• Open

    Julius v0.2.0: From 33 to 63 Probes — Now Detecting Cloud AI, Enterprise Inference, and RAG Pipelines
    TL;DR: Julius v0.2.0 nearly doubles LLM fingerprinting probe coverage from 33 to 63, adding detection for cloud-managed AI services (AWS Bedrock, Azure OpenAI, Vertex AI), high-performance inference servers (SGLang, TensorRT-LLM, Triton), AI gateways (Portkey, Helicone, Bifrost), and self-hosted RAG platforms (PrivateGPT, RAGFlow, Quivr). This release also hardens the scanner itself with response size limiting and […] The post Julius v0.2.0: From 33 to 63 Probes — Now Detecting Cloud AI, Enterprise Inference, and RAG Pipelines appeared first on Praetorian.  ( 12 min )

  • Open

    Attack Paths Don’t Stop at Identity Providers
    Modeling Okta in BloodHound Enterprise to uncover cross-platform identity risk Introduction Identity is no longer confined to a single system. In modern environments, identity spans multiple platforms: Active Directory, Okta, Entra, GitHub, and others; each operating within its own environment, with its own model for authentication and access. These systems are connected through federation, synchronization, […] The post Attack Paths Don’t Stop at Identity Providers appeared first on SpecterOps.  ( 16 min )
    RTFM: Read The Fatal Manual – When Vendor Documentation Creates Critical Attack Paths
    TL;DR: Trusted vendor documentation across 16 major technology companies were actively guiding administrators to deploy critical misconfigurations (often Active Directory Certificate Services) – a misconfiguration known by the community for over four years. These documentation flaws create attack paths that can be worse than traditional CVE-worthy bugs. Through responsible disclosure, some vendors fixed issues within […] The post RTFM: Read The Fatal Manual – When Vendor Documentation Creates Critical Attack Paths appeared first on SpecterOps.  ( 49 min )

  • Open

    Microsoft Sentinel introduces AI-powered automation and delegated access at RSAC 2026
    At RSA Conference 2026, Microsoft announced a comprehensive set of updates to Microsoft Sentinel, its cloud-native Security Information and Event Management (SIEM) platform. The announcements focus on AI-driven automation, simplified multi-tenant management, and enhanced data integration capabilities designed to help security operations centers (SOCs) operate more efficiently at scale. Source  ( 20 min )

  • Open

    Insecure IAM is the root of many cloud security failures
    TL;DR   Introduction Identity and Access Management, or IAM, is one of the most important security controls in any cloud environment. If it is weak, attackers can often work around the protections that sit on top of it.  We see this regularly in cloud penetration tests. Once an attacker has access to compromised credentials, they can […] The post Insecure IAM is the root of many cloud security failures appeared first on Pen Test Partners.  ( 7 min )

  • Open

    Azure APIM Signup Bypass: 97.9% of Developer Portals Still Exploitable Anonymously and from the Internet
    The Azure APIM signup bypass is a critical vulnerability affecting 97.9% of internet-facing Developer Portals. Azure API Management (APIM) exposes APIs to external consumers through a Developer Portal, the interface where developers self-register, obtain API keys, and make API calls. The default APIM configuration ships with Basic Authentication enabled as the identity provider and the […] The post Azure APIM Signup Bypass: 97.9% of Developer Portals Still Exploitable Anonymously and from the Internet appeared first on Praetorian.  ( 20 min )

  • Open

    Spotting issues in DeFi with dimensional analysis
    Using dimensional analysis, you can categorically rule out a whole category of logic and arithmetic bugs that plague DeFi formulas. No code changes required, just better reasoning! One of the first lessons in physics is learning to think in terms of dimensions. Physicists can often spot a flawed formula in seconds just by checking whether the dimensions make sense. I once had a teacher who even kept a stamp that said “non-homogeneous formula” for that purpose (and it was used a lot on students’ work). Developers can use the same approach to spot incorrect arithmetic in smart contracts. In this post, we’ll start with the basics of dimensional analysis in physics and then apply the same reasoning to real DeFi formulas. We’ll also show you how this can be implemented in practice, using Reserv…  ( 7 min )

  • Open

    Discovering Unexpected Okta Attack Paths with BloodHound
    TL;DR: OktaHound is a new data collector for the Okta Platform that ingests information about entities and their relationships within an Okta organization and represents them as nodes and edges in BloodHound’s graph database. Security professionals can then visualize their Okta environments, discover policy violations in their security model, and search for possible attack paths […] The post Discovering Unexpected Okta Attack Paths with BloodHound appeared first on SpecterOps.  ( 18 min )

  • Open

    VS Code 1.112 and 1.113: weekly releases, integrated browser debugging, Copilot CLI agent permissions, MCP server sandboxing
    VS Code transitioned to a weekly Stable release schedule starting with version 1.111 in March 2026, moving away from its previous monthly cadence. Versions 1.112 and 1.113 are the second and third releases under this new schedule, introducing integrated browser debugging, MCP (Model Context Protocol) server sandboxing, Copilot CLI agent permissions, and chat workflow improvements. This article details the most significant technical changes in both releases. Source  ( 19 min )
    Microsoft 365 Backup: delegate administration, configure billing policies
    Microsoft has launched departmental billing for Microsoft 365 Backup, effective March 2, 2026, enabling organizations to configure billing policies, delegate administration, and implement chargeback models across different business units. This enhancement addresses enterprise demands for decentralized backup management while maintaining centralized IT governance and visibility. Source  ( 19 min )

  • Open

    AI-Driven Offensive Security: The Current Landscape and What It Means for Defense
    The capabilities of modern AI models have advanced far beyond what most people in the security industry have fully internalized. AI-generated phishing, script writing, and basic offensive automation are getting plenty of attention, but what happens when you apply agentic AI to the full lifecycle of building, testing, and refining custom malware and command-and-control (C2) […] The post AI-Driven Offensive Security: The Current Landscape and What It Means for Defense appeared first on Praetorian.  ( 12 min )
    Reunifying the Cloud: Introducing Aurelian for Multi-Cloud Security Testing
    You are one week into a cloud penetration test. The client handed you an AWS access key, pointed you at three Azure subscriptions, and mentioned a GCP project that “someone on the platform team set up last year.” Your objective: find everything that is exposed, misconfigured, or one IAM policy away from a full compromise. […] The post Reunifying the Cloud: Introducing Aurelian for Multi-Cloud Security Testing appeared first on Praetorian.  ( 14 min )

  • Open

    PowerShell 7.6: new features, install, and upgrade
    PowerShell 7.6 introduces several new features as part of Microsoft's latest Long-Term Support (LTS) release. With three years of support, it's a strong choice for production servers. Among the key new features in PowerShell 7.6 are improvements that address long-standing annoyances with autocomplete and enhance reliability for common administrative tasks. If you've ever been frustrated by tab completion not working in certain situations or noticed that PowerShell is missing obvious suggestions, this release addresses many of those issues. This article also covers installing PowerShell 7.6 on Windows and upgrading from earlier versions using winget or the MSI installer. Source  ( 20 min )
    Comparing AI chips: GPU, ASIC, and NPU
    This article breaks down the three main categories of AI chips—GPUs, ASICs, and NPUs—and compares the leading hardware defining the future of artificial intelligence. You might think of NVIDIA as the undisputed king of artificial intelligence hardware, but the reality is far more complex. While NVIDIA's graphics processing units (GPUs) currently power the majority of AI model training, a diverse ecosystem of specialized chips is rapidly emerging. Tech giants like Google, Amazon, and Microsoft are designing their own custom silicon to cut costs and improve efficiency, while mobile chipmakers are racing to bring powerful AI capabilities directly to your laptop and smartphone. Source  ( 19 min )
    Update Windows Secure Boot DB certificates with Group Policy and PowerShell
    Microsoft's original Secure Boot certificates from 2011 begin expiring in June 2026. Windows devices that still rely on these certificates will no longer receive security updates for boot components, leaving them out of compliance. To address this, Microsoft is rolling out new 2023 certificates for the UEFI Secure Boot Signature Database (DB). Administrators can deploy these certificates to domain-joined machines using Group Policy, PowerShell, or the Windows Configuration System (WinCS). This article covers the technical background, the registry-based deployment mechanism, and Microsoft's sample automation framework for enterprise rollouts. Source  ( 20 min )

  • Open

    A 32-Year-Old Bug Walks Into A Telnet Server (GNU inetutils Telnetd CVE-2026-32746 Pre-Auth RCE)
    A long, long time ago, in a land free of binary exploit mitigations, when Unix still roamed the Earth, there lived a pre-authentication Telnetd vulnerability. In fact, this vulnerability was born so long ago (way back in 1994) that it may even be older than you. To put the timespan  ( 17 min )

  • Open

    Graph the Planet: Shai-Hulud 2.0
    TL;DR: This blog looks at the Shai-Hulud 2.0 worm through an Attack Path Management lens. I also introduce NPMHound which can be used to visualize NPM package dependencies in BloodHound OpenGraph. Introduction A recent supply chain attack, referred to as Shai-Hulud 2.0, involved an attacker using a worm to infect developer systems that contained credentials […] The post Graph the Planet: Shai-Hulud 2.0 appeared first on SpecterOps.  ( 13 min )

  • Open

    Building an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware Analysis
    Single-tool LLM analysis produces reports that look authoritative but aren't. A serial consensus pipeline catches artifacts and hallucinations at source.  ( 32 min )

  • Open

    CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution
    Key Takeaways CVSS v3.1 base score of 9.8 (Critical) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H, according to the CNA Delta Electronics COMMGR2 contains an out-of-bounds write vulnerability (CWE-787) enabling unauthenticated remote code execution NVD lists the vulnerability as analyzed; vendor advisory Delta-PCSA-2026-00005 is available addressing multiple COMMGR2 vulnerabilities No evidence of active exploitation in the wild; specific affected […] The post CVE-2026-3630: Critical Buffer Overflow in Delta Electronics COMMGR2 Enables Remote Code Execution appeared first on Praetorian.  ( 13 min )

  • Open

    Microsoft adds passkeys to Entra ID registration campaigns
    Starting April 2026, Microsoft Registration Campaigns in Entra ID will support Passkeys (FIDO2) as an authentication method, enabling organizations to deploy phishing-resistant credentials. The update introduces significant configuration changes, particularly for tenants using the Microsoft-managed state, where several campaign settings become non-configurable. This rollout is part of Microsoft's broader strategy to eliminate passwords and aligns with the introduction of Windows Hello passkey support for Entra accounts. Source  ( 19 min )
    Comparing AI protocols: MCP, A2A, AGP, AGNTCY, IBM ACP, Zed ACP
    Seven protocols have emerged to standardize communication between AI agents, models, and external systems: Anthropic Model Context Protocol (MCP), Google Agent2Agent (A2A), Google Agent Gateway Protocol (AGP), Cisco AGNTCY, IBM Agent Communication Protocol (ACP), and Zed Agent Client Protocol (AGP). This article provides an overview of these AI protocols and compares their use cases. Source  ( 19 min )

  • Open

    Introducing Attack Path Management for GitHub in BloodHound Enterprise
    Learn how GitHub acts as both a target and pivot point in attack paths—and how to uncover and remediate the risks hidden in identity and CI/CD relationships. The post Introducing Attack Path Management for GitHub in BloodHound Enterprise appeared first on SpecterOps.  ( 15 min )
    BloodHound Enterprise Expands Beyond Microsoft: Mapping Identity Attack Paths Across Okta, GitHub, and Mac environments
    Learn how modern attackers chain identity access across platforms—and how to uncover and break those paths with cross-environment attack path analysis. The post BloodHound Enterprise Expands Beyond Microsoft: Mapping Identity Attack Paths Across Okta, GitHub, and Mac environments appeared first on SpecterOps.  ( 14 min )

  • Open

    The Most Organized Threat Actors Use Your ITSM (BMC FootPrints Pre-Auth Remote Code Execution Chains)
    SolarWinds. Ivanti. SysAid. ManageEngine. Giants of the KEV world, all of whom have ITSM side-projects. ITSMs, as a group of solutions, have played pivotal roles in numerous ransomware gang campaigns - not only do they represent code running on a system, but they hold a significant amount of sensitive information.  ( 13 min )

  • Open

    When HttpOnly Isn’t Enough: Chaining XSS and GhostScript for Full RCE Compromise
    What started as a standard cross-site scripting vulnerability in a document processing platform turned into a full administrative takeover of the application and, ultimately, remote code execution on the underlying server. The HttpOnly flag protected the session cookie from Javascript, but did the application keep it safe? During a recent assessment of a document processing […] The post When HttpOnly Isn’t Enough: Chaining XSS and GhostScript for Full RCE Compromise appeared first on Praetorian.  ( 14 min )

  • Open

    The Security Horizon of Agentic AI: A Claude Code Case Study
    What started as a small curiosity during a code review ended with a CVE and some hard questions about agentic AI security. A while back, I was using Claude Code to audit a codebase when I noticed something odd. When pulling references and documentation, it explicitly asked for permission for some domains but not for […] The post The Security Horizon of Agentic AI: A Claude Code Case Study appeared first on Praetorian.  ( 15 min )

  • Open

    Upgrade Windows 10 and 11 to Windows 11 25H2 with the Installation Assistant
    Microsoft released a dedicated upgrade tool called Windows 11 Installation Assistant 25H2 that lets you perform an in-place upgrade from Windows 10 or older Windows 11 versions directly to Windows 11 25H2 (the 2025 Update). The assistant automates the hardware compatibility check, download, and installation, preserving your files, applications, and most settings. It is available from the Microsoft Download Center and works only on x64-based PCs. Understanding the requirements and process before you start helps you avoid common pitfalls. Source  ( 16 min )
    Azure Copilot Migration Agent: AI-assisted migration planning for VMware, Hyper-V, and bare-metal servers
    Azure Copilot Migration Agent is a new AI agent built into the Azure portal that assists with planning migrations from VMware, Hyper-V, and bare-metal servers to Azure. It works on top of Azure Migrate data and goes beyond answering questions: it can actively create business cases and assessments, apply tags to discovered servers, and generate deployable landing zone templates — all through natural language prompts. What it cannot do is execute the actual migration. Replication, test migrations, and cutover are performed in the Azure Migrate portal, not through the agent. The agent is currently in public preview. Source  ( 21 min )

  • Open

    LABScon25 Replay | Your Apps May Be Gone, But the Hackers Made $9 Billion and They’re Still Here
    Andrew MacPherson exposes how crypto thieves exploit DeFi architecture, from the $1.5 billion Bybit heist to drainers-as-a-service and fund laundering.  ( 23 min )

  • Open

    Accidental Engineer: Building My First Hardware Tool the Hard Way
    I set out to build a rugged badge-cloning tool for field use, with zero hardware background. This is the story of learning electrical engineering from scratch, navigating bad assumptions, and discovering that curiosity, persistence, and hands-on testing can take you further than you think.  ( 10 min )

  • Open

    Agent Commander: Promptware-Powered Command and Control
    This post is about prompt-based command and control (C2), which is becoming more relevant. What is Promptware-Powered C2? Three years ago, when ChatGPT introduced the browsing tool, we already experimented with the idea of prompt-based command and control. And when ChatGPT got memories we showed that this can be combined and abused for a full command and control channel. Recent work uses the term promptware to describe prompt-injection payloads that are more complex in behavior and closer to malware. I’m using that term here as it fits well.  ( 7 min )

  • Open

    Update: oledump.py Version 0.0.85
    Fixing newlines in some plugins. oledump_V0_0_85.zip (http)MD5: D972CE411B395EF77DBCE9A63059E8C1SHA256: 721C095F3126745A42720316A0B3AC1BCCB9DCDBBA9FF59F5FE1F70F8BA3A1AB  ( 11 min )

  • Open

    Augustus v0.0.9: Multi-Turn Attacks for LLMs That Fight Back
    Single-turn jailbreaks are getting caught. Guardrails have matured. The easy wins — “ignore previous instructions,” base64-encoded payloads, DAN prompts — trigger refusals on most production models within milliseconds. But real attackers don’t give up after one message. They have conversations. Augustus v0.0.9 now ships with a unified engine for LLM multi-turn attacks, with four distinct […] The post Augustus v0.0.9: Multi-Turn Attacks for LLMs That Fight Back appeared first on Praetorian.  ( 11 min )

  • Open

    Windows 11 Insider Preview builds 26300 and 26220: Policy-based removal of preinstalled apps
    Microsoft released Windows 11 Insider Preview Build 26300.8068 (KB 5079464) to the Dev Channel and Build 26220.8062 (KB 5079458) to the Beta Channel. Both updates are based on Windows 11 version 25H2 and are delivered via an enablement package. The releases introduce a stricter kernel-level driver trust policy, expanded enterprise app-removal controls, improvements to point-in-time restore, and a renamed Drop Tray feature. Most changes are initially available to Insiders who enable the early-update toggle in Settings > Windows Update. Source  ( 19 min )
    How to view effective settings in Microsoft Defender for Endpoint
    Microsoft Defender for Endpoint now includes an effective settings feature, generally available as of March 2026, that shows which security configurations are actually enforced on a device. Source  ( 16 min )

  • Open

    Update: oledump.py Version 0.0.84
    This is a fix for option –yarastrings. oledump_V0_0_84.zip (http)MD5: 24EA0DEAA6FCB2FA234F33DD179BBAAFSHA256: C966607C864AAE1D956279B4C3087D37BD003072ED39143512979E771BA5462A  ( 11 min )

  • Open

    Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly
    Everyone knows that one person on the team who’s inexplicably lucky, the one who stumbles upon a random vulnerability seemingly by chance. A few days ago, my coworker Michael Weber was telling me about a friend like this who, on a recent penetration test, pressed the shift key five times at an RDP login screen […] The post Et Tu, RDP? Detecting Sticky Keys Backdoors with Brutus and WebAssembly appeared first on Praetorian.  ( 21 min )
    Mapping the Unknown: Introducing Pius for Organizational Asset Discovery
    Asset discovery is an essential part of Praetorian’s service delivery process. When we are engaged to carry out continuous external penetration testing, one key action is to build and maintain a thorough target asset inventory that goes beyond any lists or databases provided by the system owner. Pius is our open-source attack surface mapping tool […] The post Mapping the Unknown: Introducing Pius for Organizational Asset Discovery appeared first on Praetorian.  ( 15 min )

  • Open

    Windows 11 KB5079387: No more clean install for Smart App Control, Group Policy start menu fix, Remote Desktop DisableSeamlessLanguageBar parameter for Set-RDSessionCollectionConfiguration
    Microsoft released KB5079387 to the Release Preview Channel, covering Windows 11 versions 24H2 (build 26100.8106) and 25H2 (build 26200.8106). The update is a non-security preview of the upcoming monthly quality update and delivers improvements across security management, Group Policy, Remote Desktop, File Explorer, printing compatibility, and display handling. Some features roll out gradually; others are available immediately upon installation. Source  ( 20 min )

  • Open

    Ivanti EPMM ‘Sleeper Shells’ not so sleepy?
    In late January 2026 an advisory covering two remote code execution vulnerabilities (CVE-2026-1281 & CVE-2026-1340) in Ivanti Endpoint Manager Mobile (EPMM) was published. Shortly after reports (in example by tenable) mentioned publicly available proof-of-concept exploits. On 09th February 2026, Defused published a blog post mentioning a specific webshell being deployed on EPMM devices via this … Continue reading Ivanti EPMM ‘Sleeper Shells’ not so sleepy? →  ( 11 min )

  • Open

    Winning CTFs: A Proving Ground at HackMex & Ekoparty
    CTF competitions push offensive security skills to their limits. In 2025, the Bishop Fox Mexico team claimed first place at both HackMex Finals and EkoParty Red Team Space. Discover how the team navigated web exploitation, infrastructure compromise, and AWS attack paths to win.  ( 8 min )

  • Open

    HTTP/1.1 Must Die: Conquering the 0.CL Challenge
    Note: This is a guest post by pentester Julen Garrido Estévez (@b3xal). 1. Acknowledgements 2. Intro 3. Required tools 4. Strategy to solve/exploit the lab 5. Detecting 0.CL 5.1. Practical confirmatio  ( 20 min )

  • Open

    Update: pdf-parser.py Version 0.7.14
    This is a fix for option –yarastrings. pdf-parser_V0_7_14.zip (http)MD5: EB3808ACE5497B428138594AFDC5205FSHA256: 6A60223D52B75F8AFF8C8CF19A58699A20829AC758C251B405B08EC734EF6A4A  ( 11 min )

  • Open

    When Proxies Become the Attack Vectors in Web Architectures
    Many Reverse proxy attack vectors expose a flawed assumption in modern web architectures that backends can blindly trust security-critical headers from upstream reverse proxies. This assumption breaks down because HTTP RFC flexibility allows different servers to interpret the same headers in fundamentally different ways, creating exploitable gaps that attackers are increasingly targeting. I want to […] The post When Proxies Become the Attack Vectors in Web Architectures appeared first on Praetorian.  ( 15 min )

  • Open

    Enable RSAT (Remote Server Administration Tools) on Arm-based Windows 11 PCs
    Remote Server Administration Tools (RSAT) are now natively supported on Arm64-based Windows 11 PCs. Starting with the February 2026 non-security preview update (KB5077241), six RSAT components are available as optional components on Windows 11 versions 24H2 and 25H2, including Server Manager. Source  ( 16 min )
    What is Microsoft Agent 365?
    Microsoft Agent 365 is the control plane for AI agents in the enterprise: a set of capabilities built on Microsoft Entra, Purview, Defender XDR, and the Microsoft 365 Admin Center that gives IT and security teams a single location to observe, govern, manage, and secure AI agents — regardless of whether they were built with Microsoft tooling, open-source frameworks, or third-party platforms. Source  ( 18 min )

  • Open

    Announcing Pwn2Own Berlin for 2026
    If you just want to read the contest rules, click here.   Willkommen zurück, meine Damen und Herren, zu unserem zweiten Wettbewerb in Berlin! That’s correct (if Google translate didn’t steer me wrong). After our inaugural competition last year, Pwn2Own returns to Berlin and OffensiveCon. Outside of our shipping troubles, we had an amazing time and can’t wait to get back. Last year, we added Artificial Intelligence as a category with great results. This year, we’re expanding this and splitting it into multiple different categories: AI Databases, Coding Agents, Local Inferences, and a separate category for NVIDIA products. In last year’s contest, NVIDIA targets had wins, losses, and collisions, so it will be interesting to see how they fare this year. The folks from AWS wanted to get into th…

  • Open

    Leveraging Tailscale Keys
    TL;DR: This post introduces red team operators to Tailscale concepts and tradecraft that can be leveraged in the reader compromises Tailscale keys in their target environment. Over the past year, we started coming across Tailscale authentication keys in Continuous Integration/Continuous Deployment (CI/CD) pipelines during Red Team assessments. Tailscale keys could play a critical role in […] The post Leveraging Tailscale Keys appeared first on SpecterOps.  ( 21 min )

  • Open

    Taming the dragon: reverse engineering firmware with Ghidra
    Introduction   I stumbled into infosec the same year the NSA graced us with Ghidra. It’s by far become the most used tool in my arsenal for reverse engineering and vulnerability research. It’s free, extensible, and supports some of the quirkier architectures we come across.  But its learning curve is steep.  This blog post is the culmination of my learnings from spending what may be too many hours in front of Ghidra’s glaring and dated UI. It focuses […] The post Taming the dragon: reverse engineering firmware with Ghidra  appeared first on Pen Test Partners.  ( 13 min )

  • Open

    Automation without alignment: The hidden cost of modern DAST
    I'm a firm believer that if you want to understand how secure an application really is, you have to test how it behaves, not just how it was written. Automation has become essential to that. No AppSec  ( 6 min )

  • Open

    Update: zipdump.py Version 0.0.34
    This update adds option forcedecompress when using options -f and -s. More info: Analyzing “Zombie Zip” Files (CVE-2026-0866). zipdump_v0_0_35.zip (http)MD5: F4A48AE14C1B258D688BF61D9ACF5E54SHA256: 8DF7B3EBA282A0391AD619AD33A5F77CD25CC0FDA760E116934DD953714A27C5  ( 11 min )

  • Open

    Emergent Architectural Leakage in Frontier Models: The Dual-Claude Phenomenon
    TL;DR: A pleasant evening conversation last summer with Claude resulted in a possible disclosure of its internal architecture. Introduction As a red teamer, one of my favorite pastimes involves assessing emerging technologies for susceptibility. AI has become one of my niche areas, seeing as it’s become quite ubiquitous and also developed very quickly. While my […] The post Emergent Architectural Leakage in Frontier Models: The Dual-Claude Phenomenon appeared first on SpecterOps.  ( 16 min )

  • Open

    Windows Autopatch enables hotpatch updates by default in May 2026
    Microsoft announced that Windows Autopatch will enable hotpatch security updates by default for all eligible devices starting with the May 2026 Windows security update. The change affects devices managed through Microsoft Intune and the Windows updates API in Microsoft Graph. Hotpatch updates install security fixes without requiring a device restart, accelerating compliance across organizations. Previously, this feature required manual activation by administrators. Source  ( 18 min )

  • Open

    Six mistakes in ERC-4337 smart accounts
    Account abstraction transforms fixed “private key can do anything” models into programmable systems that enable batching, recovery and spending limits, and flexible gas payment. But that programmability introduces risks: a single bug can be as catastrophic as leaking a private key. After auditing dozens of ERC‑4337 smart accounts, we’ve identified six vulnerability patterns that frequently appear. By the end of this post, you’ll be able to spot these issues and understand how to prevent them. How ERC-4337 works Before we jump into the common vulnerabilities that we often encounter when auditing smart accounts, here’s the quick mental model of how ERC-4337 works. There are two kinds of accounts on Ethereum: externally owned accounts (EOAs) and contract accounts. EOAs are simple key-authoriz…  ( 8 min )

  • Open

    PortSwigger X Intigriti: Burp Suite Professional licenses up for grabs with this new collaboration
    At PortSwigger, we’re always looking for ways to enable the world to secure the web, and today we’re excited to take that mission a step further. We’re pleased to announce a new collaboration bringing  ( 3 min )

  • Open

    Update: zipdump.py Version 0.0.34
    This is a fix for option –yarastrings. zipdump_v0_0_34.zip (http)MD5: F2BB1DF9A4E1BA323D85C3F8F71B5E69SHA256: 2455A026DB2BE1678AD8F1AAC2D148D40A7AB7412CCE180C3E9E1FC4B39B9378  ( 11 min )
    Update: pecheck.py Version 0.7.20
    This is a fix for option –yarastrings. pecheck-v0_7_20.zip (http)MD5: DB34684DA9A5DEC0E94746328318FFE1SHA256: F6B702206E4DAE3971778263F4B234F7E77BA91A3A1F59419D12CA312316CA96  ( 11 min )

  • Open

    When Proxies Become the Attack Vectors in Web Architectures
    The post When Proxies Become the Attack Vectors in Web Architectures appeared first on Praetorian.  ( 23 min )

  • Open

    The March 2026 Security Update Review
    I am back in the friendly confines of the Mid-South headquarters of TrendAI ZDI (a.k.a. my home office), and am all set for the third patch Tuesday of 2026. Take a break from your regularly scheduled activities and let’s take a look at the latest security patches from Adobe and Microsoft.If you’d rather watch the full video recap covering the entire release, you can check it out here: Adobe Patches for March 2026 For March, Adobe released eight bulletins addressing 80 unique CVEs in Adobe Acrobat Reader, Commerce, Illustrator, Substance 3D Painter, Premier Pro, Experience Manager, Substance 3D Stager, and the Adobe DNG Software Development Kit (SDK). Two of these bugs were submitted through the TrendAI ZDI program. If you need to prioritize, the update for Acrobat likely has the most impac…

  • Open

    Microsoft 365 Copilot Wave 3 – Why Copilot Cowork is not a coworker
    Microsoft announced Wave 3 of Microsoft 365 Copilot, introducing Copilot Cowork as a new AI-driven work mode that executes multi-step tasks across Office applications. However, Copilot Cowork is a double misnomer because the tool qualifies as neither a copilot nor a coworker. Source  ( 18 min )

  • Open

    The Nemesis 2.X Development Guide
    TL;DR: Nemesis 2.X makes it easy to extend the platform – this guide walks through creating new file enrichment modules (manually or via Codex/Claude Code skills), adding custom Yara/Nosey Parker rules, and building C2 connectors, all with a significantly simplified architecture compared to 1.0. One of our big goals with the new Nemesis 2.0 rewrite […] The post The Nemesis 2.X Development Guide appeared first on SpecterOps.  ( 18 min )

  • Open

    Update: search-for-compression.py 0.0.6
    This is a fix for option –yarastrings in search-for-compression.py.  ( 11 min )

  • Open

    Beyond Prompt Injection: The Hidden AI Security Threats in Machine Learning Platforms
    What’s the first thing you think of when you hear about AI attacks and vulnerabilities? If you’re like most people, your mind probably jumps to Large Language Model (LLM) vulnerabilities—system prompt disclosures, jailbreaks, or prompt injections that trick chatbots into revealing sensitive information or behaving in unintended ways. These risks have dominated headlines and security […] The post Beyond Prompt Injection: The Hidden AI Security Threats in Machine Learning Platforms appeared first on Praetorian.  ( 14 min )

  • Open

    Microsoft Teams VDI optimization: migrating from WebRTC to SlimCore (VDI 2.0)
    Microsoft is retiring the legacy WebRTC-based optimization for Teams in Virtual Desktop Infrastructure (VDI) and replacing it with a new architecture called SlimCore — also referred to as VDI 2.0 — introduced in Q4 2024. The change affects Windows endpoints connecting to Azure Virtual Desktop (AVD), Windows 365, and Citrix, with defined End of Support and End of Availability milestones. In parallel, Microsoft has announced a public tech preview of the new optimization for Omnissa Horizon. This article covers the architectural differences, supported platforms, new features, and the steps required to complete the migration. Source  ( 20 min )

  • Open

    Pre-Authentication SQL Injection in FortiClient EMS 7.4.4 - CVE-2026-21643
    FortiClient EMS 7.4.4 contains a pre-authentication SQL injection vulnerability (CVSS 9.1) in its multi-tenant site routing middleware. An unauthenticated attacker can inject arbitrary SQL by sending a crafted Site HTTP header to any pre-auth endpoint.  ( 14 min )

  • Open

    From Narrative to Knowledge Graph | LLM-Driven Information Extraction in Cyber Threat Intelligence
    LLMs can turn CTI narratives into structured intelligence at scale, but speed-accuracy trade-offs demand careful design for operational defense workflows.  ( 46 min )

  • Open

    Update: emldump.py Version 0.0.16
    This is a fix for option –yarastrings. emldump_V0_0_16.zip (http)MD5: FF80F7768800EB5AB3A77FEF3E162285SHA256: 87A33A9345C927B56377CBEC04811826930866C181885A6793F70C53A3418426  ( 11 min )

  • Open

    Windows Inter Process Communication A Deep Dive Beyond the Surface - Part 10
    Welcome to the next wave of the RPC series. This will be the first post of 2026, and the first post in a new wave that will bring a lot of information that, as far as I know, has never been discussed before. This wave will mainly follow two paths.  ( 8 min )

  • Open

    Update: base64dump.py Version 0.0.29
    This is a fix for option –yarastrings. base64dump_V0_0_29.zip (http)MD5: CA3FD00D6AD8B6C0CD091526E3D45D72SHA256: 2B203BF336D4D7971E4277CE9438D271E9F002E75A2386B97BA61C543D712964  ( 11 min )

  • Open

    Building Bridges, Breaking Pipelines: Introducing Trajan
    TL;DR: Trajan is an open-source CI/CD security tool from Praetorian that unifies vulnerability detection and attack validation across GitHub Actions, GitLab CI, Azure DevOps, and Jenkins in a single cross-platform engine. It ships with 32 detection plugins and 24 attack plugins covering poisoned pipeline execution, secrets exposure, self-hosted runner risks, and AI/LLM pipeline vulnerabilities. It […] The post Building Bridges, Breaking Pipelines: Introducing Trajan appeared first on Praetorian.  ( 20 min )

  • Open

    Windows Terminal Preview 1.25: Kitty protocol, settings search, and GUI for key bindings
    Windows Terminal Preview 1.25 was released in March, after a brief pause in the quarterly release cycle to focus on reliability and performance. The update introduces a Settings search UI, a rewritten Actions editor for key binding configuration, built-in support for Kitty's Keyboard protocol, two new community translations, and several miscellaneous improvements and bug fixes. You can install it from the Microsoft Store, the GitHub releases page, or via winget. Source  ( 16 min )

  • Open

    Microsoft Defender onboarding deployment with a single EXE
    The Defender deployment tool for Windows now ships as a single .exe with the onboarding package baked in, with configurable expiry dates, a required portal key to activate it, and onboarding event logs visible in the device timeline — replacing the old script/blob approach. The previous tool gave no clear status feedback, leaving admins unable to tell if onboarding was in progress or had failed. Source  ( 18 min )
    Windows Autopatch update readiness: management status report, quality update journey, alerts, and update readiness checker
    Windows Autopatch update readiness reached general availability, adding four capabilities to the Windows Autopatch blade in the Microsoft Intune admin center. The new features—management status report, quality update journey, alerts and remediations, and Update Readiness Checker—give IT teams proactive visibility into device readiness, update blockers, and remediation guidance across Intune-managed Windows fleets. All capabilities are included in the existing Windows Autopatch license at no additional cost. Windows Autopatch is available for customers with Windows Enterprise, Frontline, US Government, Education, and Business Premium SKUs. Source  ( 17 min )

  • Open

    On the Effectiveness of Mutational Grammar Fuzzing
    Mutational grammar fuzzing is a fuzzing technique in which the fuzzer uses a predefined grammar that describes the structure of the samples. When a sample gets mutated, the mutations happen in such a way that any resulting samples still adhere to the grammar rules, thus the structure of the samples gets maintained by the mutation process. In case of coverage-guided grammar fuzzing, if the resulting sample (after the mutation) triggers previously unseen code coverage, this sample is saved to the sample corpus and used as a basis for future mutations. This technique has proven capable of finding complex issues and I have used it successfully in the past, including to find issues in XSLT implementations in web browsers and even JIT engine bugs. However, despite the approach being effective, it is not without its flaws which, for a casual fuzzer user, might not be obvious. In this blogpost I will introduce what I perceive to be the flaws of the mutational coverage-guided grammar fuzzing approach. I will also describe a very simple but effective technique I use in my fuzzing runs to counter these flaws.  ( 7 min )

  • Open

    The MCP AuthN/Z Nightmare
    This article shares our perspective on the current state of authentication and authorization in enterprise-ready, remote MCP server deployments. Before diving into that discussion, we’ll first outline the most common attack vectors. Understanding these threats is essential to properly frame the security challenges that follow. If you’re already familiar with them, feel free to skip to the section “Enterprise Authentication and Authorization: a Work in Progress” below. Huge shoutout to Teleport for sponsoring this research. Thanks to their support, we have been able to conduct cutting-edge security research on this topic. Stay tuned for upcoming MCP security updates! At this stage, introducing the Model Context Protocol (MCP) would be redundant since it has already been thoroughly covered i…  ( 10 min )

  • Open

    Offensive DPAPI With Nemesis
    TL;DR: Nemesis 2.2 automates the entire DPAPI decryption chain – from SYSTEM/user masterkeys through CNG keys to Chromium’s latest App-Bound Encryption – with robust forward as well as retroactive decryption. The Windows Data Protection API, or DPAPI, is the fun little technology that just won’t disappear from offensive operations. I first talked about abusing DPAPI […] The post Offensive DPAPI With Nemesis appeared first on SpecterOps.  ( 18 min )

  • Open

    How to install Windows Admin Center vMode on Windows Server 2025
    Windows Admin Center (WAC) vMode (Virtualization Mode) is a current in-preview management gateway for Hyper-V environments, deployable as a stateful appliance with an integrated PostgreSQL database. Unlike aMode (Administration Mode), vMode targets centralized virtualization management across multiple hosts and clusters, without requiring System Center Virtual Machine Manager (SCVMM). The only mandatory prerequisite is the Microsoft Visual C++ Redistributable. This article covers the system requirements, environment preparation, and installer walkthrough for vMode, and briefly explains how aMode installation differs. Source  ( 18 min )
    Enable Windows Group Policy Preferences (GPP) debug logging
    Starting with the February 2026 preview updates for Windows 11 24H2 and 25H2, Microsoft has made Group Policy Preferences (GPP) debug logging configurable directly in Local Group Policy via gpedit.msc. Previously, these settings were primarily managed through domain-based Group Policy Objects (GPOs); enabling them via Local Group Policy typically required manually copying the GroupPolicyPreferences .admx/.adml templates into the local PolicyDefinitions store. You can now enable per-CSE (client-side extension) event logging and file-based tracing on individual client devices without a domain controller. Source  ( 18 min )

  • Open

    7 Ways to Execute Command on Azure Virtual Machine & Virtual Machine Scale Sets
    Examples of different command execution paths for Azure Virtual Machines and Virtual Machine Scale Sets. The post 7 Ways to Execute Command on Azure Virtual Machine & Virtual Machine Scale Sets appeared first on NetSPI.  ( 27 min )

  • Open

    4sysops turns 20
    Twenty years ago, I authored my first 4sysops blog post. However, my fascination with IT started much earlier. I can't recall exactly how I came to this realization, but I initially believed that computers were superior learning tools to books and that studying how to use them would give me superpowers. Forgive me, I was just an immature teenager. Although I soon forgot this idea, I was already hooked after the initial lines of my first computer program. Source  ( 15 min )

  • Open

    Sometimes, You Can Just Feel The Security In The Design (Juniper Junos Evolved CVE-2026-21902 Pre-Auth RCE)
    On today’s ‘good news disguised as other things’ segment, we’re turning our gaze to CVE-2026-21902 - a recently disclosed “Incorrect Permission Assignment for Critical Resource” vulnerability affecting Juniper’s Junos OS Evolved platform. This vulnerability affects only Juniper’s PTX  ( 7 min )

  • Open

    Beyond Electron: Attacking Alternative Desktop Application Frameworks
    Tauri promises a lighter, security-first future beyond Electron—but does it actually reduce risk? Carlos Yanez uncovers how XSS and permissive configs can still be chained into RCE, walking through real-world exploitation techniques every appsec team should understand.  ( 12 min )

  • Open

    Detecting Fake Active Directory Password Changes
    In Active Directory, there has been a method that’s been around for many years which changes the password last set date but not the actual password. This is what I call a “fake password change” since the account appears to have a recent password when scanning for old passwords based on password last set, but … Continue reading  ( 8 min )

  • Open

    Breaking Out of Citrix and other Restricted Desktop Environments
    Introduction Many organisations are turning to virtualisation of apps and desktops. This often involves virtualisation platforms such as Citrix to deliver these services.  Get your configuration or lock-down wrong and you’ll find users ‘breaking out’ of the environment you thought you had secured. It might not be long after that when you find that your entire domain […] The post Breaking Out of Citrix and other Restricted Desktop Environments appeared first on Pen Test Partners.  ( 21 min )

  • Open

    Enable Windows 365 Reserve on a Windows 365 Boot device
    Windows 365 Reserve and Windows 365 Boot are two complementary Microsoft cloud services that, when combined, let employees resume work on a preconfigured Cloud PC from any Windows 11 device without additional setup. Windows 365 Reserve provides short-term Cloud PC access for users whose primary physical device is unavailable. Windows 365 Boot redirects the Windows 11 sign-in experience directly to a Cloud PC, though administrators can configure policies to allow users to access the physical device's local OS if needed. Source  ( 18 min )
    Enable batch file secure mode in Windows 11 with LockBatchFilesWhenInUse: Lock running batch scripts
    Windows 11 Insider Preview builds introduce a new secure processing mode for batch files and CMD scripts. IT administrators can enable it via a registry value named LockBatchFilesWhenInUse, which prevents batch files from being altered while they execute. The feature also improves performance when Windows Defender Application Control (WDAC) code integrity policies are active. It is currently available in the Dev Channel build 26300.7939, and the Beta Channel build 26220.7934. Source  ( 15 min )

  • Open

    Overview of Content Published in February
    Here is an overview of content I published in February: Blog posts: Update: rtfdump.py Version 0.0.14 Update: rtfdump.py Version 0.0.15 SANS ISC Diary entries: YARA-X 1.13.0 Release Quick Howto: Extract URLs from RTF files  ( 11 min )

  • Open

    Enable Windows ReFS boot: Install Windows Server on Resilient File System volumes
    Windows Server vNext Insider Preview build 29531 introduces ReFS boot, allowing you to install and start Windows Server from a Resilient File System (ReFS)-formatted boot volume for the first time. This feature brings integrity-level metadata checksums, online corruption repair, block cloning, and 35-petabyte volume scalability to the OS boot partition — capabilities that NTFS cannot match. ReFS boot requires UEFI firmware and a minimum of 2 GB for the WinRE partition. Learn how to enable Windows ReFS boot during Windows Server installation. Source  ( 16 min )
    Monitoring Secure Boot certificate installation status with Intune and PowerShell
    Microsoft Secure Boot certificates issued by the 2011 Certificate Authorities (CAs) are expiring starting June 2026. Every Windows device with Secure Boot enabled must be updated to trust the 2023 certificates before expiration to retain security update support. Microsoft provides a monitoring-only approach using Intune Remediations that runs a PowerShell detection script on enrolled devices and reports Secure Boot and certificate status back to the Intune admin center — without making any changes to devices. This article explains the prerequisites, deployment steps, data collected, and how to read the results. Source  ( 18 min )

  • Open

    How AI Agents Automate CVE Vulnerability Research
    The CVE Researcher is a multi-agent AI pipeline that automates vulnerability research, detection template generation, and exploitation analysis. Built on Google’s Agent Development Kit (ADK), it coordinates specialized AI models through four phases — deep research, technology reconnaissance, actor-critic template generation, and exploitation analysis — to produce production-ready Nuclei detection templates overnight. Beyond Simple Automation […] The post How AI Agents Automate CVE Vulnerability Research appeared first on Praetorian.  ( 13 min )
    What’s Running on That Port? Introducing Nerva for Service Fingerprinting
    Nerva is a high-performance, open-source CLI tool that identifies what services are running on open network ports. It fingerprints 120+ protocols across TCP, UDP, and SCTP, averaging 4x faster than nmap -sV with 99% detection accuracy. Written in Go as a single binary, Nerva helps security teams rapidly move from port discovery to service identification. […] The post What’s Running on That Port? Introducing Nerva for Service Fingerprinting appeared first on Praetorian.  ( 13 min )

  • Open

    Introducing CloudFox GCP: Attack Path Identification for Google Cloud
    Meet CloudFox GCP, an offensive security tool built to map identities, enumerate resources, and uncover real attack paths in Google Cloud. Designed for practitioners, it exposes privilege escalation, lateral movement, and data exfiltration risks so you can secure GCP before attackers exploit it.  ( 12 min )

  • Open

    Windows Server 2025 security baseline 2602: 10 new settings
    Microsoft released version 2602 of the Security Baseline for Windows Server 2025, approximately eight months after the previous version 2506. The update adds 10 new Group Policy settings and removes one, focusing on NTLM auditing, printer security, and authentication hardening. Most of the new policies were already included in the Windows 11 Security Baselines since 2022 and are now being backported to the server edition. The baseline is available as part of the Microsoft Security Compliance Toolkit 1.0. Source  ( 18 min )
    Microsoft Defender for Endpoint: library management for live response, vulnerability reporting, predictive shielding
    Microsoft Defender for Endpoint has received a set of new features and enhancements in February 2026, covering live response management, configuration visibility, vulnerability reporting, and predictive threat mitigation. These updates span endpoints running Windows, macOS, Linux, Android, and iOS. This article covers the most significant additions to the Defender portal and their operational impact on security teams. Source  ( 18 min )

  • Open

    A Deep Dive into the GetProcessHandleFromHwnd API
    In my previous blog post I mentioned the GetProcessHandleFromHwnd API. This was an API I didn’t know existed until I found a publicly disclosed UAC bypass using the Quick Assist UI Access application. This API looked interesting so I thought I should take a closer look. I typically start by reading the documentation for an API I don’t know about, assuming it’s documented at all. It can give you an idea of how long the API has existed as well as its security properties. The documentation’s remarks contain the following three statements that I thought were interesting: If the caller has UIAccess, however, they can use a windows hook to inject code into the target process, and from within the target process, send a handle back to the caller. GetProcessHandleFromHwnd is a convenience function that uses this technique to obtain the handle of the process that owns the specified HWND. Note that it only succeeds in cases where the caller and target process are running as the same user.  ( 11 min )

  • Open

    ShimBad the Sailor, Part 3
    Windows 11 brings us a lot of new Shim-related goodies and it makes sense to cover at least some of them. In the second part of this series I listed a number of process names that are treated in a … Continue reading →  ( 2 min )

  • Open

    Buy A Help Desk, Bundle A Remote Access Solution? (SolarWinds Web Help Desk Pre-Auth RCE Chain(s))
    It’s been a while, but we’re back - in time for story time. Gather round, strap in, and prepare for another depressing journey of “all we wanted to do was reproduce an N-day, and here we are with 0-days”. Today, friends, we’re  ( 20 min )

  • Open

    Nemesis 2.2
    TL;DR: Nemesis 2.2 introduces a number of powerful new features focusing on large container processing, data processing agents, enhanced DPAPI support, and a host of performance improvements. It’s been several months since we released Nemesis 2.0: our ground-up rewrite of the Nemesis file enrichment project. Since then, @tifkin_ and I have worked hard on another […] The post Nemesis 2.2 appeared first on SpecterOps.  ( 22 min )

  • Open

    AI-Powered CVE Research: Winning the Race Against Emerging Vulnerabilities
    The Vulnerability Time Gap When CISA adds a new CVE to the Known Exploited Vulnerabilities catalog, a clock starts ticking. Security teams must understand the vulnerability, determine if they are exposed, and deploy detection mechanisms before adversaries weaponize the flaw. This process traditionally takes days or weeks of manual research by skilled security engineers who […] The post AI-Powered CVE Research: Winning the Race Against Emerging Vulnerabilities appeared first on Praetorian.  ( 10 min )

  • Open

    Update Secure Boot certificates on Windows Server and VMs before June 2026
    Microsoft's original Secure Boot certificates — issued in 2011 — begin expiring in June 2026. Unlike Windows 11, Windows Server does not receive these updates automatically via Windows Update. Administrators must manually deploy the 2023 replacement certificates to all applicable servers and Generation 2 virtual machines before the deadline. Systems that remain on the 2011 certificates after expiration enter a degraded security posture and cannot receive future Secure Boot updates. Source

  • Open

    mquire: Linux memory forensics without external dependencies
    If you’ve ever done Linux memory forensics, you know the frustration: without debug symbols that match the exact kernel version, you’re stuck. These symbols aren’t typically installed on production systems and must be sourced from external repositories, which quickly become outdated when systems receive updates. If you’ve ever tried to analyze a memory dump only to discover that no one has published symbols for that specific kernel build, you know the frustration. Today, we’re open-sourcing mquire, a tool that eliminates this dependency entirely. mquire analyzes Linux memory dumps without requiring any external debug information. It works by extracting everything it needs directly from the memory dump itself. This means you can analyze unknown kernels, custom builds, or any Linux distribut…  ( 4 min )

  • Open

    Azure Fabric Backdoor With A Twist
    Azure Fabric Backdoor With A Twist  ( 15 min )
    State of the Art of Private Key Security in Blockchain Ops - 4. Approvals and Policies
    State of the Art of Private Key Security in Blockchain Ops - 4. Approvals and Policies  ( 13 min )

  • Open

    Windows 10 Enterprise LTSB 2016 end of support: activate Extended Security Updates (ESU)
    Windows 10 Enterprise LTSB 2016 reaches end of support (EOS) on October 13, 2026, after which Microsoft will stop delivering security updates, bug fixes, and technical support. Organizations that cannot migrate to a newer release by that date can purchase Extended Security Updates (ESU), a paid program that provides critical security patches for up to three years. ESU licenses for LTSB 2016 will be sold through Volume Licensing or a Cloud Solution Provider (CSP) starting in Q2 2026. Activation is performed using a Multiple Activation Key (MAK) and the slmgr.vbs command-line tool. Source

  • Open

    Samsung Tizen OS | Version Through 9.0
    Bishop Fox identified a low-risk command injection flaw in Samsung Tizen OS (through 9.0) that allows OS-level code execution on smart TVs with developer mode enabled. Exploitation requires local access and the configured developer IP. Organizations should disable developer mode or use kiosk mode.  ( 10 min )

  • Open

    EV batteries as grid infrastructure and the security risk that follows
    TL;DR  Introduction   I’m a huge fan of micro generation and domestic power storage batteries. However, as we dash for net zero, one of the ways to balance the grid is to capitalise on EV batteries and their large capacity to store power.  BUT  To take advantage of their capacity, we need bidirectional EV chargers and vehicles […] The post EV batteries as grid infrastructure and the security risk that follows  appeared first on Pen Test Partners.  ( 7 min )

  • Open

    The four threats to the OpenAI bubble
    OpenAI, once the undisputed leader of the generative AI boom, is now caught in a convergence of technical, competitive, financial, and trust crises that threaten its long-term survival. This is a shortened version of my article, the OpenAI Bubble. Source
    Real-time data ingestion with Microsoft Sentinel’s Codeless Connector Framework (CCF) Push
    Microsoft Sentinel is Azure's cloud-native SIEM (Security Information and Event Management) and SOAR (Security Orchestration, Automated Response) platform. The Codeless Connector Framework (CCF) — formerly known as the Codeless Connector Platform — is the mechanism that enables partners, customers, and developers to build data connectors without writing infrastructure code. The newly public-preview CCF Push feature extends this framework with an event-driven ingestion pattern that sends security data directly to Sentinel as events occur, bypassing the latency inherent in traditional polling. This article explains what CCF Push is, how it differs from pull connectors, which Azure resources it automatically provisions, and how you configure an application to push data using the Log Ingestion API and OAuth 2.0. Source

  • Open

    A Look at RTEMS Security
    No content preview  ( 7 min )

  • Open

    When Guardrails Aren't Enough: Reinventing Agentic AI Security With Architectural Controls
    David Brauchler III delivers a fascinating Black Hat talk on the root cause of AI-based vulnerabilities and why security architecture is the real solution.  ( 7 min )

  • Open

    MCP Bridge Upgrade
    MCP Bridge Upgrade  ( 7 min )
    Black Hole of Trust: SEO Poisoning in Silver Fox’s Space Odyssey
    Black Hole of Trust: SEO Poisoning in Silver Fox’s Space Odyssey  ( 7 min )

  • Open

    State of the Art of Private Key Security in Blockchain Ops - 3. Private Key Storage and Signing Module
    State of the Art of Private Key Security in Blockchain Ops - 3. Private Key Storage and Signing Module  ( 12 min )

  • Open

    The Symbols of Operation
    The Symbols of Operation code data confusion ada lovelace  ( 6 min )

  • Open

    Public Report: AWS EKS Security Claims
    Public Report: AWS EKS Security Claims  ( 7 min )

  • Open

    Public Report: Google Private AI Compute Review
    Public Report: Google Private AI Compute Review  ( 7 min )

  • Open

    State of the Art of Private Key Security in Blockchain Ops - 2. Common Custody Solutions Architectures
    State of the Art of Private Key Security in Blockchain Ops - 2. Common Custody Solutions Architectures  ( 12 min )
    Legacy Technology in Transport: More Than “Old Tech”
    Legacy Technology in Transport: More Than “Old Tech”  ( 7 min )

  • Open

    Rapid Breach: Social Engineering to Remote Access in 300 Seconds
    No content preview  ( 14 min )
    State of the Art of Private Key Security in Blockchain Ops - 1. Concepts, Types of Wallets and Signing Strategies
    Concepts, Types of Wallets and Signing Strategies  ( 12 min )
    Bridging the Valley of Death
    Bridging the Valley of Death: How Assurance Takes Us from Proof of Concept to Minimum Viable Product  ( 7 min )
    Goal-Based Regulation
    Goal-Based Regulation  ( 7 min )
    Unmasking Techno Sophists
    Unmasking Techno Sophists  ( 6 min )
    Public Report: VetKeys Cryptography Review
    Public Report: VetKeys Cryptography Review  ( 7 min )
    Your point of departure for forensic readiness
    Your point of departure for forensic readiness - Digital Forensics Incident Response  ( 10 min )

  • Open

    Euro 7 Anti-tampering and the Expanding Cybersecurity Landscape
    Euro 7, Anti-tampering, and the Expanding Cybersecurity Landscape  ( 6 min )

  • Open

    Understanding the Impact of Ransomware on Patient Outcomes – Do We Know Enough?
    Discover how ransomware affects patient care, with insights from NCC Group on clinical vulnerabilities and sector trends.  ( 16 min )
    Android-KillPermAndSigChecks
    No content preview  ( 6 min )
    BlackBerry PlayBook Security – Part One
    No content preview  ( 7 min )
    Drupal Vulnerability
    No content preview  ( 8 min )
    Automated enumeration of email filtering solutions
    No content preview  ( 6 min )
    Pairing over BLS12-381, Part 3: Pairing!
    No content preview  ( 13 min )
    Java Web Start File Inclusion via System Properties Override
    This article details a vulnerability in Java Web Start that allows file inclusion through manipulated system properties.  ( 10 min )
    Scenester – A Small Tool for Cross-Platform Web Application
    No content preview  ( 7 min )
    Tool Release – Ghostrings
    No content preview  ( 9 min )
    Tool: WStalker – an easy proxy to support Web API assessments
    No content preview  ( 8 min )
    Technical Advisory – Jitsi Meet Electron – Arbitrary Client Remote Code Execution (CVE-2020-27162)
    No content preview  ( 9 min )
    Tool Release: Blackbox iOS App Analysis with Introspy
    No content preview  ( 7 min )
    Passive Decryption of Ethereum Peer-to-Peer Traffic
    No content preview  ( 10 min )
    Hackproofing Lotus Domino Web Server
    Hackproofing Lotus Domino Web Server  ( 6 min )
    A Survey of Istio’s Network Security Features
    No content preview  ( 24 min )
    Time Trial: Racing Towards Practical Remote Timing Attacks
    No content preview  ( 6 min )
    Technical Advisory – Citrix Access Gateway Command Injection Vulnerability
    Explore how a command injection flaw in Citrix Access Gateway could allow attackers to execute arbitrary system commands.  ( 9 min )
    Principal Mapper (pmapper)
    No content preview  ( 7 min )
    Virtual Access Monitor Multiple SQL Injection Vulnerabilities
    No content preview  ( 6 min )
    General Data Protection Regulation: Knowing your data
    No content preview  ( 7 min )
    Work daily with enforced MFA-protected API access
    No content preview  ( 9 min )
    General Data Protection Regulation – are you ready?
    No content preview  ( 7 min )
    SnapMC skips ransomware, steals data
    No content preview  ( 10 min )
    IP-reputation-snort-rule-generator
    No content preview  ( 6 min )
    IAM user management strategy
    No content preview  ( 9 min )
    Research Blog Test Playground
    No content preview  ( 6 min )
    Public Report – BLST Cryptographic Implementation Review
    No content preview  ( 7 min )
    iOS User Enrollment and Trusted Certificates
    No content preview  ( 11 min )
    Internet of Things Security
    No content preview  ( 7 min )
    In-depth analysis of the new Team9 malware family
    No content preview
    North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
    No content preview  ( 11 min )
    Autochrome
    No content preview  ( 7 min )
    Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group
    No content preview  ( 11 min )
    Improving Software Security through C Language Standards
    No content preview
    MeshyJSON: A TP-Link tdpServer JSON Stack Overflow
    No content preview  ( 30 min )
    How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension
    No content preview  ( 8 min )
    Crave the Data: Statistics from 1,300 Phishing Campaigns
    No content preview
    Conference Talks – March 2022
    No content preview
    Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable
    No content preview
    Technical Advisory – DelTek Vision – Arbitrary SQL Execution (SQLi)
    No content preview
    iSEC Completes TrueCrypt Audit
    No content preview
    LDAPFragger: Bypassing network restrictions using LDAP attributes
    Discover how LDAPFragger uses LDAP attributes to evade network restrictions and exfiltrate data covertly.  ( 15 min )
    Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses
    No content preview
    ISM RAT
    No content preview  ( 11 min )
    The Mobile Application Hacker’s Handbook
    No content preview  ( 6 min )
    Introducing Chuckle and the Importance of SMB Signing
    No content preview  ( 8 min )
    Advanced SQL Injection in SQL Server Applications
    Advanced SQL Injection in SQL Server Applications  ( 6 min )
    IAM user management strategy (part 2)
    No content preview  ( 10 min )
    Cisco ASA series part four: dlmalloc-2.8.x, libdlmalloc, & dlmalloc on Cisco ASA
    No content preview
    Conference Talks – December 2020
    No content preview
    Visualising Firewall Rulesets – Simplifying Firewall Administration and Spotting the Pivot Point
    No content preview
    Xendbg: A Full-Featured Debugger for the Xen Hypervisor
    No content preview
    Writing Secure ASP Scripts
    No content preview
    Whatsupgold Premium Directory traversal
    No content preview
    What the HEC? Security implications of HDMI Ethernet Channel and other related protocols
    No content preview
    whitebox
    No content preview
    Java RMI Registry.bind() Unvalidated Deserialization
    No content preview  ( 6 min )
    Hacking the Extensible Firmware Interface
    No content preview  ( 7 min )
    Premium Practical Law Content Gateway(2)
    No content preview  ( 6 min )
    Technical Advisory: Multiple Vulnerabilities in Kyocera Printers
    No content preview  ( 12 min )
    Modelling Threat Actor Phishing Behaviour
    No content preview  ( 7 min )
    Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches
    No content preview  ( 19 min )
    Tool Release: PeachFarmer
    No content preview
    Tool Release: A Simple DLL Injection Utility
    No content preview
    Whitepaper – Practical Attacks on Machine Learning Systems
    No content preview
    Tool Release – JWT-Reauth
    No content preview
    Tool Release – ScoutSuite 5.9.0
    No content preview
    The L4m3ne55 of Passw0rds: Notes from the field
    No content preview
    The Paillier Cryptosystem with Applications to Threshold ECDSA
    No content preview
    Technical Advisory: Shell Injection in SourceTree
    No content preview
    Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)
    No content preview
    Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Accellion File Transfer Appliance
    No content preview
    Symantec Backup Exec 2012 – Linux Backup Agent Heap Overflow
    No content preview  ( 7 min )
    Research Insights Volume 9 – Modern Security Vulnerability Discovery
    No content preview
    Symantec Message Filter Unauthenticated verbose software version information disclosure
    No content preview
    Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator (for example)
    No content preview
    Security First Umbrella
    No content preview
    Sharkbot is back in Google Play
    No content preview
    Spy-Pi: Do you trust your laptop docking stations?
    No content preview
    Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)
    No content preview
    Use of Deserialisation in .NET Framework Methods and Classes
    No content preview  ( 7 min )
    log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228
    A practical approach to neutralizing Log4j’s JNDI vulnerability without upgrading the entire library.  ( 12 min )
    WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group
    No content preview  ( 20 min )
    Public Report – Matrix Olm Cryptographic Review
    No content preview  ( 7 min )
    Tool Release – Web3 Decoder Burp Suite Extension
    No content preview  ( 9 min )
    NCC Group Research at Black Hat USA 2022 and DEF CON 30
    No content preview
    Nerve
    No content preview
    POC2021 – Pwning the Windows 10 Kernel with NTFS and WNF Slides
    No content preview
    Technical Advisory: CyberArk EPM Non-paged Pool Buffer Overflow
    No content preview  ( 8 min )
    Shocker
    No content preview  ( 6 min )
    Solaris 11 USB Hub Class descriptor kernel stack overflow
    No content preview  ( 8 min )
    WSMap
    No content preview  ( 6 min )
    Vehicle Emissions and Cyber Security
    No content preview  ( 9 min )
    Threat Modelling Cloud Platform Services by Example: Google Cloud Storage
    No content preview  ( 19 min )
    Lending a hand to the community – Covenant v0.7 Updates
    No content preview
    Memory Gap
    No content preview
    Multiple Buffer Overflows Discovered in AFFLIB
    No content preview
    LibAVCodec AMV Out of Array Write
    No content preview
    McAfee Email and Web Security Appliance Active session tokens of other users are disclosed within the UI
    No content preview
    McAfee Email and Web Security Appliance Arbitrary file download is possible with a crafted URL, when logged in as any user
    No content preview
    Microsoft Zero-Day Vulnerability – OLE2Link – Threat Intelligence and Signatures
    No content preview
    libtalloc: A GDB plugin for analysing the talloc heap
    No content preview
    Analysis of setting cookies for third party websites in different browsers
    No content preview  ( 10 min )
    Writing FreeBSD Kernel Modules in Rust
    No content preview  ( 16 min )
    Introduction to AWS Attribute-Based Access Control
    No content preview  ( 17 min )
    Threats and vulnerabilities within the Maritime and shipping sectors
    No content preview  ( 6 min )
    Comparing AI Against Traditional Static Analysis Tools to Highlight Buffer Overflows
    No content preview  ( 12 min )
    Understanding the insider threat & how to mitigate it
    No content preview  ( 7 min )
    Tool Release: You’ll Never (Ever) Take Me Alive!
    No content preview  ( 7 min )
    Image IO Memory Corruption
    No content preview  ( 6 min )
    Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails
    No content preview  ( 10 min )
    Windows IPC Fuzzing Tools
    No content preview  ( 6 min )
    Public Report – Android Cloud Backup/Restore
    No content preview  ( 7 min )
    Flash local-with-filesystem Bypass in navigateToURL
    No content preview  ( 6 min )
    ncccodenavi
    No content preview  ( 7 min )
    Premium Content Gateway
    No content preview  ( 6 min )
    Public Report – Caliptra Security Assessment
    No content preview  ( 8 min )
    Network Attached Security: Attacking a Synology NAS
    No content preview  ( 7 min )
    Technical Advisory – Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969)
    No content preview  ( 9 min )
    CVE-2018-8611 Exploiting Windows KTM Part 1/5 – Introduction
    Explore the introduction to exploiting CVE-2018-8611 in Windows Kernel Transaction Manager (KTM) with NCC Group’s expert analysis.  ( 23 min )
    Tool Release – HTTPSignatures: A Burp Suite Extension Implementing HTTP Signatures
    No content preview  ( 12 min )
    An Introduction to Authenticated Encryption
    No content preview  ( 6 min )
    Technical Advisory: Multiple Vulnerabilities in TCPDF
    No content preview  ( 12 min )
    iSEC Engages in TrueCrypt Audit
    No content preview  ( 7 min )
    How we breach network infrastructures and protect them
    No content preview  ( 6 min )
    Conference Talks – March 2020
    No content preview  ( 9 min )
    SysAid Helpdesk stored XSS
    No content preview  ( 6 min )
    Public Report – Google Enterprise API Security Assessment
    No content preview  ( 7 min )
    USB Undermining Security Barriers:further adventures with USB
    No content preview  ( 6 min )
    Impersonating Gamers With GPT-2
    No content preview  ( 19 min )
    Advisory-CraigSBlackie-CVE-2016-9795
    No content preview
    Compromising a Hospital Network for £118 (Plus Postage & Packaging)
    This post reveals how a simulated attack demonstrated the ease of breaching hospital systems using basic resources.  ( 13 min )
    Analyzing Secure AI Design Principles
    No content preview  ( 17 min )
    Introduction to Anti-Fuzzing: A Defence in Depth Aid
    Learn how anti-fuzzing techniques enhance defence-in-depth strategies and protect applications from fuzzing-based vulnerabilities.  ( 13 min )
    Public Report - VeChainThor Galactica Security Assessment
    No content preview  ( 6 min )
    ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks
    No content preview  ( 7 min )
    Research Insights Volume 8 – Hardware Design: FPGA Security Risks
    No content preview  ( 7 min )
    Remote code execution in ImpressPages CMS
    Explore the remote code execution flaw in ImpressPages CMS and learn best practices for vulnerability remediation.  ( 7 min )
    Webinar: SMACK, SKIP-TLS & FREAK SSL/TLS vulnerabilities
    No content preview  ( 6 min )
    White Paper: Cryptopocalypse Reference Paper
    No content preview  ( 7 min )
    Quantum Data Centre of the Future
    No content preview  ( 10 min )
    Research Paper – Recovering deleted data from the Windows registry
    Learn how forensic techniques can recover deleted entries from the Windows Registry for investigation and analysis.  ( 7 min )
    My Hash is My Passport: Understanding Web and Mobile Authentication
    No content preview  ( 7 min )
    Nessus Authenticated Scan – Local Privilege Escalation
    No content preview  ( 6 min )
    Manifest Explorer
    No content preview  ( 7 min )
    Cleaning Up After Cookies
    No content preview  ( 6 min )
    Announcing NCC Group’s Cryptopals Guided Tour!
    No content preview  ( 10 min )
    Tool Release: SSL pinning bypass and other Android tools
    No content preview  ( 7 min )
    Demystifying Multivariate Cryptography
    Discover how multivariate cryptography fits into the future of secure communications and what makes it unique among quantum-safe algorithms.  ( 21 min )
    Cross-Execute Your Linux Binaries, Don’t Cross-Compile Them
    No content preview  ( 11 min )
    SMB hash hijacking & user tracking in MS Outlook
    Understand the mechanics behind SMB hash hijacking and user tracking in MS Outlook. Our advisory covers attack vectors, testing methods, and fixes.  ( 12 min )
    Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks
    No content preview  ( 10 min )
    Rustproofing Linux (Part 1/4 Leaking Addresses)
    No content preview  ( 14 min )
    Threat Spotlight – Hydra
    No content preview  ( 12 min )
    Use and enforce Multi-Factor Authentication
    No content preview  ( 9 min )
    Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling (1)
    No content preview  ( 18 min )
    Technical Advisory: Authentication rule bypass
    No content preview  ( 8 min )
    Rust for Security and Correctness in the embedded world
    No content preview  ( 13 min )
    Technical Advisory – OpenOffice.org Multiple Memory Corruption Vulnerabilities
    Discover how attackers could exploit memory handling flaws in OpenOffice.org to compromise system integrity and user safety.  ( 9 min )
    Non-Deterministic Nature of Prompt Injection
    No content preview  ( 9 min )
    Reverse Engineering Coin Hunt World’s Binary Protocol
    No content preview  ( 29 min )
    HITB Phuket 2023 – Exploiting the Lexmark PostScript Stack
    No content preview  ( 7 min )
    In-Depth Technical Analysis of the Bybit Hack
    Explore a detailed breakdown of the Bybit hack, uncovering attack methods, vulnerabilities, and security lessons learned.  ( 15 min )
    iOS MobileSlideShow USB Image Class arbitrary code execution.txt
    No content preview  ( 6 min )
    NCC Group’s 2024 Annual Research Report
    No content preview  ( 7 min )
    Android-SSL-TrustKiller
    No content preview  ( 6 min )
    Symantec Backup Exec 2012 – Backup Exec Utility Stored XSS when adding Groups, Servers and Computers
    No content preview  ( 7 min )
    Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques
    Explore known XML-based attack methods including DTD abuse, schema exploits, and entity expansion vulnerabilities.  ( 7 min )
    Public Report – WhatsApp opaque-ke Cryptographic Implementation Review
    No content preview  ( 7 min )
    Violating Database – Enforced Security Mechanisms
    No content preview  ( 7 min )
    Sakula: an adventure in DLL planting
    No content preview  ( 8 min )
    grepify
    No content preview  ( 6 min )
    Public Report – Kubernetes 1.24 Security Audit
    No content preview  ( 7 min )
    Nagios XI Network Monitor Blind SQL Injection
    Nagios XI Network Monitor is vulnerable to blind SQL injection. Learn the impact, exploitation risks, and mitigation steps.  ( 7 min )
    Lumension Device Control Remote Memory Corruption
    No content preview  ( 6 min )
    The ABCs of NFC chip security
    A technical overview of NFC chip vulnerabilities and protection strategies for secure communication.  ( 15 min )
    New Sources of Microsoft Office Metadata – Tool Release MetadataPlus
    No content preview  ( 11 min )
    Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0
    Learn why CVE-2021-3156 poses a threat to VMware vCenter and how to protect your infrastructure from attacks.  ( 30 min )
    Top of the Pops: Three common ransomware entry techniques
    No content preview  ( 9 min )
    Signaturing an Authenticode anomaly with Yara
    Explore how Yara can detect Authenticode timestamp anomalies in PE files and enhance malware analysis.  ( 10 min )
    A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion
    No content preview  ( 17 min )
    ProxMon
    No content preview  ( 7 min )
    Decoder Improved Burp Suite plugin release part two
    No content preview  ( 9 min )
    Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777)
    No content preview  ( 9 min )
    Retro Gaming Vulnerability Research: Warcraft 2
    No content preview  ( 18 min )
    RIFT: Detection capabilities for recent F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986
    No content preview  ( 11 min )
    Sifting through the spines: identifying (potential) Cactus ransomware victims
    No content preview  ( 12 min )
    A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented
    No content preview  ( 12 min )
    A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM
    No content preview  ( 10 min )
    Turla PNG Dropper is back
    No content preview  ( 11 min )
    From ERMAC to Hook: Investigating the technical differences between two Android malware variants
    No content preview  ( 25 min )
    HTTP to MCP Bridge
    No content preview  ( 10 min )
    Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)
    No content preview  ( 10 min )
    A Brief Review of Bitcoin Locking Scripts and Ordinals
    No content preview  ( 16 min )
    The Extended AWS Security Ramp-Up Guide
    No content preview  ( 13 min )
    Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)
    No content preview  ( 8 min )
    Tool Release – Solitude: A privacy analysis tool
    No content preview  ( 9 min )
    Machine Learning for Static Analysis of Malware – Expansion of Research Scope
    No content preview  ( 17 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 9: Adventures with Expert Systems
    No content preview  ( 13 min )
    Fuzzing RTSP to discover an exploitable vulnerability in VLC
    Discover how fuzzing RTSP streams uncovered vulnerabilities in VLC and advanced secure software development.  ( 11 min )
    Tracking a P2P network related to TA505
    No content preview  ( 15 min )
    Ivanti Zero Day – Threat Actors observed leveraging CVE-2021-42278 and CVE-2021-42287 for quick privilege escalation to Domain Admin
    No content preview  ( 8 min )
    Defeating Windows DEP With A Custom ROP Chain
    No content preview  ( 27 min )
    RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence
    Insights from honeypot research on F5 TMUI RCE vulnerability. Understand attack patterns and steps to strengthen your security posture.  ( 14 min )
    Hardware & Embedded Systems: A little early effort in security can return a huge payoff
    Discover how early-stage security planning in hardware and embedded systems can dramatically reduce attack surfaces.  ( 12 min )
    NSA & CISA Kubernetes Security Guidance – A Critical Review
    No content preview  ( 16 min )
    Unveiling the Dark Side: A Deep Dive into Active Ransomware Families
    No content preview  ( 15 min )
    Adventures in Xen Exploitation
    No content preview
    Live Incident Blog: June Global Ransomware Outbreak
    No content preview  ( 10 min )
    A brief look at Windows telemetry: CIT aka Customer Interaction Tracker
    A brief look at Windows telemetry: CIT aka Customer Interaction Tracker  ( 24 min )
    DataArmor Full Disk Encryption 3.0.12c – Restricted Environment breakout, Privilege Escalation and Full Disk Decryption
    No content preview
    Cisco IPSec VPN Implementation Group Name Enumeration
    No content preview
    Best practices with BYOD
    No content preview
    Black Hat 2013 – Bluetooth Smart Presentation Available
    No content preview
    Attacking the Windows Kernel (Black Hat Las Vegas 2007)
    No content preview
    A Peek Behind the Great Firewall of Russia
    No content preview
    Back Office Web Administration Authentication Bypass
    No content preview
    Apple CoreAnimation Heap Overflow
    No content preview
    A Simple and Practical Approach to Input Validation
    No content preview
    A Guide to Improving Security Through Infrastructure-as-Code
    No content preview
    Blackbox iOS App Assessments Using idb
    No content preview
    Apple QuickTime Player m4a Processing Buffer Overflow
    No content preview
    Abusing Privileged and Unprivileged Linux Containers
    No content preview
    Blind Security Testing – An Evolutionary Approach
    No content preview
    BlackBerry Link WebDav Server Bound to the BlackBerry VPN Adapter
    No content preview
    Apple Mac OS X ImageIO TIFF Integer Overflow
    No content preview
    Advanced Exploitation of Oracle PL/SQL Flaws
    No content preview
    Broadcasting your attack – DAB security
    No content preview
    Best Practices for the use of Static Code Analysis within a Real-World Secure Development Lifecycle
    No content preview
    A jq255 Elliptic Curve Specification, and a Retrospective
    No content preview
    BAT: a Fast and Small Key Encapsulation Mechanism
    No content preview
    AutoRepeater: Automated HTTP Request Repeating With Burp Suite
    No content preview
    Are you oversharing (in Salesforce)? Our new tool could sniff it out!
    No content preview
    Curve9767 and Fast Signature Verification
    No content preview
    Cisco ASA series part seven: Checkheaps
    No content preview
    Apache Struts Vulnerability
    No content preview
    Automating extraction from malware and recent campaign analysis
    No content preview
    Automated Reverse Engineering of Relationships Between Data Structures in C++ Binaries
    No content preview
    Assessing the security and privacy of Vaccine Passports
    No content preview
    CowCloud
    No content preview
    Content Security Policies Best Practices
    No content preview
    Call Map: A Tool for Navigating Call Graphs in Python
    No content preview
    Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign
    No content preview
    Critical Risk Vulnerability in SAP Message Server (Heap Overflow)
    No content preview
    Authorisation
    No content preview
    Android Cloud Backup/Restore
    No content preview
    Cups-filters remote code execution
    No content preview
    Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity
    No content preview
    Android-OpenDebug
    No content preview
    Azucar
    No content preview
    AssetHook
    No content preview
    Apple OSX/iPhone iOS ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow
    No content preview
    An Introduction to Quantum Computing for Security Professionals
    No content preview
    Common Security Issues in Financially-Oriented Web Applications
    No content preview
    Bypassing Oracle DBMS_ASSERT (in certain situations)
    No content preview
    Berserko: Kerberos Authentication for Burp Suite
    No content preview
    cisco-SNMP-enumeration
    No content preview
    Building Intuition for Lattice-Based Signatures – Part 1: Trapdoor Signatures
    No content preview
    Anti Brute Force Resource Metering
    No content preview
    Cyber Essentials Scheme
    No content preview
    Black Hat USA 2015 presentation: Broadcasting your attack-DAB security
    No content preview
    APT15 is Alive and Strong: An Analysis of RoyalCli and RoyalDNS
    No content preview
    CVE-2017-8570 RTF and the Sisfader RAT
    No content preview
    Compromising Apache Tomcat via JMX access
    No content preview
    Breaking Pedersen Hashes in Practice
    No content preview
    Advice for security decision makers contemplating the value of Antivirus
    No content preview
    Cisco ASA series part one: Intro to the Cisco ASA
    No content preview
    Check out our new Microcorruption challenges!
    No content preview
    Beyond data loss prevention
    No content preview
    Celebrating NCC Con Europe 2018
    No content preview
    Building an RDP Credential Catcher for Threat Intelligence
    No content preview
    Buffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform
    No content preview
    Cyber Security of New Space Paper
    No content preview
    Breaking into Security Research at NCC Group
    No content preview
    Assuring Your DDoS Defences
    No content preview
    Critical Risk Vulnerability in Ingres (Pointer Overwrite 2)
    No content preview
    creep-web-app-scanner
    No content preview
    C Language Standards Update – Zero-size Reallocations are Undefined Behavior
    No content preview
    Creating a Safer OAuth User Experience
    No content preview
    Conference Talks – November 2020
    No content preview
    Climbing Mount Everest: Black-Byte Bytes Back?
    No content preview
    CertPortal: Building Self-Service Secure S/MIME Provisioning Portal
    No content preview
    D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow
    No content preview
    Conference Talks – November 2021
    No content preview
    Conference Talks – June 2022
    No content preview
    Command Injection in XML Signatures and Encryption
    No content preview
    Cisco VPN Client Privilege Escalation
    No content preview
    Bypassing Android’s Network Security Configuration
    No content preview
    Batten down the hatches: Cyber threats facing DP operations
    No content preview
    Archived Technical Advisories
    No content preview
    Conference Talks – October 2021
    No content preview
    Building WiMap the Wi-Fi Mapping Drone
    No content preview
    ASP.NET Security and the Importance of KB2698981 in Cloud Environments Threat Brief
    No content preview
    Data-mining with SQL Injection and Inference
    No content preview
    Critical Risk Vulnerability in SAP DB Web Server (Stack Overflow)
    No content preview
    Conti-nuation: methods and techniques observed in operations post the leaks
    No content preview
    AWS environment security assessment with Scout2
    No content preview
    Conference Talks – September 2020
    No content preview
    ASP.NET Security and the Importance of KB2698981 in Cloud Environments
    No content preview
    Announcing NCC Group’s Cryptopals Guided Tour: Set 2
    No content preview
    Adversarial Machine Learning: Approaches & defences
    No content preview
    Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha-Based PRNG
    No content preview
    Cracking RDP NLA Supplied Credentials for Threat Intelligence
    No content preview
    Build Your Own Wi-Fi Mapping Drone Capability
    No content preview
    D-Link routers vulnerable to Remote Code Execution (RCE)
    No content preview
    Cracking Random Number Generators using Machine Learning – Part 2: Mersenne Twister
    No content preview
    Cisco ASA series part six: Cisco ASA mempools
    No content preview
    Business Insights: Cyber Security in the Financial Sector
    No content preview
    CMakerer: A small tool to aid CLion’s indexing
    No content preview
    CloudWatch: Amazon Web Services & Shellshock
    No content preview
    Black Hat 2013 – Cryptopocalypse Presentation Available
    No content preview
    Cracking Random Number Generators using Machine Learning – Part 1: xorshift128
    No content preview
    Conference Talks – September/October 2022
    No content preview
    Cisco ASA series part two: Static analysis & datamining of Cisco ASA firmware
    No content preview
    Application Layer Attacks – The New DDoS Battleground
    No content preview
    Deception Engineering: exploring the use of Windows Installer Packages against first stage payloads
    No content preview
    DDoS Common Approaches and Failings
    No content preview
    Assessing Unikernel Security
    No content preview
    Code Patterns for API Authorization: Designing for Security
    No content preview
    Blind Return Oriented Programming
    No content preview
    BlackBerry PlayBook Security – Part Two – BlackBerry Bridge
    No content preview
    Conference Talks – June 2021
    No content preview
    BlackHat Asia USB Physical Access
    No content preview
    AtHoc Toolbar
    No content preview
    dotnetpaddingoracle
    No content preview
    Do not use your AWS root account
    No content preview
    Demystifying Cobalt Strike’s “make_token” Command
    No content preview
    Abusing Blu-ray Players Part 1 – Sandbox Escapes
    No content preview
    DARPA OnStar Vulnerability Analysis
    No content preview
    Cloud Security Presentation
    No content preview
    Cisco ASA series part five: libptmalloc gdb plugin
    No content preview
    eBook: Breach notification under GDPR – How to communicate a personal data breach
    No content preview
    Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server
    No content preview
    Attacks on SSL
    No content preview
    ASE 12.5.1 datatype overflow
    No content preview
    Detecting anomalous Vectored Exception Handlers on Windows
    No content preview
    Cyber Security in UK Agriculture
    No content preview
    Conference Talks – May 2021
    No content preview
    DECTbeacon
    No content preview
    Dangling Cursor Snarfing: A New Class of Attack in Oracle
    No content preview
    Conference Talks – October 2020
    No content preview
    CyberVillainsCA
    No content preview
    CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation
    No content preview
    Cross Site Request Forgery: An Introduction to a Common Web Application Weakness
    No content preview
    Common Insecure Practices with Configuring and Extending Salesforce
    No content preview
    Browser Extension Password Managers
    No content preview
    Cranim: A Toolkit for Cryptographic Visualization
    No content preview
    Black Hat Europe 2013 Andy Davis: To dock or not to dock…
    No content preview
    Creating Arbitrary Shellcode In Unicode Expanded Strings
    No content preview
    CECSTeR
    No content preview
    Building Intuition for Lattice-Based Signatures – Part 2: Fiat-Shamir with Aborts
    No content preview
    eBook – Do you know how your organisation would react in a real-world attack scenario?
    No content preview
    Database Security: A Christmas Carol
    No content preview
    Analysing a recent Poison Ivy sample
    No content preview
    Eurocrypt 2023: Death of a KEM
    No content preview
    Decoder Improved Burp Suite plugin release part one
    No content preview
    Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit
    No content preview
    End-of-life pragmatism
    No content preview
    Demystifying AWS’ AssumeRole and sts:ExternalId
    No content preview
    Public Report – AWS Nitro System API & Security Claims Italian
    No content preview  ( 7 min )
    The Browser Hacker’s Handbook
    No content preview  ( 6 min )
    My name is Matt – My voice is my password
    No content preview  ( 7 min )
    NCC Group’s Jeremy Boone recognized for Highest Quality and Most Eligible Reports through the Intel Circuit Breaker program
    No content preview  ( 7 min )
    Technical Advisory: Multiple Vulnerabilities in Brother Printers
    No content preview  ( 9 min )
    Developing Secure Mobile Applications for Android
    No content preview  ( 6 min )
    Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions 2013
    No content preview  ( 7 min )
    Technical Advisory – Linksys WRT160NL – Authenticated Remote Buffer Overflow (CVE-2020-26561)
    No content preview  ( 7 min )
    CERT Oracle Secure Coding Standard for Java
    No content preview  ( 6 min )
    Public Report – Zcash FROST Security Assessment
    No content preview  ( 6 min )
    osquery Application Security Assessment Public Report
    No content preview  ( 6 min )
    Applying normalised compression distance for architecture classification
    No content preview  ( 7 min )
    The disadvantages of a blacklist-based approach to input validation
    No content preview  ( 7 min )
    SecureCookies
    No content preview  ( 6 min )
    The CIS Security Standard for Docker available now
    No content preview  ( 8 min )
    Welcome to the new NCC Group Global Research blog
    No content preview  ( 6 min )
    Nagios XI Network Monitor – OS Command Injection
    No content preview  ( 7 min )
    Grepify – a Small Tool for Code Reviewers
    No content preview  ( 7 min )
    Tool Release: SSLyze v 0.9 released – Heartbleed edition
    No content preview  ( 7 min )
    The why behind web application penetration test prerequisites
    NCC Group explains why pen test prerequisites are essential for accurate, efficient, and secure web application assessments.  ( 7 min )
    Tool Release: iOS Secure State Preservation
    No content preview  ( 7 min )
    Technical Advisory: Gaining root access on Sumpple S610 IP Camera via Telnet; and Unprotected client and server data transmission between Android and IOS clients
    No content preview  ( 9 min )
    SOC maturity & capability
    No content preview  ( 7 min )
    Intent Fuzzer
    No content preview  ( 7 min )
    Freddy: An extension for automatically identifying deserialisation issues in Java and .NET applications
    No content preview  ( 7 min )
    Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT 2000 XP
    No content preview  ( 6 min )
    Public Report – go-cose Security Assessment
    No content preview  ( 7 min )
    The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, 2nd Edition
    No content preview  ( 7 min )
    Low Cost Attacks on Smart Cards – The Electromagnetic Side-Channel
    No content preview  ( 7 min )
    Securing the continuous integration process
    No content preview  ( 7 min )
    Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery
    No content preview  ( 8 min )
    E-mail Spoofing and CDONTS.NEWMAIL
    E-mail Spoofing and CDONTS.NEWMAIL  ( 7 min )
    Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)
    No content preview  ( 8 min )
    Payment Card Industry Data Security Standard (PCI DSS) A Navigation and Explanation of Changes from v2.0 to v3.0
    No content preview  ( 6 min )
    Symantec Message Filter Session Hijacking via session
    No content preview  ( 6 min )
    Slotting Security into Corporate Development
    No content preview  ( 7 min )
    Forensic Readiness in Container Environments
    No content preview  ( 10 min )
    Public Report – Solana Program Library ZK-Token Security Assessment
    No content preview  ( 7 min )
    Public Report – Keyfork Implementation Review
    No content preview  ( 7 min )
    They Ought to Know Better: Exploiting Security Gateways via their Web Interfaces
    No content preview  ( 6 min )
    Technical Advisory – KwikTag Web Admin Authentication Bypass
    No content preview  ( 8 min )
    SysPWN – VR for Pwn2Own
    No content preview  ( 7 min )
    Oracle 11g TNS listener remote Invalid Pointer Read
    No content preview  ( 6 min )
    Chainspotting 2: The Unofficial Sequel to the 2018 Talk "Chainspotting" - OffensiveCon 2025
    No content preview  ( 7 min )
    Secure Application Development on Facebook
    No content preview  ( 6 min )
    From CSV to CMD to qwerty
    No content preview  ( 11 min )
    Writing Exploits for Win32 Systems from Scratch
    No content preview  ( 54 min )
    Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)
    Learn about multiple CVEs affecting Nuki Smart Locks and how to mitigate security risks for connected home devices.  ( 21 min )
    LTair:  The LTE Air Interface Tool
    No content preview  ( 11 min )
    WebLogic Plugin HTTP Injection via Encoded URLs
    This technical advisory details how encoded URLs can be used to inject malicious HTTP headers in Oracle WebLogic Plug-in environments.  ( 12 min )
    The Sorry State of Aftermarket Head Unit Security
    No content preview  ( 16 min )
    Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads
    No content preview  ( 12 min )
    The Challenges of Fuzzing 5G Protocols
    No content preview  ( 16 min )
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Arbitrary File Deletion
    No content preview  ( 10 min )
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 8: Development of Prototype #4 – Building on Takaesu’s Approach with Focus on XSS
    No content preview  ( 10 min )
    Avoiding Pitfalls Developing with Electron
    No content preview  ( 11 min )
    Public Report - Google Confidential Space Security Assessment
    No content preview
    Zcash Cryptography and Code Review
    No content preview
    Mallory: Transparent TCP and UDP Proxy
    No content preview
    GSM/GPRS Traffic Interception for Penetration Testing Engagements
    No content preview
    CERT C Secure Coding Standard
    No content preview
    TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
    No content preview
    Third party assurance
    No content preview
    WSSiP: A Websocket Manipulation Proxy
    No content preview
    5 MCP Security Tips
    No content preview
    Symantec Messaging Gateway SSH with backdoor user account + privilege escalation to root due to very old Kernel
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)
    No content preview
    Xen SMEP (and SMAP) Bypass
    No content preview
    NCC Group’s Exploit Development Capability: Why and What
    No content preview
    Technical Advisory: Nexpose Hard‐coded Java Key Store Passphrase Allows Decryption of Stored Credentials
    No content preview
    VMware Workstation Guest-to-Host Escape Exploit Development
    No content preview
    Conference Talks – December 2021
    No content preview
    Public Report – VPN by Google One: Technical Security & Privacy Assessment
    No content preview
    Multiple Shell Metacharacter Injections in AFFLIB
    No content preview
    Tool Release – Collaborator++
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Nagios XI
    No content preview
    Weak Passwords Led to (SafePay) Ransomware…Yet Again
    No content preview
    Thin Clients: Slim Security
    No content preview
    Tor Browser Research Report Released
    No content preview
    Testing Two-Factor Authentication
    No content preview
    Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats
    No content preview
    WebSense content filter bypass when deployed in conjunction with Cisco filtering devices
    No content preview
    Public Report – Lantern and Replica Security Assessment
    No content preview
    Technical Advisory: Bypassing Workflows Protection Mechanisms – Remote Code Execution on SharePoint
    No content preview
    Constant-Time Data Processing At a Secret Offset, Privacy and QUIC
    No content preview
    The Pentesters Guide to Akamai
    No content preview
    Tool Release – ScoutSuite 5.12.0
    No content preview
    Cisco ASA series part three: Debugging Cisco ASA firmware
    No content preview
    SQL Server Security
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 4/5 – From race win to kernel read and write primitive
    No content preview
    Blind Exploitation of Stack Overflow Vulnerabilities
    No content preview
    Public Report: WhatsApp Contacts Security Assessment
    No content preview
    Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage
    No content preview
    Technical Advisory – HTC IQRD Android Permission Leakage
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 3/5 – Triggering the race condition and debugging tricks
    No content preview
    Technical Advisory: Xiaomi 13 Pro Code Execution via GetApps DOM Cross-Site Scripting (XSS)
    No content preview
    Detecting and Hunting for the Malicious NetFilter Driver
    No content preview
    Shaking The Foundation of An Online Collaboration Tool: Microsoft 365 Top 5 Attacks vs the CIS Microsoft 365 Foundation Benchmark
    No content preview
    Multiple Vulnerabilities in MailEnable
    No content preview
    The Dark Side: How Threat Actors Leverage AnyDesk for Malicious Activities
    No content preview
    PMKID Attacks: Debunking the 802.11r Myth
    No content preview
    Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)
    No content preview
    Zulu
    No content preview
    FPGAs: Security Through Obscurity?
    No content preview
    Auditing K3s Clusters
    No content preview
    Oracle Forensics Part 1: Dissecting the Redo Logs
    No content preview
    Supply Chain Security Begins with Secure Software Development
    No content preview
    There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities
    No content preview
    Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)
    No content preview
    Post-exploiting a compromised etcd – Full control over the cluster and its nodes
    No content preview
    Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup
    No content preview
    earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis scripts
    No content preview
    iOS Application Security: The Definitive Guide for Hackers and Developers
    No content preview
    Stopping Automated Attack Tools
    No content preview
    VoIP Security Methodology and Results
    No content preview
    Secure Coding Rules for Java LiveLessons, Part 1
    No content preview
    Machine Learning 101: The Integrity of Image (Mis)Classification?
    No content preview
    Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory
    No content preview
    Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes
    No content preview
    44Con2013Game
    No content preview
    Tool Update – ruby-trace: A Low-Level Tracer for Ruby
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Ricoh Printers
    No content preview
    Real World Cryptography Conference 2023 – Part I
    No content preview
    Technical Advisory: Unauthenticated SQL Injection in Lansweeper
    No content preview
    Tis the Season to Be…
    No content preview
    U plug, we play
    No content preview
    White Paper: An Introduction to Authenticated Encryption
    No content preview
    Technical Advisory: Espressif Systems - ESP32 BluFi Reference Application Vulnerabilities
    No content preview
    Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review
    No content preview
    Public Report – Qredo Apache Milagro MPC Cryptographic Assessment
    No content preview
    SecureBigIP
    No content preview
    AWS Inventory: A tool for mapping AWS resources
    No content preview
    Public Report – Aleo snarkVM Implementation Review
    No content preview
    Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit
    No content preview
    Tool Release – ScoutSuite 5.11.0
    No content preview
    Rise of the Sensors: Securing LoRaWAN Networks
    No content preview
    Local network compromise despite good patching
    No content preview
    The Next C Language Standard (C23)
    No content preview
    On Almost Signing Android Builds
    No content preview
    Username enumeration techniques and their value
    No content preview
    SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)
    No content preview
    Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)
    No content preview
    Public Report – AWS Nitro System API & Security Claims
    No content preview
    Tool – Windows Executable Memory Page Delta Reporter
    No content preview
    Tool Release: Code Query (cq)
    No content preview
    Embedded Device Security Certifications
    No content preview
    Technical Advisory: Cross-Site Scripting in Umbraco Rich Text Display
    No content preview
    Private sector cyber resilience and the role of data diodes
    No content preview
    Python Class Informer: an IDAPython plugin for viewing run-time type information (RTTI)
    No content preview
    Exploiting MS15-061 Use-After-Free Windows Kernel Vulnerability
    No content preview
    Public Report: eBPF Verifier Code Review
    No content preview
    The factoring dead: Preparing for the cryptopocalypse
    No content preview
    Adobe flash sandbox bypass to navigate to local drives
    No content preview
    Handy guide to a new Fivehands ransomware variant
    No content preview
    BrokenPrint: A Netgear stack overflow
    No content preview
    Streamlining Global Automotive Cybersecurity Governance to Accelerate Innovation, Assurance, and Compliance
    No content preview
    Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs
    No content preview
    Blue Coat BCAAA Remote Code Execution Vulnerability
    No content preview
    Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review
    No content preview
    Technical Advisory – Shop app sends pasteboard data to Shopify’s servers
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS
    No content preview
    The Case of Missing File Extensions
    No content preview
    eBPF Adventures: Fiddling with the Linux Kernel and Unix Domain Sockets
    No content preview
    House
    No content preview
    TPM Genie
    No content preview
    Using graph databases to assess the security of thingernets based on the thingabilities and thingertivity of things
    No content preview
    Building Systems from Commercial Components
    No content preview
    Detecting and Protecting when Remote Desktop Protocol (RDP) is open to the Internet
    No content preview
    Unauthenticated XML eXternal Entity (XXE) vulnerability
    No content preview
    An Engineer’s View: Operational Technology
    No content preview
    NCLoader
    No content preview
    Treat your points as cash
    No content preview
    SysAid Helpdesk Pro – Blind SQL Injection
    No content preview
    There’s A Hole In Your SoC: Glitching The MediaTek BootROM
    No content preview
    Disabling Office Macros to Reduce Malware Infections
    No content preview
    Android Malware Vultur Expands Its Wingspan
    No content preview
    Technical Advisory – VMware Tools Multiple Vulnerabilities
    No content preview
    Building Security In: Software Penetration Testing
    No content preview
    A Census of Deployed Pulse Connect Secure (PCS) Versions
    No content preview
    Public Report – AWS Nitro System API & Security Claims Spanish
    No content preview
    Technical Advisory: Reflected Cross-Site Scripting (XSS) vulnerability in Jenkins Delivery Pipeline plugin
    No content preview
    Windows Phone 7 Application Security Survey
    No content preview
    Shining the Light on Black Basta
    No content preview
    Popping Blisters for research: An overview of past payloads and exploring recent developments
    No content preview
    Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite
    No content preview
    Technical Advisory: SMB Hash Hijacking and User Tracking in MS Outlook
    No content preview
    Tattler
    No content preview
    Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise
    No content preview
    Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review
    No content preview
    Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks
    No content preview
    iSEC’s Analysis of Microsoft’s SDL and its ROI
    No content preview
    Social Engineering Penetration Testing
    No content preview
    Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment
    No content preview
    Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures
    No content preview
    Autonomous AI Agents: A hidden Risk in Insecure smolagents “CodeAgent” Usage
    No content preview
    Tool Release – insject: A Linux Namespace Injector
    No content preview
    Past, Present and Future of Effective C
    No content preview
    Technical Advisory: Insufficient Proxyman HelperTool XPC Validation
    No content preview
    Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)
    No content preview
    Tool Release – Socks Over RDP
    No content preview
    HDMI – Hacking Displays Made Interesting
    No content preview
    Trusted Gateway
    No content preview
    Windows 2000 Format String Vulnerabilities
    No content preview
    Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks
    No content preview
    Technical Advisory: Bypassing Microsoft XOML Workflows Protection Mechanisms using Deserialisation of Untrusted Data
    No content preview
    Zcash Overwinter Consensus and Sapling Cryptography Review
    No content preview
    Mallory and Me: Setting up a Mobile Mallory Gateway
    No content preview
    Tool Release – Enumerating Docker Registries with go-pillage-registries
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 2/5 – Patch analysis and basic triggering
    No content preview
    Open Banking: Security considerations & potential risks
    No content preview
    Windows DACL Enum Project
    No content preview
    Analyzing Secure AI Architectures
    No content preview
    Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100
    No content preview
    Tool Release: Cartographer
    No content preview
    Tool Release: Code Credential Scanner (ccs)
    No content preview
    Whitepaper – Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm’s TrustZone
    No content preview
    Proxying PyRIT for fun and profit
    No content preview
    NCC Group’s 2022 & 2023 Research Report
    No content preview
    Research Insights Volume 3 – How are we breaking in: Mobile Security
    No content preview
    The Update Framework (TUF) Security Assessment
    No content preview
    TLSPretense — SSL/TLS Client Testing Framework
    No content preview
    Real World Cryptography Conference 2024
    No content preview
    The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations
    No content preview
    Tool Release: DIBF Tool Suite
    No content preview
    Writing Small Shellcode
    No content preview
    Public Report – VPN by Google One Security Assessment
    No content preview
    Whitepaper – Double Fetch Vulnerabilities in C and C++
    No content preview
    The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems
    No content preview
    Threat Intelligence: Benefits for the Enterprise
    No content preview
    Online Casino Roulette – A guideline for penetration testers and security researchers
    No content preview
    Aurora Response Recommendations
    No content preview
    Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation
    No content preview
    Professional C Programming LiveLessons, (Video Training) Part I: Writing Robust, Secure, Reliable Code
    No content preview
    Adventures in the land of BumbleBee – a new malicious loader
    No content preview
    Inter-Protocol Exploitation
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Lexmark Printers
    No content preview
    Using SharePoint as a Phishing Platform
    No content preview
    Technical Advisory: Unauthenticated Remote Command Execution through Multiple Vulnerabilities in Virgin Media Hub 3.0
    No content preview
    RomHack – Revving Up: The Journey to Pwn2Own Automotive 2024
    No content preview
    Technical Advisory – Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)
    No content preview
    The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses
    No content preview
    Nine years of bugs at NCC Group
    No content preview
    Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin
    No content preview
    Windows 10 USB Mass Storage driver arbitrary code execution in kernel mode
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps
    No content preview
    VeChain JavaScript SDK Cryptography and Security Review
    No content preview
    Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 2: Going off on a Tangent – AI/ML Applications in Social Engineering
    No content preview
    xcavator
    No content preview
    Reverse engineering and decrypting CyberArk vault credential files
    No content preview
    Phishing Stories
    No content preview
    Technical Advisory: Code Execution by Unsafe Resource Handling in Multiple Microsoft Products
    No content preview
    The Development of a Telco Attack Testing Tool
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284)
    No content preview
    Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)
    No content preview
    Trust in the Internet Survey
    No content preview
    The Database Hacker’s Handbook
    No content preview
    Oracle Java Installer Adds a System Path Which is Writable by All
    No content preview
    iSEC reviews SecureDrop
    No content preview
    Tool Release: Magisk Module – Conscrypt Trust User Certs
    No content preview
    Public Report – Security Review of RSA Blind Signatures with Public Metadata
    No content preview
    Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy
    No content preview
    Technical Advisory: Stored and Reflected XSS Vulnerability in Nagios Log Server (CVE-2021-35478,CVE-2021-35479)
    No content preview
    Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments
    No content preview
    Pip3line – The Swiss Army Knife of Byte Manipulation
    No content preview
    Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly
    No content preview
    Toner Deaf – Printing your next persistence (Hexacon 2022)
    No content preview
    Understanding cyber risk management vs uncertainty with confidence in 2017
    No content preview
    Puckungfu 2: Another NETGEAR WAN Command Injection
    No content preview
    Padding the struct: How a compiler optimization can disclose stack memory
    No content preview
    Technical Advisory: Intel Driver Support & Assistance – Local Privilege Escalation
    No content preview
    Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling
    No content preview
    Masquerade: You Downloaded ScreenConnect not Grok AI!
    No content preview
    Oracle E-Business Suite Pre-Auth SQLi with DBA Privileges
    No content preview
    Tool Release – ICPin, an integrity-check and anti-debug detection pintool
    No content preview
    Fix Bounty
    No content preview
    Samsung Galaxy S24 Pwn2Own Ireland 2024
    No content preview
    Multiple Cisco CSS / ACE Client Certificate and HTTP Header
    No content preview
    NCC Group’s Juan Garrido named to Microsoft’s MSRC Office Security Researcher Leaderboard
    No content preview
    Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond
    No content preview
    How Microsoft Office knows a document came from the Internet and might be dangerous
    No content preview
    Technical Advisory – Bomgar Remote Support – Local Privilege Escalation
    No content preview
    Technical Advisory: Mosquitto Broker DoS through a Memory Leak vulnerability
    No content preview
    Trust in the New Internet Survey
    No content preview
    NETGEAR Routers: A Playground for Hackers?
    No content preview
    RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence
    No content preview
    Voice Impersonation and DeepFake Vishing in Realtime
    No content preview
    Potential false redirection of web site content in Internet in SAP NetWeaver web applications
    No content preview
    Jenkins Plugins and Core Technical Summary Advisory
    No content preview
    Technical Advisory – ICTFAX 7-4 – Indirect Object Reference
    No content preview
    Game Security
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 6: Development of Prototype #2 – Creating a SQLi PoC
    No content preview
    Public Report – Penumbra Labs Decaf377 Implementation and Poseidon Parameter Selection Review
    No content preview
    pySimReader
    No content preview
    Remote Exploitation of Microsoft Office DLL Hijacking (MS15-132) via Browsers
    No content preview
    Samba _netr_ServerPasswordSet Expoitability Analysis
    No content preview
    Bit51 Better Security WP Security Plugin – Unauthenticated Stored XSS to RCE
    No content preview
    The Future of C Code Review
    No content preview
    Whitepaper – Project Triforce: Run AFL On Everything (2017)
    No content preview
    Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices
    No content preview
    Technical Advisory – Authenticated SQL Injection in SOAP Request in Broadcom CA Network Flow Analysis (CVE-2021-44050)
    No content preview
    State of DNS Rebinding in 2023
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 5: Development of Prototype #1 – Text Processing and Semantic Relationships
    No content preview
    Public Report – Zcash Zebra Security Assessment
    No content preview
    Symantec PC Anywhere Remote Code Extecution
    No content preview
    Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks
    No content preview
    Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1
    No content preview
    Software Verification and Analysis Using Z3
    No content preview
    10 real-world stories of how we’ve compromised CI/CD pipelines
    No content preview
    44CON Workshop – How to assess and secure iOS apps
    No content preview
    Log4Shell: Reconnaissance and post exploitation network detection
    No content preview
    Paradoxical Compression with Verifiable Delay Functions
    No content preview
    Symantec Messaging Gateway – Authenticated arbritary file download
    No content preview
    Technical Advisory: IP Office Stored Cross Site Scripting (XSS) Vulnerability
    No content preview
    BLEBoy
    No content preview
    Technical Advisory: Adobe ColdFusion RMI Registry.bind() Deserialisation RCE
    No content preview
    Choosing the Right MCU for Your Embedded Device — Desired Security Features of Microcontrollers
    No content preview
    Absolute Security
    No content preview
    RM3 – Curiosities of the wildest banking malware
    No content preview
    Sysinternals SDelete: When Secure Delete Fails
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Arbitrary file download is possible with a crafted URL, when logged in as any user
    No content preview
    Order Details Screens and PII
    No content preview
    Technical Advisory – macOS Installer Local Root Privilege Escalation (CVE-2020-9817)
    No content preview
    The facts about BadUSB
    No content preview
    Violating the Virtual Channel – RDP Testing
    No content preview
    Mining data from Cobalt Strike beacons
    No content preview
    Solaris 11 USB hubclass
    No content preview
    USB under the bonnet: Implications of USB security vulnerabilities in vehicle systems
    No content preview
    Multiple security vulnerabilities in SAP NetWeaver BSP Logon
    No content preview
    Whitepaper – A Tour of Curve 25519 in Erlang
    No content preview
    Salesforce Security with Remote Working
    No content preview
    tcpprox
    No content preview
    RIFT: F5 CVE-2020-5902 and Citrix CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 honeypot data release
    No content preview
    Hacking Appliances: Ironic exploits in security products
    No content preview
    Peeling back the layers on defence in depth…knowing your onions
    No content preview
    Technical Advisory – FUJITSU CentricStor Control Center <= V8.1 – Unauthenticated Command Injection ( CVE-2022-31794 and CVE-2022-31795)
    No content preview
    Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)
    No content preview
    Tool Release: Redirecting traffic with dnsRedir.py
    No content preview
    Conference Talks – January 2020
    No content preview
    Project Triforce: Run AFL on Everything!
    No content preview
    Announcing the Cryptopals Guided Tour Video 17: Padding Oracles!
    No content preview
    The Demise of Signature Based Antivirus
    No content preview
    Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks
    No content preview
    Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)
    No content preview
    Research Insights Volume 2 – Defensive Trends
    No content preview
    Technical advisory: CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers
    No content preview
    Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation
    No content preview
    Tool Release: YoNTMA
    No content preview
    Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures
    No content preview
    Secure Coding in C and C++
    No content preview
    Rise of the machines: Machine Learning & its cyber security applications
    No content preview
    RokRat Analysis
    No content preview
    WebRATS
    No content preview
    Rustproofing Linux (Part 4/4 Shared Memory)
    No content preview
    Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications
    No content preview
    Oracle Gridengine sgepasswd Buffer Overflow
    No content preview
    Preparing for Cyber Battleships – Electronic Chart Display and Information System Security
    No content preview
    Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call
    No content preview
    Tool Release – ScoutSuite 5.10
    No content preview
    Windows USB RNDIS driver kernel pool overflow
    No content preview
    Replicating CVEs with KLEE
    No content preview
    Tool Release: Introducing opinel: Scout2’s favorite tool
    No content preview
    vlan-hopping
    No content preview
    Rustproofing Linux (Part 3/4 Integer Overflows)
    No content preview
    Vulnerabilities Found In Geofencing Apps
    No content preview
    WSBang
    No content preview
    YoNTMA
    No content preview
    Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328, CVE-2022-30329)
    No content preview
    Public Report: XMTP MLS Implementation Review
    No content preview
    Technical advisory: Remote shell commands execution in ttyd
    No content preview
    The Myth of Twelve More Bytes: Security on the Post-Scarcity Internet
    No content preview
    Conference Talks – August 2020
    No content preview
    Tool Release: Sinking U-Boots with Depthcharge
    No content preview
    SmarterMail – Stored XSS in emails
    No content preview
    Microsoft Internet Explorer CMarkup Use-After-Free
    No content preview
    NCC Con Europe 2016
    No content preview
    Squiz CMS File Path Traversal
    No content preview
    Technical advisory: “ROHNP”- key extraction side channel in multiple crypto libraries
    No content preview
    Remote Directory Traversal and File Retrieval
    No content preview
    Security Compliance as an Engineering Discipline
    No content preview
    Testing Infrastructure-as-Code Using Dynamic Tooling
    No content preview
    umap
    No content preview
    Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities
    No content preview
    Research Insights Volume 4 – Sector Focus: Maritime Sector
    No content preview
    Ruxcon 2013 – Introspy Presentation Slides
    No content preview
    Symantec Messaging Gateway Out of band stored XSS delivered by email
    No content preview
    HITBAMS – Your Not so “Home” Office – Soho Hacking at Pwn2Own
    No content preview
    Research Insights Volume 5 – Sector Focus: Automotive
    No content preview
    Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)
    No content preview
    Understanding Ransomware
    No content preview
    ZigTools: An Open Source 802.15.4 Framework
    No content preview
    Technical Advisory: Adobe ColdFusion Object Deserialisation RCE
    No content preview
    Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches
    No content preview
    Tool Release: Exploring SSL Pinning on iOS
    No content preview
    TPM Genie: Interposer Attacks Against the Trusted Platform Module Serial Bus
    No content preview
    Threat Actors: exploiting the pandemic
    No content preview
    Sobelow: Static analysis for the Phoenix Framework
    No content preview
    WindowsJobLock
    No content preview
    Getting Shell with XAMLX Files
    No content preview
    Technical Advisory: Mitel MiVoice 5330e Memory Corruption Flaw
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Session hijacking (and bypassing client-side session timeouts)
    No content preview
    SecureCisco
    No content preview
    The SSL Conservatory
    No content preview
    Nagios XI Network Monitor Stored and Reflected XSS
    No content preview
    Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)
    No content preview
    Mobile World Congress – Mobile Internet of Things
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 4: Architecture and Design
    No content preview
    Social Engineering
    No content preview
    The role of security research in improving cyber security
    No content preview
    Tool Release – ScoutSuite 5.8.0
    No content preview
    How cryptography is used to monitor the spread of COVID-19
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Active session tokens of other users are disclosed within the UI
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040)
    No content preview
    USB attacks need physical access right? Not any more…
    No content preview
    Research Insights Volume 6: Common Issues with Environment Breakouts
    No content preview
    Tool Release – Monkey365
    No content preview
    Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator
    No content preview
    Machine Learning 103: Exploring LLM Code Generation
    No content preview
    Practical SME security on a shoestring
    No content preview
    Ransomware: How vulnerable is your system?
    No content preview
    Logs, Logs, the Audit Trail – Features of a Successful Log Management Solution
    No content preview
    SSLyze v0.8
    No content preview
    Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability
    No content preview
    Tool Release – Principal Mapper v1.1.0 Update
    No content preview
    Microsoft’s SQL Server vs. Oracle’s RDBMS
    No content preview
    NCC Group Research at Black Hat USA 2021 and DEF CON 29
    No content preview
    On Multiplications with Unsaturated Limbs
    No content preview
    Securing PL/SQL Applications with DBMS_ASSERT
    No content preview
    An Adventure in Contingency Debugging: Ruby IO#read/IO#write Considered Harmful
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Password hashes can be recovered from a system backup and easily cracked
    No content preview
    Tales of Windows detection opportunities for an implant framework
    No content preview
    Technical Advisory: Authentication Bypass in libSSH
    No content preview
    Much Ado About Hardware Implants
    No content preview
    New Attack Vectors and a Vulnerability Dissection of MS03-007
    No content preview
    Technical Advisory: Pulse Connect Secure – Arbitrary File Read via Logon Message (CVE-2020-8255)
    No content preview
    Pentesting V. Red Teaming V. Bug Bounty
    No content preview
    Proxy Re-Encryption Protocol: IronCore Public Report
    No content preview
    Tool Release – Socks Over RDP Now Works With Citrix
    No content preview
    Webinar: 4 Secrets to a Robust Incident Response Plan
    No content preview
    Real World Cryptography Conference 2021: A Virtual Experience
    No content preview
    Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns
    No content preview
    Tool Release: Calculating SQL Permissions
    No content preview
    Adobe Acrobat Reader XML Forms Data Format Buffer Overflow
    No content preview
    SecureIE.ActiveX
    No content preview
    Shellshock Advisory
    No content preview
    When a Trusted Site in Internet Explorer was Anything But
    No content preview
    Oracle 11g TNS listener remote Null Pointer Dereference
    No content preview
    Technical Advisory – SonicWall SMA 100 Series – Post-Authentication Remote Command Execution (CVE-2021-20044)
    No content preview
    Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)
    No content preview
    OS X 10.6.6 Camera Raw Library Memory Corruption
    No content preview
    Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)
    No content preview
    Windows Firewall Hook Enumeration
    No content preview
    Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass
    No content preview
    SysAid Helpdesk blind SQL injection
    No content preview
    The Automotive Threat Modeling Template
    No content preview
    Accessing Private Fields Outside of Classes in Java
    No content preview
    More Advanced SQL Injection
    No content preview
    Securing Teradata Database
    No content preview
    Software Security Austerity Security Debt in Modern Software Development
    No content preview
    Technical Advisory: Multiple Vulnerabilities in HP Printers
    No content preview
    Smuggling HTA files in Internet Explorer/Edge
    No content preview
    Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in
    No content preview
    Tool Release: iOS SSL Kill Switch v0.5 Released
    No content preview
    Ruling the rules
    No content preview
    Secure Session Management With Cookies for Web Applications
    No content preview
    SSLyze v0.7 Released
    No content preview
    Why AI Will Not Fully Replace Humans for Web Penetration Testing
    No content preview
    Rigging the Vote: Uniqueness in Verifiable Random Functions
    No content preview
    Software-Based Fault Injection Countermeasures (Part 2/3)
    No content preview
    Technical Advisory – Linux RDS Protocol Local Privilege Escalation
    No content preview
    NCC Group’s Upcoming Trainings at Black Hat USA 2021
    No content preview
    Research Insights Volume 1 – Sector Focus: Financial Services
    No content preview
    Updated: Technical Advisory and Proofs of Concept – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
    No content preview
    How to Backdoor Diffie-Hellman
    No content preview
    Public Report: Aleo snarkOS Implementation and Consensus Mechanism Review
    No content preview
    Securing Google Cloud Platform – Ten best practices
    No content preview
    Technical Advisory – ExpressLRS vulnerabilities allow for hijack of control link
    No content preview
    Public cloud
    No content preview
    Symantec Messaging Gateway – Addition of a backdoor adminstrator via CSRF
    No content preview
    TANDBERG Video Communication Server Authentication Bypass
    No content preview
    HDMI Ethernet Channel
    No content preview
    Managing PowerShell in a modern corporate environment
    No content preview
    NCC Group placed first in global 5G Cyber Security Hack competition
    No content preview
    Symantec Backup Exec 2012 Backup/Restore Data Traverses Memory with Weak ACLs
    No content preview
    Ragweed
    No content preview
    Samba on the BlackBerry PlayBook
    No content preview
    Security Considerations of zk-SNARK Parameter Multi-Party Computation
    No content preview
    typofinder
    No content preview
    Reviewing Verifiable Random Functions
    No content preview
    Technical Advisory – Apple HFS+ Information Disclosure Vulnerability
    No content preview
    iOS SSL Killswitch
    No content preview
    Managing Cyber Risk in the Supply Chain
    No content preview
    SIAM AG23: Algebraic Geometry with Friends
    No content preview
    Improving your Network and Application Assurance Strategy in an environment of increasing 0day vulnerabilities
    No content preview
    Oracle Retail Integration Bus Manager Directory Traversal
    No content preview
    Porting the Misfortune Cookie Exploit: A Look into Router Exploitation Using the TD-8817
    No content preview
    Some Notes About the Xen XSA-122 Bug
    No content preview
    Microsoft SQL Server Passwords
    No content preview
    IAX Voice Over-IP Security
    No content preview
    Fuzzbox
    No content preview
    Login Service Security
    No content preview
    MSSQL Lateral Movement
    No content preview
    Nagios XI Network Monitor – Stored and Reflective XSS
    No content preview
    Non Obvious PE Parsers – The .NET runtime – Part 1
    No content preview
    Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often
    No content preview
    Alternative Approaches for Fault Injection Countermeasures (Part 3/3)
    No content preview
    NCC Con Europe 2022 – Pwn2Own Austin Presentations
    No content preview
    Protecting stored cardholder data (an unofficial supplement to PCI DSS V3.0)
    No content preview
    Whitepaper: Recognizing and Preventing TOCTOU
    No content preview
    Machine learning from idea to reality: a PowerShell case study
    No content preview
    metasploitavevasion
    No content preview
    A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext
    No content preview
    Hacking Displays Made Interesting
    No content preview
    Lessons learned from 50 USB bugs
    No content preview
    Mergers & Acquisitions (M&A) cyber security due diligence
    No content preview
    tybocer
    No content preview
    Password and brute-force mitigation policies
    No content preview
    Post-quantum cryptography overview
    No content preview
    Real World Cryptography Conference 2022
    No content preview
    USB keyboards by post – use of embedded keystroke injectors to bypass autorun restrictions on modern desktop operating systems
    No content preview
    Spectre on a Television
    No content preview
    PhanTap (Phantom Tap): Making networks spookier one packet at a time
    No content preview
    Mature Security Testing Framework
    No content preview
    OS X Lion USB Hub Class Descriptor Arbitrary Code Execution
    No content preview
    Tool Release – ScoutSuite 5.13.0
    No content preview
    A New Flying Kitten?
    No content preview
    NX Server for Linux Arbitrary Files can be read with root privileges
    No content preview
    Variations in Exploit methods between Linux and Windows
    No content preview
    Optimum Routers: Researching Managed Routers
    No content preview
    McAfee Email and Web Security Appliance Password hashes can be recovered from a system backup and easily cracked
    No content preview
    NIST Selects Post-Quantum Algorithms for Standardization
    No content preview
    Microsoft announces the WMIC command is being retired, Long Live PowerShell
    No content preview
    Technical Advisory: Citrix Workspace / Receiver Remote Code Execution Vulnerability
    No content preview
    On Linux’s Random Number Generation
    No content preview
    The death of USB autorun and the rise of the USB keyboard
    No content preview
    UK government cyber security guidelines for connected & autonomous vehicles
    No content preview
    Tool Release: SSLyze v0.8 released
    No content preview
    Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust
    No content preview
    Practical Machine Learning for Random (Filename) Detection
    No content preview
    McAfee Email and Web Security Appliance Any logged-in user can bypass controls to reset passwords of other administrators
    No content preview
    G-Scout
    No content preview
    An Adaptive-Ciphertext Attack Against “I ⊕ C” Block Cipher Modes With an Oracle
    No content preview
    Multiple Format String Injections in AFFLIB
    No content preview
    Premium Security Content Gateway
    No content preview
    Machine Learning 104: Breaking AES With Power Side-Channels
    No content preview
    Shell Arithmetic Expansion and Evaluation Abuse
    No content preview
    Integrating DigitalOcean into ScoutSuite
    No content preview
    Lumension Device Control (formerly Sanctuary) remote memory corruption
    No content preview
    Technical Advisory – Jitsi Meet Electron – Limited Certificate Validation Bypass (CVE-2020-27161)
    No content preview
    Owning the Virgin Media Hub 3.0: The perfect place for a backdoor
    No content preview
    Singularity of Origin
    No content preview
    Public Report – Confidential Space Security Review
    No content preview
    The Phishing Guide: Understanding & Preventing Phishing Attacks
    No content preview
    Testing HTTP/2 only web services
    No content preview
    Getting per-user Conditional Access MFA status in Azure
    No content preview
    McAfee Email and Web Security Appliance v5.6 – Any logged-in user can bypass controls to reset passwords of other administrators
    No content preview
    Mobile & web browser credential management: Security implications, attack cases & mitigations
    No content preview
    Forensic Fuzzing Tools
    No content preview
    iOS certificate pinning code updated for iOS 7
    No content preview
    Intel BIOS Advisory – Memory Corruption in HID Drivers
    No content preview
    HTTP Profiler
    No content preview
    Ghost Vulnerability (CVE-2015-0235)
    No content preview
    FrisbeeLite
    No content preview
    Some Musings on Common (eBPF) Linux Tracing Bugs
    No content preview
    iSEC Partners Releases SSLyze
    No content preview
    Intent Sniffer
    No content preview
    Heartbleed (CVE-2014-0160) Advisory
    No content preview
    Samba Andx Request Remote Code Execution
    No content preview
    Hackproofing MySQL
    No content preview
    Immunity Debugger Buffer Overflow
    No content preview
    Gizmo
    No content preview
    Fuzzing the Easy Way Using Zulu
    No content preview
    Overview of Modern Memory Security Concerns
    No content preview
    Project Bishop: Clustering Web Pages
    No content preview
    lapith
    No content preview
    Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)
    No content preview
    Security Code Review With ChatGPT
    No content preview
    Fuzzing USB devices using Frisbee Lite
    No content preview
    Fuzzing the Easy Way Using Zulu (1)
    No content preview
    Public Report – Google Privacy Sandbox Aggregation Service and Coordinator
    No content preview
    Implementing and Detecting a PCI Rootkit
    No content preview
    Hiccupy
    No content preview
    Hacking a web application
    No content preview
    Package Play
    No content preview
    Public Report – IOV Labs powHSM Security Assessment
    No content preview
    Jackson Deserialization Vulnerabilities
    No content preview
    SAML Pummel
    No content preview
    Introspy for Android
    No content preview
    Hackproofing Oracle Application Server
    No content preview
    Flubot: the evolution of a notorious Android Banking Malware
    No content preview
    Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review
    No content preview
    Interfaces.d to RCE
    No content preview
    Improving Your Embedded Linux Security Posture With Yocto
    No content preview
    Kubernetes Security: Consider Your Threat Model
    No content preview
    iSEC audit of MediaWiki
    No content preview
    How to protect yourself & your organisation from phishing attacks
    No content preview
    Ghidra nanoMIPS ISA module
    No content preview
    NCC Group co-signs the Electronic Frontier Foundation’s Statement on DMCA Use Against Security Researchers
    No content preview
    Readable Thrift (1)
    No content preview
    Inter-Protocol Communication
    No content preview
    Quantum Cryptography – A Study Into Present Technologies and Future Applications
    No content preview
    Premium Practical Law Content Gateway
    No content preview
    Introducing Azucar
    No content preview
    Impress Pages CMS Remote Code Execution
    No content preview
    Oracle Forensics Part 7 Using the Oracle System Change Number in Forensic Investigations
    No content preview
    Properly Signed Certificates on CPE Devices
    No content preview
    Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis
    No content preview
    iOS 7 arbitrary code execution in kernel mode
    No content preview
    Man-in-the-Middling Non-Proxy Aware Wi-Fi Devices with a Pineapple
    No content preview
    Oracle Passwords and OraBrute
    No content preview
    How much training should staff have on cyber security?
    No content preview
    Mobile apps and security by design
    No content preview
    Public Report – Dell Secured Component Verification
    No content preview
    Jailbreak, updated and open-sourced
    No content preview
    Flash security restrictions bypass: File upload by URLRequest
    No content preview
    IODIDE
    No content preview
    How to Spot and Prevent an Eclipse Attack
    No content preview
    HIDDEN COBRA Volgmer: A Technical Analysis
    No content preview
    Intel® Software Guard Extensions (SGX): A Researcher’s Primer
    No content preview
    hostresolver
    No content preview
    Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
    No content preview
    Discovering Smart Contract Vulnerabilities with GOATCasino
    No content preview
    Conference Talks – February 2020
    No content preview
    Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit
    No content preview
    Public Report - Security Risks of AI Hardware for Personal and Edge Computing Devices
    No content preview
    IG Learner Walkthrough
    No content preview
    Security Tips For Your AI Cloud Infrastructure
    No content preview
    ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again
    No content preview
    Technical Advisory: Multiple Vulnerabilities in MailEnable
    No content preview
    When Security Gets in the Way: PenTesting Mobile Apps That Use Certificate Pinning
    No content preview
    Technical Advisory: Multiple Vulnerabilities in SmarterMail
    No content preview
    How I did not get a shell
    No content preview
    The economics of defensive security
    No content preview
    5G security – how to minimise the threats to a 5G network
    No content preview
    Denial of Service in Parsing a URL by ierutil.dll
    No content preview
    Medium Risk Vulnerability in Symantec Enterprise Security Management
    No content preview
    Defending Your Directory: An Expert Guide to Combating Kerberoasting in Active Directory
    No content preview
    Public Report – AWS Nitro System API & Security Claims French
    No content preview
    On the malicious use of large language models like GPT-3
    No content preview
    Medical Devices: A Hardware Security Perspective
    No content preview
    Technical Advisory: Multiple Vulnerabilities in Xerox Printers
    No content preview
    Hardware Security By Design: ESP32 Guidance
    No content preview
    Understanding and Hardening Linux Containers
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 3: Understanding Existing Approaches and Attempts
    No content preview
    Exposing Vulnerabilities in Media Software
    No content preview
    Tool Release: tcpprox
    No content preview
    Using Semgrep with Jupyter Notebook files
    No content preview
    Dangers of Kubernetes IAM Integrations
    No content preview
    CVE-2018-8611 Exploiting Windows KTM Part 5/5 – Vulnerability detection and a better read/write primitive
    No content preview
    Weak Randomness Part I – Linear Congruential Random Number Generators
    No content preview
    Webinar – PCI Version 3.0: Are you ready?
    No content preview
    Phish Supper: An Incident Responder’s Bread and Butter
    No content preview
    Assessing IIS Configuration Remotely
    No content preview
    44CON - Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own Automotive 2024
    No content preview
    Machine Learning 102: Attacking Facial Authentication with Poisoned Data
    No content preview
    Vaccine Misinformation Part 1: Misinformation Attacks as a Cyber Kill Chain
    No content preview
    Technical Advisory: Code Execution by Viewing Resource Files in .NET Reflector
    No content preview
    Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets
    No content preview
    Real World Cryptography Conference 2023 – Part II
    No content preview
    Puckungfu: A NETGEAR WAN Command Injection
    No content preview
    Sobelow Update
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 7: Development of Prototype #3 – Adventures in Anomaly Detection
    No content preview
    Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
    No content preview
    Whitepaper: CA Alternative
    No content preview
    Windows remote desktop memory corruptoin leading to RCE on XPSP3
    No content preview
    Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)
    No content preview
    NCC Group’s 2021 Annual Research Report
    No content preview
    CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 2
    No content preview
    Nameless and shameless: Ransomware Encryption via BitLocker
    No content preview
    The Importance of a Cryptographic Review
    No content preview
    Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
    No content preview
    Car Parking Apps Vulnerable To Hacks
    No content preview
    Analyzing AI Application Threat Models
    No content preview
    Cryptopals: Exploiting CBC Padding Oracles
    No content preview
    Immortalising 20 Years of Epic Research
    No content preview
    Detecting Rclone – An Effective Tool for Exfiltration
    No content preview
    BlackHat USA 2024 - Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap
    No content preview
    Public Report – Penumbra Labs R1CS Implementation Review
    No content preview
    To dock or not to dock, that is the question: Using laptop docking stations as hardware-based attack platforms
    No content preview
    Why IoT Security Matters
    No content preview
    Exploring DeepFake Capabilities & Mitigation Strategies with University College London
    No content preview
    Technical Advisory – play-pac4j Authentication rule bypass
    No content preview
    Tool Release: Announcing the Release of RtspFuzzer
    No content preview
    Back in Black: Unlocking a LockBit 3.0 Ransomware Attack
    No content preview
    Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)
    No content preview
    Oracle Forensics Part 2: Locating Dropped Objects
    No content preview
    Cracking Mifare Classic 1K: RFID, Charlie Cards, and Free Subway Rides
    No content preview
    Tool Release – Carnivore: Microsoft External Assessment Tool
    No content preview
    The Pharming Guide – Understanding and preventing DNS related attacks by phishers
    No content preview
    Weaknesses and Best Practices of Public Key Kerberos with Smart Cards
    No content preview
    Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 1: Understanding the Basics and What Platforms and Frameworks Are Available
    No content preview
    NCC Group WhitepaperUnderstanding and HardeningLinux ContainersJune 29, 2016 – Version 1.1
    No content preview
    iOS 7 tool updates
    No content preview
    Lights, Camera, HACKED! An insight into the world of popular IP Cameras
    No content preview
    Public Report – AWS Nitro System API & Security Claims German
    No content preview
    PRTG Network Monitor Command injection
    No content preview
    Understanding Microsoft Word OLE Exploit Primitives
    No content preview
    Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)
    No content preview
    Technical Advisory: Multiple Vulnerabilities in ManageEngine Desktop Central
    No content preview
    Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices
    No content preview
    Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review
    No content preview
    Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities
    No content preview
    OCP S.A.F.E. How-to
    No content preview
    NCC Group Connected Health Whitepaper July 2019
    No content preview
    Deception Engineering: exploring the use of Windows Service Canaries against ransomware
    No content preview
    An offensive guide to the Authorization Code grant
    Discover NCC Group’s offensive security perspective on Authorization Code Grant vulnerabilities and mitigations.  ( 14 min )
    RSA Conference – Mobile Threat War Room
    No content preview  ( 6 min )
    Research Insights Volume 7: Exploitation Advancements
    No content preview  ( 7 min )
    Which database is more secure? Oracle vs. Microsoft
    No content preview  ( 7 min )
    Stepping Stones – A Red Team Activity Hub
    No content preview  ( 9 min )
    NCC Group Malware Technical Note
    No content preview  ( 6 min )
    Black Hat 2013 – Femtocell Presentation Slides, Videos and App
    Explore NCC Group’s femtocell attack research presented at Black Hat 2013, including downloadable resources.  ( 8 min )
    White Paper: Browser Extension Password Managers
    No content preview  ( 7 min )
    Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)
    No content preview  ( 8 min )
    Hunting SQL Injection Bugs
    No content preview  ( 6 min )
    Integrity destroying malicious code for financial or geopolitical gain: A vision of the future?
    No content preview  ( 7 min )
    A few notes on usefully exploiting libstagefright on Android 5.x
    No content preview  ( 8 min )
    Understanding Ransomware: Impact, Evolution and Defensive Strategies
    No content preview  ( 7 min )
    LeaPFRogging PFR Implementations
    Explore NCC Group’s insights on leapfrogging PFR implementations to improve security and streamline processes.  ( 12 min )
    An Illustrated Guide to Elliptic Curve Cryptography Validation
    No content preview  ( 16 min )
    EasyDA – Easy Windows Domain Access Script
    No content preview
    Decoder Improved Burp Suite Plugin
    No content preview
    Conference Talks – September 2021
    No content preview
    Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE-2015-0057) bug on both 32-bit and 64-bit
    No content preview
    Emissary Panda – A potential new malicious tool
    No content preview
    Dissecting social engineering attacks
    No content preview
    Derusbi: A Case Study in Rapid Capability Development
    No content preview
    CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service
    No content preview
    Combating Java Deserialisation Vulnerabilities with Look-Ahead Object Input Streams (LAOIS)
    No content preview
    Erlang Security 101
    No content preview
    Double-odd Elliptic Curves
    No content preview
    Distributed Ledger (Blockchain) Security and Quantum Computing Implications
    No content preview
    Decoding network data from a Gh0st RAT variant
    No content preview
    Database Security Brief: The Oracle Critical Patch Update for April 2007
    No content preview
    Firmware Rootkits: The Threat to the Enterprise
    No content preview
    Exploiting CVE-2014-0282 (1)
    No content preview
    Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm
    No content preview
    Deep Dive into Real-World Kubernetes Threats
    No content preview
    Chafer backdoor analysis
    No content preview
    Ethics in Security Testing
    No content preview
    Enumerating System Management Interrupts
    No content preview
    Don’t throw a hissy fit; defend against Medusa
    No content preview
    DNS Pinning and Web Proxies
    No content preview
    Detecting Karakurt – an extortion focused threat actor
    No content preview
    Decrypting OpenSSH sessions for fun and profit
    No content preview
    eBook – Planning a robust incident response process
    No content preview
    Disclosure Policy
    No content preview
    D0nut encrypt me, I have a wife and no backups
    No content preview
    Cyber red-teaming business-critical systems while managing operational risk
    No content preview
    Common Flaws of Distributed Identity and Authentication Systems
    No content preview
    Exploring Overfitting Risks in Large Language Models
    No content preview
    easyda
    No content preview
    dotnetpefuzzing
    No content preview
    Does TypeScript Offer Security Improvements Over JavaScript?
    No content preview
    Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study
    No content preview
    Endpoint connectivity
    No content preview
    Encryption at rest: Not the panacea to data protection
    No content preview
    Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)
    No content preview
    Detection Engineering for Kubernetes clusters
    No content preview
    Critical Risk Vulnerability in Ingres (Pointer Overwrite 1)
    No content preview
    Content Security Policies and Popular CMS Systems
    No content preview
    External Enumeration and Exploitation of Email and Web Security Solutions
    No content preview
    Elephant in the Boardroom Survey 2016
    No content preview
    DIBF – Updated
    No content preview
    DeLux Edition: Getting root privileges on the eLux Thin Client OS
    No content preview
    Early CCS Attack Analysis
    No content preview
    Domestic IoT Nightmares: Smart Doorbells
    No content preview
    Database Servers on Windows XP and the unintended consequences of simple file sharing
    No content preview
    Five Essential Machine Learning Security Papers
    No content preview
    Microsoft Office Memory Corruption Vulnerability
    No content preview
    firstexecution
    No content preview
    File Fuzzers
    No content preview
    Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record
    No content preview
    Finding the weak link in binaries
    No content preview
    Exporting non-exportable RSA keys
    No content preview
    Exploiting Security Gateways Via Web Interfaces
    No content preview
    Exploiting CVE-2014-0282
    No content preview
    Extractor
    No content preview
    Exploiting Noisy Oracles with Bayesian Inference
    No content preview
    Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks
    No content preview
    Extending a Thinkst Canary to become an interactive honeypot
    No content preview
    Exploiting Samba CVE-2015-0240 on Ubuntu 12.04 and Debian 7 32-bit
    No content preview
    Exploiting Rich Content
    No content preview
    Exploiting PL/SQL Injection Flaws with only CREATE SESSION Privileges
    No content preview
    Exception Handling and Data Integrity in Salesforce
    No content preview
    Enterprise-scale seamless onboarding and deployment of Azure Sentinel using Lighthouse for multi-tenant environments
    No content preview
    Fat-Finger
    No content preview
    Extracting the Payload from a CVE-2014-1761 RTF Document
    No content preview
    Exploring Verifiable Random Functions in Code
    No content preview
    Estimating the Bit Security of Pairing-Friendly Curves
    No content preview
    EDIDFuzzer
    No content preview
    Faux Disk Encryption: Realities of Secure Storage On Mobile Devices
    No content preview
    Exploring Prompt Injection Attacks
    No content preview
    Exploring macOS Calendar Alerts: Part 2 – Exfiltrating data (CVE-2020-3882)
    No content preview
    Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code
    No content preview
    Exploit mitigations: keeping up with evolving and complex software/hardware
    No content preview
    Experiments in Extending Thinkst Canary – Part 1
    No content preview
    EternalGlue part one: Rebuilding NotPetya to assess real-world resilience
    No content preview
    LAPSUS$: Recent techniques, tactics and procedures
    No content preview
    Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)
    No content preview
    Public Report – Threshold ECDSA Cryptography Review
    No content preview
    The Password is Dead, Long Live the Password!
    No content preview
    Latest threats to the connected car & intelligent transport ecosystem
    No content preview
    An adventure in PoEKmon NeutriGo land
    No content preview
    Pumping Iron on the Musl Heap – Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap
    No content preview
    Working with the Open Technology Fund
    No content preview
    Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes
    No content preview
    An Introduction to Fault Injection (Part 1/3)
    No content preview
    An Analysis of Mobile Geofencing App Security
    No content preview
    Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks
    No content preview
    NCC Group’s 2020 Annual Research Report
    No content preview
    Drones: Detect, Identify, Intercept, and Hijack
    No content preview
    Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)
    No content preview
    Tool Release – Reliably-checked String Library Binding
    No content preview
    Launching the first in our series of Research Insights
    No content preview
    Practical Considerations of Right-to-Repair Legislation
    No content preview  ( 17 min )
    A Look At Some Real-World Obfuscation Techniques
    No content preview  ( 17 min )
    Finding and Exploiting .NET Remoting over HTTP using Deserialisation
    No content preview  ( 12 min )
    Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)
    No content preview  ( 20 min )
    Fake CAPTCHA led to LUMMA
    Discover the social engineering behind fake CAPTCHA attacks. Learn how Lumma malware infects systems and what defenses can stop it.  ( 9 min )
    Spectre and Meltdown: What you Need to Know
    No content preview  ( 12 min )
    Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark
    No content preview  ( 12 min )
    Technical Advisory – libraptor – XXE in RDF/XML File Interpretation
    A technical breakdown of the XXE vulnerability in libraptor’s RDF/XML interpretation and its impact on downstream applications.  ( 10 min )
    Technical Advisory – Hash Denial-of-Service Attack in Multiple QUIC Implementations
    No content preview  ( 14 min )
    Whitepaper: Perfect Forward Security
    No content preview  ( 7 min )
    RIFT: Analysing a Lazarus Shellcode Execution Method
    No content preview  ( 9 min )
    CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1
    No content preview  ( 32 min )
    Stepping Insyde System Management Mode
    No content preview  ( 17 min )
    Metastealer – filling the Racoon void
    No content preview  ( 10 min )
    A WarCon 2017 Presentation: Cisco ASA – Exploiting the IKEv1 Heap Overflow – CVE-2016-1287
    No content preview  ( 7 min )
    Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902
    No content preview  ( 10 min )
    Detecting and Hunting for the PetitPotam NTLM Relay Attack
    No content preview  ( 9 min )
    Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353)
    No content preview  ( 24 min )
    Rustproofing Linux (Part 2/4 Race Conditions)
    No content preview  ( 14 min )
    Vulnerability Overview: Ghost (CVE-2015-0235)
    No content preview  ( 9 min )
    So long and thanks for all the 0day
    No content preview  ( 21 min )
    Detecting Mimikatz with Busylight
    No content preview  ( 10 min )
    Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes
    No content preview  ( 17 min )
    A Primer On Slowable Encoders
    No content preview  ( 12 min )
    Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)
    No content preview  ( 10 min )
    Technical Advisory – SonicWall SMA 100 Series – Multiple Unauthenticated Heap-based and Stack-based Buffer Overflow (CVE-2021-20045)
    No content preview  ( 9 min )
    How To Spot a Penetration Tester in Your Network (and Catch the Real Bad Guys at the Same Time)
    This guide reveals techniques to detect penetration testers and uncover genuine threats during security assessments.  ( 13 min )
    Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)
    No content preview  ( 10 min )
    Helping Engineering Teams Tackle Security Debt in Embedded Systems: U-Boot Configuration Auditing Introduced in Depthcharge v0.2.0
    No content preview  ( 14 min )
    Public Report – Zendoo Proof Verifier Cryptography Review
    No content preview  ( 7 min )
    Announcing the Cryptopals Guided Tour Video 18: Implement CTR
    No content preview  ( 8 min )
    StreamDivert: Relaying (specific) network connections
    No content preview  ( 9 min )
    Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)
    No content preview  ( 25 min )
    Exploring the Security & Privacy of Canada’s Digital Proof of Vaccination Programs
    Understand the security challenges and privacy concerns of Canada’s digital vaccination systems and how to mitigate potential threats.  ( 30 min )
    Matty McMattface: Security implications, mitigations & testing strategies for biometric facial recognition systems
    No content preview  ( 7 min )
    Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL (authenticated)
    Learn how a crafted URL can exploit Symantec Messaging Gateway for arbitrary file downloads and how to mitigate this risk.  ( 7 min )
    Self-Driving Cars- The future is now…
    No content preview  ( 7 min )
    Secure Coding in C and C++, 2nd Edition
    No content preview  ( 6 min )
    Xen HYPERVISOR_xen_version stack memory revelation
    No content preview  ( 6 min )
    Adobe Flash Player Cross Domain Policy Bypass
    No content preview  ( 6 min )
    Ricochet Security Assessment Public Report
    No content preview  ( 6 min )
    HTML5 Security The Modern Web Browser Perspective
    No content preview  ( 6 min )
    Insomnihack - Pioneering Zero Days at Pwn2Own Automotive 2024
    No content preview  ( 7 min )
    Sniffle: A Sniffer for Bluetooth 5
    No content preview  ( 7 min )
    Threat Profiling Microsoft SQL Server
    No content preview  ( 6 min )
    NCC CON Europe 2017
    No content preview  ( 7 min )
    Auditing Enterprise Class Applications and Secure Containers on Android
    No content preview  ( 6 min )
    Technical Advisory: Shell Injection in MacVim mvim URI Handler
    No content preview  ( 7 min )
    Windows DACLs & Why There Is Still Room for Interest
    No content preview  ( 8 min )
    OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel
    No content preview  ( 7 min )
    A Rendezvous with System Management Interrupts
    No content preview  ( 9 min )
    Understanding Microsoft Word OLE Exploit Primitives: Exploiting CVE-2015-1642 Microsoft Office CTaskSymbol Use-After-Free Vulnerability
    No content preview  ( 7 min )
    Technical Advisory: Condeon CMS
    No content preview  ( 8 min )
    Where You Inject Matters: The Role-Specific Impact of Prompt Injection Attacks on OpenAI models
    No content preview  ( 8 min )
    Public Report – Zcash NU5 Cryptography Review
    No content preview  ( 7 min )
    Non-flood/non-volumetric Distributed Denial of Service (DDoS)
    No content preview  ( 7 min )
    Oracle Retail Invoice Manager SQL Injection
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance Reflective XSS allowing an attacker to gain session tokens
    No content preview  ( 6 min )
    Symantec Messaging Gateway – Out of band stored XSS via email
    No content preview  ( 6 min )
    IETF Draft: Indicators of Compromise and Their Role in Attack and Defen[c|s]e
    No content preview  ( 7 min )
    Symantec Backup Exec 2012 – Persistent XSS Vulnerability Affecting Custom Reports
    No content preview  ( 7 min )
    Passive Information Gathering – The Analysis of Leaked Network Security Information
    No content preview  ( 7 min )
    Whitepaper – Exploring the Security of KaiOS Mobile Applications
    No content preview  ( 7 min )
    Tool Release: Blackbox Android App Analysis with Introspy
    No content preview  ( 7 min )
    Technical Advisory: Command Injection
    No content preview  ( 7 min )
    How organisations can properly configure SSL services to ensure the integrity and confidentiality of data in transit
    No content preview  ( 7 min )
    Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions
    No content preview  ( 6 min )
    White Paper: Login Service Security
    No content preview  ( 7 min )
    Medium Risk Vulnerability in Symantec Network Access Control
    No content preview  ( 6 min )
    Windows Remote Desktop Memory Corruption Leading to RCE on XPSP3
    No content preview  ( 8 min )
    Kivlad
    No content preview  ( 7 min )
    Introducing idb-Simplified Blackbox iOS App Pentesting
    No content preview  ( 6 min )
    Public Report – Entropy/Rust Cryptography Review
    No content preview  ( 7 min )
    port-scan-automation
    No content preview  ( 7 min )
    Chrome Password Manager Cross Origin Weakness
    Explore how a cross-origin flaw in Chrome’s password manager could allow attackers to steal credentials via embedded content.  ( 8 min )
    Symantec Messaging Gateway – Unauthorised SSH access
    No content preview  ( 6 min )
    Harnessing GPUs Building Better Browser Based Botnets
    No content preview  ( 6 min )
    iOS Instrumentation Without Jailbreak
    No content preview
    How will GDPR impact your communications?
    No content preview
    Public Report – Coda Cryptographic Review
    No content preview
    Jailbreak
    No content preview
    Going “AUTH the Rails” on a Crazy Train
    No content preview
    An Introduction to Heap overflows on AIX 5.3L
    No content preview  ( 6 min )
    Heartbleed OpenSSL vulnerability
    Learn the impact of Heartbleed on OpenSSL and how NCC Group helps secure systems against this critical flaw.  ( 9 min )
    Analysis of the Linux backdoor used in freenode IRC network compromise
    No content preview  ( 12 min )
    Lessons learned from 50 bugs: Common USB driver vulnerabilities
    No content preview  ( 7 min )
    Adventures in Windows Driver Development: Part 1
    Dive into the fundamentals of Windows driver development with NCC Group’s hands-on exploration of kernel-mode programming.  ( 13 min )
    Announcing the AWS blog post series
    No content preview
    Android SSL Bypass
    No content preview
    Analysis of Boomerang Differential Trials via a SAT-Based Constraint Solver URSA
    No content preview
    An Introduction to Ultrasound Security Research
    No content preview
    EAP-TLS: The most secure option?
    No content preview
    Research Paper – Machine Learning for Static Malware Analysis, with University College London
    No content preview
    Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review
    No content preview
    Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath
    No content preview
    Conference Talks – February/March 2021
    No content preview
    Pairing over BLS12-381, Part 1: Fields
    No content preview
    SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities
    Discover how these SSL/TLS flaws allow attackers to bypass encryption, impersonate servers, and intercept sensitive data.  ( 10 min )
    Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks
    No content preview  ( 10 min )
    SCOMplicated? – Decrypting SCOM “RunAs” credentials
    No content preview  ( 10 min )
    Secure Device Manufacturing: Supply Chain Security Resilience
    No content preview  ( 7 min )
    Readable Thrift
    No content preview  ( 10 min )
    On the Use of Pedersen Commitments for Confidential Payments
    No content preview  ( 12 min )
    Shellshock Bash Vulnerability
    No content preview  ( 8 min )
    Writing Robust Yara Detection Rules for Heartbleed
    Explore NCC Group’s approach to writing effective YARA rules for detecting Heartbleed in OpenSSL implementations.  ( 11 min )
    Pairing over BLS12-381, Part 2: Curves
    A technical look at the curve foundations of BLS12-381 and their importance in pairing-based cryptography.  ( 15 min )
    SAML XML Injection
    No content preview  ( 14 min )
    TA505: A Brief History Of Their Time
    No content preview  ( 14 min )
    NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020
    No content preview  ( 8 min )
    Technical Advisory – Authorization Bypass Allows for Pinboard Corruption
    Explore how a flaw in access control could allow unauthorized users to corrupt Pinboard data and compromise integrity.  ( 8 min )
    Secure Messaging for Normal People
    No content preview  ( 7 min )
    Oracle Forensics Part 4: Live Response
    No content preview  ( 7 min )
    Pointer Sequence Reverser (PSR)
    No content preview  ( 7 min )
    TANDBERG Video Communication Server Arbitrary File Retrieval
    No content preview  ( 7 min )
    PeachFarmer
    No content preview  ( 7 min )
    Pip3line
    No content preview  ( 6 min )
    Research Report – Zephyr and MCUboot Security Assessment
    No content preview  ( 8 min )
    PDF Form Filling and Flattening Tool Buffer Overflow
    Explore how a buffer overflow vulnerability in a PDF form filling and flattening tool could lead to memory corruption and security risks.  ( 8 min )
    Symantec Backup Exec 2012 – OS version and service pack information leak
    No content preview  ( 7 min )
    Security of Things: An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond
    No content preview  ( 7 min )
    Security Best Practice: Host Naming & URL Conventions
    No content preview  ( 7 min )
    Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application
    No content preview  ( 8 min )
    Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)
    No content preview  ( 8 min )
    State-of-the-art email risk
    No content preview  ( 7 min )
    Maritime Cyber Security: Threats and Opportunities
    No content preview  ( 6 min )
    Setting a New Standard for Kubernetes Deployments
    No content preview  ( 9 min )
    SSL checklist for pentesters
    No content preview  ( 6 min )
    Ransomware: what organisations can do to survive
    No content preview  ( 6 min )
    Memory Scanning for the Masses
    No content preview  ( 9 min )
    RtspFuzzer
    No content preview  ( 6 min )
    OSX afpserver remote code execution
    No content preview  ( 6 min )
    Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication Mechanism
    No content preview  ( 7 min )
    Secure Device Provisioning Best Practices: Heavy Truck Edition
    No content preview  ( 7 min )
    Technical Advisory – Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability
    Explore how a flaw in Apple’s NSXMLParser could allow XML External Entity (XXE) attacks on iOS and macOS systems.  ( 9 min )
    scenester
    No content preview  ( 6 min )
    Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption
    No content preview  ( 10 min )
    SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
    No content preview  ( 14 min )
    Second-Order Code Injection Attacks
    No content preview  ( 6 min )
    Symantec Messaging Gateway – Unauthenticated detailed version disclosure
    No content preview  ( 6 min )
    Oracle Hyperion 11 Directory Traversal
    No content preview  ( 7 min )
    Perfect Forward Security
    No content preview  ( 6 min )
    McAfee Email and Web Security Appliance Session hijacking and bypassing client-side session timeouts
    No content preview  ( 6 min )
    Return of the hidden number problem
    No content preview  ( 7 min )
    Technical Advisory – Coda Filesystem Kernel Memory Disclosure
    This technical advisory details a kernel memory disclosure issue in the Coda filesystem and its potential impact.  ( 9 min )
    Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)
    No content preview  ( 8 min )
    Poison Ivy string decryption
    Explore how NCC Group reverse-engineers Poison Ivy’s string obfuscation to uncover hidden commands and payloads.  ( 8 min )
    Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing
    No content preview  ( 7 min )
    Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)
    No content preview  ( 8 min )
    Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043)
    No content preview  ( 8 min )
    Story of a Hundred Vulnerable Jenkins Plugins
    Explore the security risks in Jenkins plugins, how vulnerabilities were found, and steps to strengthen CI/CD security.  ( 14 min )

  • Open

    Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass
    Technical Advisory: Tesla Telematics Control Unit - ADB Auth Bypass  ( 12 min )

  • Open

    Public Report: Meta Whatsapp message summarization service
    No content preview  ( 7 min )

  • Open

    Adventures in EM Side-channel Attacks
    Adventures in EM Side-channel Attacks Eucleak  ( 7 min )

  • Open

    TANDBERG Video Communication Server Static SSH Host KeysN
    Explore how hardcoded SSH host keys in Tandberg Video Communication Server could expose systems to impersonation and MITM attacks.  ( 9 min )

  • Open

    Crack the Riddle, Secure the Oasis: Core NetWars Version 11 is Here
    A blog about SANS Institute's new Core NetWars Version 11  ( 12 min )

  • Open

    Expanding on ChunkyIngress - Clippy Goes Rogue (GoClipC2)
    GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.  ( 10 min )
    Expanding on ChunkyIngress - Clippy Goes Rogue (GoClipC2)
    GoClipC2: A covert Windows clipboard-based C2 channel for VDI/RDP environments. Bypasses network monitoring with encrypted Base64 messaging.  ( 10 min )

  • Open

    The Cost Savings of Fixing Security Flaws in Development
    No content preview  ( 7 min )

  • Open

    A New Approach to Proving Cybersecurity Value (That Isn’t ROI)
    In this blog, we are excited to announce our white paper on Return on Mitigation (RoM), a framework we designed to quantify the financial impact of security programs in a way that speaks to business leaders.  ( 6 min )
    Celebrating 10 Years of Partnership: Snap and HackerOne Reach $1M in Bounties
    At Snap, security is more than a priority—it’s a core mission. Over the past decade, Snap has partnered with HackerOne to build and sustain a robust bug bounty program. This collaboration has led to major milestones, including paying security researchers over $1M in bounties. To celebrate this achievement and their 10-year partnership, we spoke with Jim Higgins, Snap's Chief Information Security Officer, Vinay Prabhushankar, Snap’s Security Engineering Manager, and Ilana Arbisser, Snap’s Privacy Engineer.

  • Open

    Women@ Kicks Off the Year with a Vision Board Event
    No content preview  ( 4 min )

  • Open

    Gain Actionable, Data-backed Insights with HackerOne Recommendations
    What if your security program could self-optimize: analyze trends, identify weak points, and proactively propose actionable steps to strengthen defenses? With HackerOne Recommendations, it can.  ( 5 min )

  • Open

    Welcome, Hackbots: How AI Is Shaping the Future of Vulnerability Discovery
    What are Hackbots and how are they impacting vulnerability discovery and the researcher community?  ( 6 min )

  • Open

    DORA Compliance Is Here: What Financial Entities Should Know
    The new DORA regulation: everything your organization needs to know about its impact and how to comply.  ( 5 min )

  • Open

    Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies
    The term “special relationship,” coined by Winston Churchill, describes the close, longstanding alliance between the United States and the United Kingdom. It has been applied to cooperation during war, to trade and commerce, and even to intelligence sharing. That special relationship has clearly influenced the two nations’ recent policy papers on national cybersecurity. The U.K. […] The post Protecting Critical Infrastructure: A Tale of Two National Cybersecurity Strategies appeared first on Synack.  ( 7 min )

  • Open

    Scoping Adventures: How to Get the Most Out of Your Synack Pentesting
    Scoping Adventures is a series of blogs about some of the more interesting penetration tests that the Synack Customer Success teams have worked on over the last few months. Each blog outlines how we engage with the client to achieve the best results from a pentest. Pentesters love colors—red, blue, purple, black, white and grey […] The post Scoping Adventures: How to Get the Most Out of Your Synack Pentesting appeared first on Synack.  ( 11 min )

  • Open

    Applying Strategic Thinking in Your Pentesting Program
    The Synack Platform & Five Pillars of Strategic Pentesting Why You Need to Think Strategically It’s no great revelation that tactics, techniques, and procedures utilized by nefarious hackers hacking activities are evolving on a daily basis. In 2022, 18,828 common vulnerabilities and exposures (CVEs) were published. At the same time, organization attack surfaces are expanding. […] The post Applying Strategic Thinking in Your Pentesting Program appeared first on Synack.  ( 7 min )

  • Open

    The U.S. has a new cybersecurity strategy. What’s next for CISOs?
    One week ago, the Biden administration unveiled its long-awaited U.S. National Cybersecurity Strategy, with an eye toward centralizing government cyber resources and holding IT vendors more accountable for their digital defenses. Now that the ink is dry on the 35-page document, top officials like Acting National Cyber Director Kemba Walden are busy putting it into […] The post The U.S. has a new cybersecurity strategy. What’s next for CISOs? appeared first on Synack.  ( 7 min )
2026-03-25T01:14:57.894Z osmosfeed 1.15.1