com/PyroTek3/ADLab  ( 5 min )

  • Open

    Domain Fronting is Dead. Long Live Domain Fronting!
    Overview At Black Hat and DEF CON, we demonstrated how red teams could tunnel traffic through everyday collaboration platforms like Zoom and Microsoft Teams, effectively transforming them into covert communication channels for command-and-control. That research highlighted a critical blind spot: defenders rarely block traffic to core business services because doing so would disrupt legitimate operations. […] The post Domain Fronting is Dead. Long Live Domain Fronting! appeared first on Praetorian.  ( 27 min )
  • Open

    Windows September updates break SMBv1 shares: Workarounds and user feedback
    Microsoft’s September 2025 security updates have broken connectivity to SMBv1 shares over NetBIOS over TCP/IP (NetBT), disrupting Windows client and server systems that still rely on this legacy protocol. This article explains what SMBv1 is, why it remains in use despite being deprecated, and the serious security risks that come with it. We’ll cover the details of the September updates, their impact on affected systems, and the available workarounds for organizations struggling to restore functionality. Finally, we’ll look at user feedback and long-term recommendations for migrating away from SMBv1 to more secure and modern protocols. Source  ( 19 min )
  • Open

    State of the SaaS Security Union
    Two threat groups are exploiting SaaS at scale: one with phishing and data theft, the other with nation-state level tactics exploiting integrations and credentials. Here’s what you need to know and how to protect against the next wave.  ( 6 min )
  • Open

    Fickling’s new AI/ML pickle file scanner
    We’ve added a pickle file scanner to Fickling that uses an allowlist approach to protect AI/ML environments from malicious pickle files that could compromise models or infrastructure.  ( 4 min )
  • Open

    Discord as a C2 and the cached evidence left behind
    TL;DR Why Discord appeals to attackers Discord has become an attractive tool for attackers not because it’s malicious, but because it’s legitimate and trusted. It often flies under the radar of security controls and offers features that make it easy to send data out without user interaction or elevated permissions. We’ve seen similar misuse across […] The post Discord as a C2 and the cached evidence left behind appeared first on Pen Test Partners.  ( 10 min )
  • Open

    Active Directory Security Tip #3: Computer Accounts
    Active Directory computers should be reviewed about once a year. Old operating systems can hold back security progress like keeping SMBv1 and NTLMv1 active. Inactive computers should be discovered and disabled when no longer in use (and eventually removed). The OperatingSystem & PasswordLastSet attributes are self-explanatory, though we can use the LastLogonDate which represents the … Continue reading  ( 5 min )
    Active Directory Forest & Domain Levels
    An important Active Directory setting determines what security capabilities are available which relates to the level of the forest and/or domain. This post is meant to collect the relevant capabilities of Windows domain and forest functional levels. Forest Functional Level Features: Domain Functional Level Features: References: https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc754918(v=ws.10) https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/active-directory-functional-levels  ( 8 min )

  • Open

    Detecting Active Directory Password Spraying Article
    I recently published an article on the TrustedSec blog site called “Detecting Active Directory Password-Spraying with a Honeypot Account“. This article describes how to use an Active Directory honeypot account in order to detect Password Spraying. Read the article here:https://trustedsec.com/blog/detecting-password-spraying-with-a-honeypot-account  ( 5 min )
    Active Directory Security Tip #2: Active Directory User Accounts
    There are several different types of user accounts – at least how they are used. There are standard user accounts, service accounts, and admin accounts. There are numerous user account settings that can make them vulnerable. These configurations include: PowerShell code (using Active Directory PowerShell module):https://github.com/PyroTek3/Misc/blob/main/Get-VulnerableUserAccounts.ps1  ( 5 min )
  • Open

    NTLM authentication deprecation: new BlockNTLMv1SSO registry key and Group Policy settings
    Microsoft has introduced a new BlockNTLMv1SSO registry key in Windows 11 24H2 and Windows Server 2025 as part of its broader initiative to deprecate NTLM authentication. The new registry key allows administrators to control NTLMv1-derived credential usage. These changes address ongoing security vulnerabilities in NTLM while providing organizations time to transition to modern alternatives like Kerberos. Source

  • Open

    Active Directory Security Tip #1: Active Directory Admins
    A critical part of Active Directory security is regularly reviewing your AD admins. The simplest way to do this is to recursively enumerate the membership of the domain Administrators group (that group’s members and all member group members). Check the AD Admins output for the following: PowerShell code (using Active Directory PowerShell modules):https://github.com/PyroTek3/Misc/blob/main/Get-ADAdmins.ps1  ( 5 min )

  • Open

    Add ChatGPT MCP server—Another setback for OpenAI
    OpenAI has finally rolled out Model Context Protocol (MCP) support for all ChatGPT subscription plans. However, the implementation is surprisingly basic and falls short of the MCP support offered by Anthropic's Claude Desktop. Currently, ChatGPT doesn't support local MCP servers (SDIO), and you can only add remote MCP servers (SSE, Streamable HTTP). There's also no MCP server catalog, and the worst part is that GPT-5 isn't fully MCP-ready. Source
  • Open

    How this seasoned bug bounty hunter combines Burp Suite and HackerOne to uncover high-impact vulnerabilities
    Arman S., a full-time independent security researcher and bug bounty hunter, talked us through how he uses Burp Suite Professional and HackerOne in tandem to find and report high-value security vulner  ( 4 min )

  • Open

    Citrix forces customers to migrate to License Activation Service (LAS)
    Citrix has announced a fundamental shift in managing product licensing by replacing traditional file-based licensing with a cloud-based License Activation Service (LAS). This mandatory transition affects all on-premises Citrix components, with file-based licensing reaching end of life on April 15, 2026. The change simplifies license management by eliminating manual license file downloads and uploads. The change simplifies license management by eliminating manual license file downloads and uploads. LAS requires registering with Citrix Cloud and periodic connectivity to maintain activations; limited offline operation is supported via a grace period. Source
  • Open

    Vulnerability Management – common understanding and language enable teamwork
    Part of a series This Blog post is part of the series Vulnerability Management Series: 3D (Definition, Deep-Dive, and Difficulties) Vulnerability Management –common understanding and language enable teamwork In order to provide a common ground to talk about a topic, we need some definitions. Not only will this blog post provide a small glossary, but … Continue reading Vulnerability Management – common understanding and language enable teamwork →  ( 23 min )

  • Open

    The Security Time Capsule: Evolving Beyond Legacy Pen Testing
    Legacy point-in-time penetration testing was first implemented in the 1960s, back when networks were static, attackers were hobbyists, and change happened slowly. We live in a very different world now. The practice of testing annually was shaped for a world that no longer exists; one without dynamic cloud infrastructure, identity sprawl, or AI-accelerated threats. And […] The post The Security Time Capsule: Evolving Beyond Legacy Pen Testing appeared first on Praetorian.  ( 23 min )
  • Open

    AI-powered antivirus and threat detection: ManageEngine Malware Protection Plus
    The days of purely signature-driven antivirus and malware protection are over because modern threats evolve too quickly, using advanced techniques that traditional signature databases can't keep up with. ManageEngine Malware Protection Plus (MPP) is a next-generation antivirus solution that leverages AI capabilities to detect malware and contemporary security threats. Source
  • Open

    You Already Have Our Personal Data, Take Our Phone Calls Too (FreePBX CVE-2025-57819)
    We’re back - it’s a day, in a month, in a year - and once again, something has happened. In this week’s episode of “the Internet is made of string and there is literally no evidence to suggest otherwise”, we present even  ( 12 min )
  • Open

    How Sui Move rethinks flash loan security
    Sui’s Move language significantly improves flash loan security by replacing Solidity’s reliance on callbacks and runtime checks with a “hot potato” model that enforces repayment at the compiler level. This shift makes flash loan security a language guarantee rather than a developer responsibility.  ( 6 min )
  • Open

    A buyer’s guide to CHECK in 2025
    TL;DR What is CHECK, when should you use it, and why? CHECK is NCSC’s assurance scheme for penetration testing. It began as a way for government and critical systems to be tested safely, but any organisation can use it if they want the same standard. CHECK must be used when systems handle information marked OFFICIAL, […] The post A buyer’s guide to CHECK in 2025 appeared first on Pen Test Partners.  ( 6 min )

  • Open

    Microsoft’s new AI certifications—Is it still worth pursuing conventional IT certs?
    Microsoft is transforming its certification portfolio to align with the growing demand for artificial intelligence expertise, introducing new AI certifications while retiring several fundamental certifications. The company is launching updated certifications emphasizing practical skills in generative AI, multi-agent orchestration, and Microsoft's AI ecosystem, including Copilot and Azure AI services. Source
  • Open

    The September 2025 Security Update Review
    There’s a crispness in the air – at least here in North America – and with it comes the latest security patches from Adobe and Microsoft. Take a break from your scheduled activities and join us as we review the details of their latest security alerts. If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for September 2025 For September, Adobe released nine bulletins addressing 22 unique CVEs in Adobe Acrobat Reader, After Effects, Premiere Pro, Commerce, Substance 3D Viewer, Experience Manager, Dreamweaver, Adobe 3D Substance Modeler, and ColdFusion. Of these, the ColdFusion update is the only Priority 1 patch, although Adobe notes no exploitation has been detected. The patch for Commerce addresses a single, Critical-rated bug tha…
  • Open

    Detection Engineering: Practicing Detection-as-Code – Versioning – Part 5
    Versioning in the detection library is crucial for maintaining traceability and tracking changes to individual detections and content packs. It enables us to pinpoint the exact state of specific detections at a given point in time, provides a clear history of updates, and facilitates troubleshooting and debugging by identifying which version introduced particular changes.  ( 23 min )
  • Open

    Part 6: Recreating Cobalt Strike’s Process Injection Kit
    Background Process injection or code injection is a technique in which you copy and execute arbitrary code to a target process. It is often used in Offensive Security to execute tasks under the context of another legitimate process on the system. Before this blog my Mythic C2 agent, Xenon, only  ( 8 min )

  • Open

    Beyond good ol’ Run key, Part 151
    Yes, they keep coming. There are still many Windows persistence mechanisms that are not described properly and my mission is to cover it all. Some of these mechanisms may be seen as archaic, unusual, or ‘there is no way it … Continue reading →  ( 2 min )
  • Open

    Windows UAC bug after the August 2025 update
    Microsoft's August 2025 update caused a Windows UAC bug that triggers unplanned User Account Control (UAC) prompts throughout Windows environments. This problem originates from security improvements included in the August 12, 2025, cumulative patches for all supported Windows editions—specifically KB5063878 (Windows 11 24H2), KB5063875 (Windows 11 22H2/23H2), and KB5063709 (Windows 10 22H2 and Windows 10 Enterprise LTSC 2021)—which resolved CVE-2025-50173 but inadvertently created compatibility problems with Windows Installer maintenance functions. Source

  • Open

    Crack the Riddle, Secure the Oasis: Core NetWars Version 11 is Here
    A blog about SANS Institute's new Core NetWars Version 11  ( 12 min )

  • Open

    Expanding on ChunkyIngress - Clippy Goes Rogue (GoClipC2)
    GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.  ( 10 min )

  • Open

    The Cost Savings of Fixing Security Flaws in Development
    No content preview  ( 7 min )

  • Open

    A New Approach to Proving Cybersecurity Value (That Isn’t ROI)
    In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders.  ( 6 min )
    Celebrating 10 Years of Partnership: Snap and HackerOne Reach $1M in Bounties
    At Snap, security is more than a priority—it’s a core mission. Over the past decade, Snap has partnered with HackerOne to build and sustain a robust bug bounty program. This collaboration has led to major milestones, including paying security researchers over $1M in bounties. To celebrate this achievement and their 10-year partnership, we spoke with Jim Higgins, Snap's Chief Information Security Officer, Vinay Prabhushankar, Snap’s Security Engineering Manager, and Ilana Arbisser, Snap’s Privacy Engineer.

  • Open

    Women@ Kicks Off the Year with a Vision Board Event
    No content preview  ( 4 min )

  • Open

    Gain Actionable, Data-backed Insights with HackerOne Recommendations
    What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can.  ( 5 min )

  • Open

    Welcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discovery
    What are Hackbots and how are they impacting vulnerability discovery and the researcher community?  ( 6 min )

  • Open

    DORA Compliance Is Here: What Financial Entities Should Know
    The new DORA regulation: everything your organization needs to know about its impact and how to comply.  ( 5 min )

  • Open

    Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies
    The term “special relationship,” coined by Winston Churchill, describes the close, longstanding alliance between the United States and the United Kingdom. It has been applied to cooperation during war, to trade and commerce, and even to intelligence sharing. That special relationship has clearly influenced the two nations’ recent policy papers on national cybersecurity. The U.K. […] The post Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies appeared first on Synack.  ( 7 min )

  • Open

    Scoping Adventures: How to Get the Most Out of Your Synack Pentesting
    Scoping Adventures is a series of blogs about some of the more interesting penetration tests that the Synack Customer Success teams have worked on over the last few months. Each blog outlines how we engage with the client to achieve the best results from a pentest. Pentesters love colors—red, blue, purple, black, white and grey […] The post Scoping Adventures: How to Get the Most Out of Your Synack Pentesting appeared first on Synack.  ( 11 min )

  • Open

    Applying Strategic Thinking in Your Pentesting Program
    The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common vulnerabilities and exposures (CVEs) were published. At the same time, organization attack surfaces are expanding. […] The post Applying Strategic Thinking in Your Pentesting Program appeared first on Synack.  ( 7 min )

  • Open

    The U.S. has a new cybersecurity strategy. What’s next for CISOs?
    One week ago, the Biden administration unveiled its long-awaited U.S. National Cybersecurity Strategy, with an eye toward centralizing government cyber resources and holding IT vendors more accountable for their digital defenses. Now that the ink is dry on the 35-page document, top officials like Acting National Cyber Director Kemba Walden are busy putting it into […] The post The U.S. has a new cybersecurity strategy. What’s next for CISOs? appeared first on Synack.  ( 7 min )
2025-10-06T00:51:49.117Z osmosfeed 1.15.1