osmos::feed

Open

ntprint.exe lolbin

You can copy c:\WINDOWS\system32\ntprint.exe to a folder of your liking f.ex. c:\test, and then launch it with command line arguments like this: ntprint.exe PSetupElevatedLegacyPrintDriverInstallW {} This will load c:\test\ntprint.dll: ( 2 min )

Open

Using .LNK files as lolbins

I am not sure if I or anyone else pointed it out before. Highly possible. I kinda lost track of it at this stage… So, anyway… this is a pretty dumb lolbin functionality that is exhibited by many native .lnk … Continue reading → ( 2 min )
Open

State of the Art of Private Key Security in Blockchain Ops - 1. Concepts, Types of Wallets and Signing Strategies

Concepts, Types of Wallets and Signing Strategies ( 11 min )
Open

A History of Active Directory Security

During the Summer of 2024, I had a talk at Troopers called “A Decade of Active Directory Attacks:What We’ve Learned & What’s Next” (Slides & Video). I focused on the key milestones of Active Directory security. This post covers this in some detail which was correlated with public information and GitHub release information. This article … Continue reading ( 8 min )

Active Directory Security Tip #11: Print Service on Domain Controllers

The Print Spooler service is a default service on Windows Servers and is set to run at startup. There are a number of attacks that are enabled by having the Print Spooler service running on Domain Controllers (ex.: Printer Bug: https://adsecurity.org/?p=4056) At this point it’s best to configure a GPO to disable the Print Spooler … Continue reading ( 5 min )
Open

Lucid Dreams I: Lucid’s First Time Fuzzing

Background We’ve spent a lot of time so far on this blog documenting the development process of Lucid, our full-system snapshot fuzzer, and I really wanted to start using it to do some real fuzzing. So the focus of this blog post will be documenting the process I had to take to get Lucid up and fuzzing on a real target. So far, Lucid has only worked on a toy harness/example, and so we need to see what kind of things need tweaking when a real target comes into play. ( 26 min )

Open

Microsoft Intune September 2025 update: Intel vPro integration, PowerShell app scripts, iOS/macOS 26 support, and Copilot enhancements

Microsoft Intune's September 2025 update introduces hardware-level device recovery through Intel vPro integration, PowerShell installer script support for Enterprise Application Management, and day-zero compatibility for Apple's iOS/iPadOS and macOS 26 operating systems. Service release 2509 also expands Copilot capabilities for Windows 365 Cloud PC management and updates the minimum supported versions for Apple platforms. Source
Open

YoSmart YoLink Hub version 0382

The following document describes identified vulnerabilities in the YoLink Hub smart device version 0382. ( 11 min )

How a $20 Smart Device Gave Me Access to Your Home

Bishop Fox research uncovered zero-day vulnerabilities in the YoLink Smart Hub. Anyone using the YoLink Smart Hub v0382 is at risk. ( 12 min )
Open

Spot trouble early with honeypots and Suricata

TL;DR Introduction It’s strange how satisfying it is to turn off the lights, set up a tent under the stars, and watch the kids swap screen time for mud pies and marshmallows. Before I left for a 3-day family camping trip, I had one last thing to do: set up a T-Pot honeypot safely in […] The post Spot trouble early with honeypots and Suricata appeared first on Pen Test Partners. ( 10 min )
Open

What Did the Attacker Read? MailItemAccessed Tells You

The Growing Threat of BEC Business Email Compromise (BEC) is a growing threat vector that often results in significant financial and reputational damage. Typically, BEC attacks aim to commit fraud, steal data, or compromise supply chains. A common characteristic of these attacks is gaining access to the victim’s emails, often going in pair with the … Continue reading What Did the Attacker Read? MailItemAccessed Tells You → ( 16 min )
Open

Active Directory Security Tip #10: FSMO Roles

Getting Microsoft supported backups of Domain Controllers is an important part of recovery strategy. A best practice is to locate all Flexible Master Single Operator (FSMO) roles on a single DC in the domain. That way you can more easily target the DC that hosts the FSMOs for backup. PowerShell code to check for FSMO … Continue reading ( 5 min )
Open

Overview of Content Published in September

Here is an overview of content I published in September: SANS ISC Diary entries: BASE64 Over DNS Web Searches For Archives ( 11 min )

Open

Proxmox Datacenter Manager: A new alternative to VMware vCenter?

Proxmox Datacenter Manager (PDM) is a brand new, open-source platform designed to provide centralized management and monitoring for Proxmox VE clusters and nodes. Launched in late 2024, PDM offers a modern web interface that simplifies large-scale virtualization administration across multiple datacenters. As organizations seek alternatives to VMware’s increasingly costly and restrictive ecosystem, Proxmox Datacenter Manager emerges as a promising vCenter competitor for cost-effective and flexible enterprise virtualization management. Source
Open

Hacking smarter with Burp AI: NahamSec puts Burp AI to the test

Bug bounty legend, NahamSec, has taken Burp AI for a spin. If you're curious how Burp AI fits into a real workflow, his new video is the perfect place to start. Watch on YouTube Burp AI was built to a ( 3 min )
Open

Lunar Spider Expands their Web via FakeCaptcha

Key Findings Introduction NVISO has observed and correlated information regarding the latest attack chain employed by Lunar Spider. Lunar Spider, also known as Gold SwathMore, is a Russian-speaking cybercriminal group motivated by financial gain. They have built their reputation on developing and operating the IcedID (also known as BokBot) Malware-as-a-Service (MaaS) since 2019. Following the … Continue reading Lunar Spider Expands their Web via FakeCaptcha → ( 28 min )
Open

RSA Conference – Mobile Threat War Room

No content preview ( 6 min )

McAfee Email and Web Security Appliance v5.6 – Password hashes can be recovered from a system backup and easily cracked

No content preview

Java RMI Registry.bind() Unvalidated Deserialization

No content preview

iOS User Enrollment and Trusted Certificates

No content preview

In-depth analysis of the new Team9 malware family

No content preview ( 16 min )

Research Insights Volume 1 – Sector Focus: Financial Services

No content preview ( 6 min )

Curve9767 and Fast Signature Verification

No content preview ( 14 min )

Cracking RDP NLA Supplied Credentials for Threat Intelligence

No content preview ( 9 min )

Experiments in Extending Thinkst Canary – Part 1

No content preview ( 7 min )

New Sources of Microsoft Office Metadata – Tool Release MetadataPlus

No content preview ( 11 min )

How to Backdoor Diffie-Hellman

No content preview

eBook – Do you know how your organisation would react in a real-world attack scenario?

No content preview

Decrypting OpenSSH sessions for fun and profit

No content preview

IP-reputation-snort-rule-generator

No content preview ( 6 min )

Exploiting CVE-2014-0282 (1)

No content preview ( 6 min )

Improving Your Embedded Linux Security Posture With Yocto

No content preview ( 6 min )

Extracting the Payload from a CVE-2014-1761 RTF Document

No content preview ( 10 min )

Erlang Security 101

No content preview ( 6 min )

Some Notes About the Xen XSA-122 Bug

No content preview ( 11 min )

SOC maturity & capability

No content preview ( 6 min )

Impersonating Gamers With GPT-2

No content preview ( 19 min )

Jackson Deserialization Vulnerabilities

No content preview ( 6 min )

metasploitavevasion

No content preview

Code Patterns for API Authorization: Designing for Security

No content preview ( 12 min )

Spectre and Meltdown: What you Need to Know

No content preview ( 11 min )

Machine Learning 103: Exploring LLM Code Generation

No content preview

D0nut encrypt me, I have a wife and no backups

No content preview

Technical Advisory – Apple HFS+ Information Disclosure Vulnerability

No content preview

How cryptography is used to monitor the spread of COVID-19

No content preview

Conference Talks – October 2021

No content preview

Secure Device Manufacturing: Supply Chain Security Resilience

No content preview

Ethics in Security Testing

No content preview

Conference Talks – January 2020

No content preview ( 7 min )

firstexecution

No content preview ( 6 min )

NCC Group co-signs the Electronic Frontier Foundation’s Statement on DMCA Use Against Security Researchers

No content preview ( 8 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 4: Architecture and Design

No content preview ( 14 min )

Lumension Device Control (formerly Sanctuary) remote memory corruption

No content preview ( 7 min )

Exploring the Security & Privacy of Canada’s Digital Proof of Vaccination Programs

No content preview ( 29 min )

Fix Bounty

No content preview ( 9 min )

Cyber Essentials Scheme

No content preview ( 6 min )

Optimizing Pairing-Based Cryptography: Montgomery Arithmetic in Rust

No content preview ( 20 min )

How To Spot a Penetration Tester in Your Network (and Catch the Real Bad Guys at the Same Time)

No content preview ( 13 min )

Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha-Based PRNG

No content preview ( 10 min )

Defeating the Stack Based Buffer Overflow Prevention Mechanism of Microsoft Windows 2003 Server

No content preview ( 7 min )

Exploit the Fuzz – Exploiting Vulnerabilities in 5G Core Networks

No content preview ( 17 min )

Database Security: A Christmas Carol

No content preview ( 7 min )

Exploring macOS Calendar Alerts: Part 1 – Attempting to execute code

No content preview ( 14 min )

CVE-2017-8570 RTF and the Sisfader RAT

No content preview ( 11 min )

Decoding network data from a Gh0st RAT variant

No content preview ( 8 min )

Cyber Security of New Space Paper

No content preview ( 7 min )

IAX Voice Over-IP Security

No content preview ( 6 min )

CyberVillainsCA

No content preview ( 6 min )

Conference Talks – August 2020

No content preview ( 11 min )

IAM user management strategy (part 2)

No content preview ( 9 min )

Hiccupy

No content preview ( 6 min )

Hacking Appliances: Ironic exploits in security products

No content preview ( 6 min )

Heartbleed OpenSSL vulnerability

No content preview ( 9 min )

House

No content preview ( 6 min )

Enterprise-scale seamless onboarding and deployment of Azure Sentinel using Lighthouse for multi-tenant environments

No content preview ( 21 min )

Passive Decryption of Ethereum Peer-to-Peer Traffic

No content preview ( 10 min )

Mining data from Cobalt Strike beacons

No content preview ( 14 min )

On Multiplications with Unsaturated Limbs

No content preview ( 14 min )

Medical Devices: A Hardware Security Perspective

No content preview ( 14 min )

Ruling the rules

No content preview ( 11 min )

Non Obvious PE Parsers – The .NET runtime – Part 1

No content preview ( 12 min )

On the Use of Pedersen Commitments for Confidential Payments

No content preview ( 12 min )

Public Report – Android Cloud Backup/Restore

No content preview ( 6 min )

Optimizing Pairing-Based Cryptography: Montgomery Multiplication in Assembly

No content preview ( 18 min )

Overview of Modern Memory Security Concerns

No content preview ( 16 min )

SIAM AG23: Algebraic Geometry with Friends

No content preview ( 17 min )

Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures

No content preview ( 12 min )

Replicating CVEs with KLEE

No content preview ( 10 min )

Symantec Backup Exec 2012 – Linux Backup Agent Heap Overflow

No content preview ( 7 min )

TA505: A Brief History Of Their Time

No content preview ( 14 min )

Technical Advisory – ARM MbedOS USB Mass Storage Driver Memory Corruption

No content preview ( 10 min )

Technical Advisory – DelTek Vision – Arbitrary SQL Execution (SQLi)

No content preview ( 8 min )

Hackproofing Oracle Application Server

No content preview

libtalloc: A GDB plugin for analysing the talloc heap

No content preview

Fuzzbox

No content preview

dotnetpaddingoracle

No content preview

Security Considerations of zk-SNARK Parameter Multi-Party Computation

No content preview

Logs, Logs, the Audit Trail – Features of a Successful Log Management Solution

No content preview

Login Service Security

No content preview

Oracle Passwords and OraBrute

No content preview

Inter-Protocol Exploitation

No content preview

Common Insecure Practices with Configuring and Extending Salesforce

No content preview

Flubot: the evolution of a notorious Android Banking Malware

No content preview

Flash security restrictions bypass: File upload by URLRequest

No content preview

Extractor

No content preview

Ransomware: what organisations can do to survive

No content preview

Nagios XI Network Monitor Blind SQL Injection

No content preview

Inter-Protocol Communication

No content preview

pySimReader

No content preview

iOS 7 arbitrary code execution in kernel mode

No content preview

Detecting DNS implants: Old kitten, new tricks – A Saitama Case Study

No content preview

Shell Arithmetic Expansion and Evaluation Abuse

No content preview

eBook – Planning a robust incident response process

No content preview

E-mail Spoofing and CDONTS.NEWMAIL

No content preview

HTTP Profiler

No content preview

dotnetpefuzzing

No content preview

Cisco VPN Client Privilege Escalation

No content preview

Remote code execution in ImpressPages CMS

No content preview

G-Scout

No content preview

Estimating the Bit Security of Pairing-Friendly Curves

No content preview

CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service

No content preview

Latest threats to the connected car & intelligent transport ecosystem

No content preview

Internet of Things Security

No content preview

Exploring DeepFake Capabilities & Mitigation Strategies with University College London

No content preview

Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)

No content preview

How will GDPR impact your communications?

No content preview

HDMI – Hacking Displays Made Interesting

No content preview

Drones: Detect, Identify, Intercept, and Hijack

No content preview

How-to: Importing WStalker CSV (and more) into Burp Suite via Import to Sitemap Extension

No content preview

Cyber Security in UK Agriculture

No content preview

CloudWatch: Amazon Web Services & Shellshock

No content preview

Image IO Memory Corruption

No content preview

Deep Dive into Real-World Kubernetes Threats

No content preview

Protecting stored cardholder data (an unofficial supplement to PCI DSS V3.0)

No content preview

DDoS Common Approaches and Failings

No content preview

Cyber red-teaming business-critical systems while managing operational risk

No content preview

Cleaning Up After Cookies

No content preview

FPGAs: Security Through Obscurity?

No content preview

Exploiting Rich Content

No content preview ( 6 min )

General Data Protection Regulation – are you ready?

No content preview

Data-mining with SQL Injection and Inference

No content preview

Jailbreak

No content preview

Intel BIOS Advisory – Memory Corruption in HID Drivers

No content preview

How much training should staff have on cyber security?

No content preview

Cisco ASA series part seven: Checkheaps

No content preview

Oracle Hyperion 11 Directory Traversal

No content preview

Nagios XI Network Monitor – OS Command Injection

No content preview

Compromising Apache Tomcat via JMX access

No content preview

Exploiting Noisy Oracles with Bayesian Inference

No content preview

DECTbeacon

No content preview

Command Injection in XML Signatures and Encryption

No content preview

Post-quantum cryptography overview

No content preview

Critical Risk Vulnerability in Ingres (Pointer Overwrite 2)

No content preview

Firmware Rootkits: The Threat to the Enterprise

No content preview

Early CCS Attack Analysis

No content preview

Distributed Ledger (Blockchain) Security and Quantum Computing Implications

No content preview

Cracking Random Number Generators using Machine Learning – Part 2: Mersenne Twister

No content preview

Conference Talks – May 2021

No content preview

Cisco IPSec VPN Implementation Group Name Enumeration

No content preview

Fuzzing USB devices using Frisbee Lite

No content preview

Exploiting PL/SQL Injection Flaws with only CREATE SESSION Privileges

No content preview

DeLux Edition: Getting root privileges on the eLux Thin Client OS

No content preview ( 8 min )

Cisco ASA series part three: Debugging Cisco ASA firmware

No content preview

Exploiting Security Gateways Via Web Interfaces

No content preview

Encryption at rest: Not the panacea to data protection

No content preview

Domestic IoT Nightmares: Smart Doorbells

No content preview

Conference Talks – February/March 2021

No content preview

Going “AUTH the Rails” on a Crazy Train

No content preview ( 6 min )

Exporting non-exportable RSA keys

No content preview

Non-stack Based Exploitation of Buffer Overrun Vulnerabilities on Windows NT 2000 XP

No content preview

Ghidra nanoMIPS ISA module

No content preview

Software-Based Fault Injection Countermeasures (Part 2/3)

No content preview

Getting per-user Conditional Access MFA status in Azure

No content preview

CowCloud

No content preview

Enumerating System Management Interrupts

No content preview

Database Security Brief: The Oracle Critical Patch Update for April 2007

No content preview

Cloud Security Presentation

No content preview

Extending a Thinkst Canary to become an interactive honeypot

No content preview

Cranim: A Toolkit for Cryptographic Visualization

No content preview

Compromising a Hospital Network for £118 (Plus Postage & Packaging)

No content preview

Hacking the Extensible Firmware Interface

No content preview

Detecting Karakurt – an extortion focused threat actor

No content preview

Conference Talks – September 2020

No content preview

Mergers & Acquisitions (M&A) cyber security due diligence

No content preview

From ERMAC to Hook: Investigating the technical differences between two Android malware variants

No content preview

Finding the weak link in binaries

No content preview

Microsoft SQL Server Passwords

No content preview

From CSV to CMD to qwerty

No content preview

Perfect Forward Security

No content preview

Exploring Verifiable Random Functions in Code

No content preview

Deception Engineering: exploring the use of Windows Installer Packages against first stage payloads

No content preview

Cisco ASA series part one: Intro to the Cisco ASA

No content preview

Exploit mitigations: keeping up with evolving and complex software/hardware

No content preview ( 7 min )

Double-odd Elliptic Curves

No content preview

Dissecting social engineering attacks

No content preview

Conference Talks – February 2020

No content preview

Nessus Authenticated Scan – Local Privilege Escalation

No content preview

hostresolver

No content preview

Cross Site Request Forgery: An Introduction to a Common Web Application Weakness

No content preview

Conference Talks – November 2020

No content preview

Grepify – a Small Tool for Code Reviewers

No content preview

Endpoint connectivity

No content preview

Exploiting Samba CVE-2015-0240 on Ubuntu 12.04 and Debian 7 32-bit

No content preview

Database Servers on Windows XP and the unintended consequences of simple file sharing

No content preview

Climbing Mount Everest: Black-Byte Bytes Back?

No content preview

End-of-life pragmatism

No content preview ( 6 min )

Creating Arbitrary Shellcode In Unicode Expanded Strings

No content preview

Cracking Random Number Generators using Machine Learning – Part 1: xorshift128

No content preview

Embedded Device Security Certifications

No content preview

Implementing and Detecting a PCI Rootkit

No content preview

Cisco ASA series part six: Cisco ASA mempools

No content preview

Machine Learning 104: Breaking AES With Power Side-Channels

No content preview

Introspy for Android

No content preview

Gizmo

No content preview

Conti-nuation: methods and techniques observed in operations post the leaks

No content preview

Detecting Rclone – An Effective Tool for Exfiltration

No content preview

Sakula: an adventure in DLL planting

No content preview

HITB Phuket 2023 – Exploiting the Lexmark PostScript Stack

No content preview

Conference Talks – December 2021

No content preview

Intent Fuzzer

No content preview

File Fuzzers

No content preview

Conference Talks – December 2020

No content preview

NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020

No content preview

Hunting SQL Injection Bugs

No content preview ( 6 min )

Critical Risk Vulnerability in SAP DB Web Server (Stack Overflow)

No content preview

Conference Talks – March 2022

No content preview

Spy-Pi: Do you trust your laptop docking stations?

No content preview

Conference Talks – September/October 2022

No content preview

Conference Talks – October 2020

No content preview

Kerberos Resource-Based Constrained Delegation: When an Image Change Leads to a Privilege Escalation

No content preview

Hackproofing MySQL

No content preview

Content Security Policies and Popular CMS Systems

No content preview

CMakerer: A small tool to aid CLion’s indexing

No content preview ( 6 min )

Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record

No content preview

EternalGlue part one: Rebuilding NotPetya to assess real-world resilience

No content preview

Decoder Improved Burp Suite plugin release part one

No content preview

Managing Cyber Risk in the Supply Chain

No content preview ( 6 min )

Derusbi: A Case Study in Rapid Capability Development

No content preview

NCC Group Research at Black Hat USA 2021 and DEF CON 29

No content preview

Immunity Debugger Buffer Overflow

No content preview

HDMI Ethernet Channel

No content preview

D-LINK DIR-850L web admin interface vulnerable to stack-based buffer overflow

No content preview

DARPA OnStar Vulnerability Analysis

No content preview ( 8 min )

POC2021 – Pwning the Windows 10 Kernel with NTFS and WNF Slides

No content preview

Content Security Policies Best Practices

No content preview

SecureCookies

No content preview

Samba Andx Request Remote Code Execution

No content preview

D-Link routers vulnerable to Remote Code Execution (RCE)

No content preview

Helping Engineering Teams Tackle Security Debt in Embedded Systems: U-Boot Configuration Auditing Introduced in Depthcharge v0.2.0

No content preview

Exploring Overfitting Risks in Large Language Models

No content preview

Exploiting CVE-2015-2426, and How I Ported it to a Recent Windows 8.1 64-bit

No content preview

EasyDA – Easy Windows Domain Access Script

No content preview

Introduction to Anti-Fuzzing: A Defence in Depth Aid

No content preview

Fuzzing the Easy Way Using Zulu

No content preview

Critical Risk Vulnerability in Ingres (Pointer Overwrite 1)

No content preview

Public Report – Kubernetes 1.24 Security Audit

No content preview

Hardware & Embedded Systems: A little early effort in security can return a huge payoff

No content preview

Hacking a web application

No content preview

Elephant in the Boardroom Survey 2016

No content preview ( 6 min )

NCC CON Europe 2017

No content preview

Exploiting the win32k!xxxEnableWndSBArrows use-after-free (CVE-2015-0057) bug on both 32-bit and 64-bit

No content preview

iOS MobileSlideShow USB Image Class arbitrary code execution.txt

No content preview

Detecting anomalous Vectored Exception Handlers on Windows

No content preview

CVE-2018-8611 – Diving into the Windows Kernel Transaction Manager (KTM) for fun and exploitation

No content preview

Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023-32571)

No content preview

Dangling Cursor Snarfing: A New Class of Attack in Oracle

No content preview

Common Flaws of Distributed Identity and Authentication Systems

No content preview

Premium Practical Law Content Gateway(2)

No content preview

Microsoft Office Memory Corruption Vulnerability

No content preview

easyda

No content preview

Common Security Issues in Financially-Oriented Web Applications

No content preview

Readable Thrift

No content preview

Password and brute-force mitigation policies

No content preview

Harnessing GPUs Building Better Browser Based Botnets

No content preview

Medium Risk Vulnerability in Symantec Network Access Control

No content preview ( 6 min )

Faux Disk Encryption: Realities of Secure Storage On Mobile Devices

No content preview

NX Server for Linux Arbitrary Files can be read with root privileges

No content preview

General Data Protection Regulation: Knowing your data

No content preview

Don’t throw a hissy fit; defend against Medusa

No content preview

Demystifying Multivariate Cryptography

No content preview

Decoder Improved Burp Suite Plugin

No content preview

Five Essential Machine Learning Security Papers

No content preview

Creating a Safer OAuth User Experience

No content preview

grepify

No content preview

Combating Java Deserialisation Vulnerabilities with Look-Ahead Object Input Streams (LAOIS)

No content preview ( 6 min )

Striking Back at Retired Cobalt Strike: A look at a legacy vulnerability

No content preview

Smart Contracts Inside SGX Enclaves: Common Security Bug Patterns

No content preview

Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit

No content preview

Eurocrypt 2023: Death of a KEM

No content preview

eBook: Breach notification under GDPR – How to communicate a personal data breach

No content preview

DIBF – Updated

No content preview

Exploiting CVE-2014-0282

No content preview

cisco-SNMP-enumeration

No content preview

Cisco ASA series part two: Static analysis & datamining of Cisco ASA firmware

No content preview

Critical Risk Vulnerability in SAP Message Server (Heap Overflow)

No content preview ( 7 min )

Low Cost Attacks on Smart Cards – The Electromagnetic Side-Channel

No content preview

DNS Pinning and Web Proxies

No content preview

Ghost Vulnerability (CVE-2015-0235)

No content preview

Exception Handling and Data Integrity in Salesforce

No content preview

Does TypeScript Offer Security Improvements Over JavaScript?

No content preview

Oracle Forensics Part 1: Dissecting the Redo Logs

No content preview

Detection Engineering for Kubernetes clusters

No content preview

creep-web-app-scanner

No content preview ( 6 min )

FrisbeeLite

No content preview ( 6 min )

Exploring Prompt Injection Attacks

No content preview

How to protect yourself & your organisation from phishing attacks

No content preview ( 6 min )

Research Insights Volume 9 – Modern Security Vulnerability Discovery

No content preview

Do not use your AWS root account

No content preview

Fuzzing RTSP to discover an exploitable vulnerability in VLC

No content preview

Emissary Panda – A potential new malicious tool

No content preview

Conference Talks – June 2021

No content preview

NCC Con Europe 2016

No content preview

Impact of DNS over HTTPS (DoH) on DNS Rebinding Attacks

No content preview

Game Security

No content preview

Is this the real life? Is this just fantasy? Caught in a landslide, NoEscape from NCC Group

No content preview

Increased exploitation of Oracle GlassFish Server Administration Console Remote Authentication Bypass

No content preview

Drupal Vulnerability

No content preview

Managing PowerShell in a modern corporate environment

No content preview ( 6 min )

OS X 10.6.6 Camera Raw Library Memory Corruption

No content preview

NCC Con Europe 2022 – Pwn2Own Austin Presentations

No content preview

Demystifying Cobalt Strike’s “make_token” Command

No content preview

Research Insights Volume 3 – How are we breaking in: Mobile Security

No content preview

port-scan-automation

No content preview

Kubernetes Security: Consider Your Threat Model

No content preview

Manifest Explorer

No content preview

EDIDFuzzer

No content preview

Disclosure Policy

No content preview

Conference Talks – November 2021

No content preview

Public Report – Matrix Olm Cryptographic Review

No content preview

Maritime Cyber Security: Threats and Opportunities

No content preview

NCC Group’s Upcoming Trainings at Black Hat USA 2021

No content preview

Incremental Machine Learning by Example: Detecting Suspicious Activity with Zeek Data Streams, River, and JA3 Hashes

No content preview

Public Report – Caliptra Security Assessment

No content preview

iSEC Partners Releases SSLyze

No content preview

Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm

No content preview

ncccodenavi

No content preview

Introducing idb-Simplified Blackbox iOS App Pentesting

No content preview

Demystifying AWS’ AssumeRole and sts:ExternalId

No content preview

Implementing the Castryck-Decru SIDH Key Recovery Attack in SageMath

No content preview

ICS/OT Security & the evolution of the Purdue Model: Integrating Industrial and Business Networks

No content preview

Forensic Fuzzing Tools

No content preview

NCC Group’s 2020 Annual Research Report

No content preview

Impress Pages CMS Remote Code Execution

No content preview

How we breach network infrastructures and protect them

No content preview ( 6 min )

IAM user management strategy

No content preview

Research Insights Volume 6: Common Issues with Environment Breakouts

No content preview

Introducing Azucar

No content preview

Intent Sniffer

No content preview

Slotting Security into Corporate Development

No content preview

Integrity destroying malicious code for financial or geopolitical gain: A vision of the future?

No content preview ( 7 min )

Fuzzing the Easy Way Using Zulu (1)

No content preview

Public Report – VPN by Google One: Technical Security & Privacy Assessment

No content preview

Public Report – Coda Cryptographic Review

No content preview

McAfee Email and Web Security Appliance Any logged-in user can bypass controls to reset passwords of other administrators

No content preview

Exploring macOS Calendar Alerts: Part 2 – Exfiltrating data (CVE-2020-3882)

No content preview

Oracle E-Business Suite Pre-Auth SQLi with DBA Privileges

No content preview ( 7 min )

Man-in-the-Middling Non-Proxy Aware Wi-Fi Devices with a Pineapple

No content preview

IETF Draft: Indicators of Compromise and Their Role in Attack and Defen[c|s]e

No content preview

Public Report – Zcash Zebra Security Assessment

No content preview

ISM RAT

No content preview

Pairing over BLS12-381, Part 2: Curves

No content preview

New Attack Vectors and a Vulnerability Dissection of MS03-007

No content preview

log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228

No content preview

Lessons learned from 50 USB bugs

No content preview

Intel® Software Guard Extensions (SGX): A Researcher’s Primer

No content preview

Oracle Forensics Part 3: Isolating Evidence of Attacks Against the Authentication Mechanism

No content preview

Microsoft Internet Explorer CMarkup Use-After-Free

No content preview

Lumension Device Control Remote Memory Corruption

No content preview

iSEC Engages in TrueCrypt Audit

No content preview

Public Report – Zcash FROST Security Assessment

No content preview

Memory Scanning for the Masses

No content preview

McAfee Email and Web Security Appliance Session hijacking and bypassing client-side session timeouts

No content preview

Heartbleed (CVE-2014-0160) Advisory

No content preview ( 8 min )

Mobile apps and security by design

No content preview

Jailbreak, updated and open-sourced

No content preview

How to Spot and Prevent an Eclipse Attack

No content preview

Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices

No content preview

Phishing Stories

No content preview

Launching the first in our series of Research Insights

No content preview

Nerve

No content preview ( 6 min )

Microsoft announces the WMIC command is being retired, Long Live PowerShell

No content preview

Lending a hand to the community – Covenant v0.7 Updates

No content preview

Padding the struct: How a compiler optimization can disclose stack memory

No content preview

Multiple Buffer Overflows Discovered in AFFLIB

No content preview

lapith

No content preview

IODIDE

No content preview

SAML XML Injection

No content preview

McAfee Email and Web Security Appliance Arbitrary file download is possible with a crafted URL, when logged in as any user

No content preview

Hacking Displays Made Interesting

No content preview

LibAVCodec AMV Out of Array Write

No content preview

LeaPFRogging PFR Implementations

No content preview

LAPSUS$: Recent techniques, tactics and procedures

No content preview

Rigging the Vote: Uniqueness in Verifiable Random Functions

No content preview

iOS Instrumentation Without Jailbreak

No content preview

Integrating DigitalOcean into ScoutSuite

No content preview

Ragweed

No content preview

Public Report – Penumbra Labs R1CS Implementation Review

No content preview

NCC Group’s 2021 Annual Research Report

No content preview

On Linux’s Random Number Generation

No content preview

NCC Group’s 2022 & 2023 Research Report

No content preview

Public Report – RustCrypto AES/GCM and ChaCha20+Poly1305 Implementation Review

No content preview

Public Report – Confidential Space Security Review

No content preview

Kivlad

No content preview

Memory Gap

No content preview

McAfee Email and Web Security Appliance v5.6 – Active session tokens of other users are disclosed within the UI

No content preview

Live Incident Blog: June Global Ransomware Outbreak

No content preview

Public Report – Confidential Mode for Hyperdisk – DEK Protection Analysis

No content preview ( 6 min )

Multiple Format String Injections in AFFLIB

No content preview

Multiple Cisco CSS / ACE Client Certificate and HTTP Header

No content preview

Public Report – Penumbra Labs Decaf377 Implementation and Poseidon Parameter Selection Review

No content preview

Machine learning from idea to reality: a PowerShell case study

No content preview

Interfaces.d to RCE

No content preview

Shocker

No content preview

NCC Group Malware Technical Note

No content preview

McAfee Email and Web Security Appliance v5.6 – Any logged-in user can bypass controls to reset passwords of other administrators

No content preview

McAfee Email and Web Security Appliance Reflective XSS allowing an attacker to gain session tokens

No content preview

Public Report – Zendoo Proof Verifier Cryptography Review

No content preview

NCC Group’s Juan Garrido named to Microsoft’s MSRC Office Security Researcher Leaderboard

No content preview

Improving your Network and Application Assurance Strategy in an environment of increasing 0day vulnerabilities

No content preview

McAfee Email and Web Security Appliance v5.6 – Session hijacking (and bypassing client-side session timeouts)

No content preview ( 7 min )

Mature Security Testing Framework

No content preview

McAfee Email and Web Security Appliance Active session tokens of other users are disclosed within the UI

No content preview

iSEC audit of MediaWiki

No content preview

Machine Learning for Static Analysis of Malware – Expansion of Research Scope

No content preview

Lessons learned from 50 bugs: Common USB driver vulnerabilities

No content preview

Introduction to AWS Attribute-Based Access Control

No content preview

Order Details Screens and PII

No content preview

Open Banking: Security considerations & potential risks

No content preview

NSA & CISA Kubernetes Security Guidance – A Critical Review

No content preview

Research Insights Volume 8 – Hardware Design: FPGA Security Risks

No content preview

Public Report – Google Privacy Sandbox Aggregation Service and Coordinator

No content preview

NCC Group placed first in global 5G Cyber Security Hack competition

No content preview

Peeling back the layers on defence in depth…knowing your onions

No content preview

Multiple Shell Metacharacter Injections in AFFLIB

No content preview

Mobile World Congress – Mobile Internet of Things

No content preview

LDAPFragger: Bypassing network restrictions using LDAP attributes

No content preview

Non-flood/non-volumetric Distributed Denial of Service (DDoS)

No content preview

Java Web Start File Inclusion via System Properties Override

No content preview

Signaturing an Authenticode anomaly with Yara

No content preview

Microsoft’s SQL Server vs. Oracle’s RDBMS

No content preview

iOS certificate pinning code updated for iOS 7

No content preview

NCC Group Research at Black Hat USA 2022 and DEF CON 30

No content preview

Mobile & web browser credential management: Security implications, attack cases & mitigations

No content preview ( 6 min )

Oracle Forensics Part 6: Examining Undo Segments, Flashback and the Oracle Recycle Bin

No content preview

LTair: The LTE Air Interface Tool

No content preview

Secure Application Development on Facebook

No content preview

RtspFuzzer

No content preview

On the malicious use of large language models like GPT-3

No content preview

Research Insights Volume 4 – Sector Focus: Maritime Sector

No content preview

Ivanti Zero Day – Threat Actors observed leveraging CVE-2021-42278 and CVE-2021-42287 for quick privilege escalation to Domain Admin

No content preview

Oracle 11g TNS listener remote Invalid Pointer Read

No content preview ( 6 min )

NCC Group’s Jeremy Boone recognized for Highest Quality and Most Eligible Reports through the Intel Circuit Breaker program

No content preview ( 7 min )

Oracle Forensics Part 2: Locating Dropped Objects

No content preview

Secure Device Provisioning Best Practices: Heavy Truck Edition

No content preview

Oracle Java Installer Adds a System Path Which is Writable by All

No content preview

More Advanced SQL Injection

No content preview

Paradoxical Compression with Verifiable Delay Functions

No content preview

Non-Deterministic Nature of Prompt Injection

No content preview ( 8 min )

NIST Selects Post-Quantum Algorithms for Standardization

No content preview

MSSQL Lateral Movement

No content preview

Research Paper – Recovering deleted data from the Windows registry

No content preview

Post-exploiting a compromised etcd – Full control over the cluster and its nodes

No content preview

Passive Information Gathering – The Analysis of Leaked Network Security Information

No content preview

Ransomware: How vulnerable is your system?

No content preview

Public Report – AWS Nitro System API & Security Claims

No content preview ( 6 min )

Paper: Thematic for Success in Real-World Offensive Cyber Operations – How to make threat actors work harder and fail more often

No content preview

Nagios XI Network Monitor Stored and Reflected XSS

No content preview ( 6 min )

Medium Risk Vulnerability in Symantec Enterprise Security Management

No content preview ( 6 min )

McAfee Email and Web Security Appliance Password hashes can be recovered from a system backup and easily cracked

No content preview

Project Triforce: Run AFL on Everything!

No content preview

Pairing over BLS12-381, Part 3: Pairing!

No content preview

Oracle Forensics Part 4: Live Response

No content preview

So long and thanks for all the 0day

No content preview

Poison Ivy string decryption

No content preview

Microsoft Zero-Day Vulnerability – OLE2Link – Threat Intelligence and Signatures

No content preview

Private sector cyber resilience and the role of data diodes

No content preview

Porting the Misfortune Cookie Exploit: A Look into Router Exploitation Using the TD-8817

No content preview

Oracle Retail Invoice Manager SQL Injection

No content preview

Optimum Routers: Researching Managed Routers

No content preview ( 6 min )

Principal Mapper (pmapper)

No content preview

My Hash is My Passport: Understanding Web and Mobile Authentication

No content preview

Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review

No content preview

Oracle Gridengine sgepasswd Buffer Overflow

No content preview

Network Attached Security: Attacking a Synology NAS

No content preview

Preparing for Cyber Battleships – Electronic Chart Display and Information System Security

No content preview

Practical SME security on a shoestring

No content preview

Phishing Mitigations: Configuring Microsoft Exchange to Clearly Identify External Emails

No content preview

Oracle 11g TNS listener remote Null Pointer Dereference

No content preview

Remote Directory Traversal and File Retrieval

No content preview

Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review

No content preview

Package Play

No content preview

Real World Cryptography Conference 2021: A Virtual Experience

No content preview

Oracle Retail Integration Bus Manager Directory Traversal

No content preview

Oracle Forensics Part 5: Finding Evidence of Data Theft in the Absence of Auditing

No content preview

OS X Lion USB Hub Class Descriptor Arbitrary Code Execution

No content preview

My name is Matt – My voice is my password

No content preview

Ruxcon 2013 – Introspy Presentation Slides

No content preview

Oracle Forensics Part 7 Using the Oracle System Change Number in Forensic Investigations

No content preview ( 6 min )

Sharkbot is back in Google Play

No content preview

Owning the Virgin Media Hub 3.0: The perfect place for a backdoor

No content preview

Pointer Sequence Reverser (PSR)

No content preview ( 7 min )

Securing the continuous integration process

No content preview

Research Report – Zephyr and MCUboot Security Assessment

No content preview

RIFT: Analysing a Lazarus Shellcode Execution Method

No content preview

PDF Form Filling and Flattening Tool Buffer Overflow

No content preview ( 8 min )

PeachFarmer

No content preview

Payment Card Industry Data Security Standard (PCI DSS) A Navigation and Explanation of Changes from v2.0 to v3.0

No content preview

SSLyze v0.7 Released

No content preview

Premium Security Content Gateway

No content preview

Practical Machine Learning for Random (Filename) Detection

No content preview

Solaris 11 USB Hub Class descriptor kernel stack overflow

No content preview

Public Report – Google Enterprise API Security Assessment

No content preview

Project Bishop: Clustering Web Pages

No content preview

Second-Order Code Injection Attacks

No content preview ( 6 min )

RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence

No content preview

Revealing Embedded Fingerprints: Deriving Intelligence from USB Stack Interactions 2013

No content preview

Properly Signed Certificates on CPE Devices

No content preview

Solaris 11 USB hubclass

No content preview

Public Report – IOV Labs powHSM Security Assessment

No content preview

Pairing over BLS12-381, Part 1: Fields

No content preview

Public Report – Keyfork Implementation Review

No content preview

Public Report – Dell Secured Component Verification

No content preview

Proxy Re-Encryption Protocol: IronCore Public Report

No content preview

OSX afpserver remote code execution

No content preview

Public Report – Solana Program Library ZK-Token Security Assessment

No content preview ( 6 min )

Python Class Informer: an IDAPython plugin for viewing run-time type information (RTTI)

No content preview

Public Report – AWS Nitro System API & Security Claims French

No content preview

PhanTap (Phantom Tap): Making networks spookier one packet at a time

No content preview

StreamDivert: Relaying (specific) network connections

No content preview ( 9 min )

Premium Content Gateway

No content preview

Shellshock Advisory

No content preview

Public Report – BLST Cryptographic Implementation Review

No content preview

Reviewing Verifiable Random Functions

No content preview

Pip3line

No content preview

Public Report – Qredo Apache Milagro MPC Cryptographic Assessment

No content preview ( 6 min )

Squiz CMS File Path Traversal

No content preview ( 7 min )

Security of Things: An Implementer’s Guide to Cyber Security for Internet of Things Devices and Beyond

No content preview

Public Report – AWS Nitro System API & Security Claims German

No content preview

Public Report – Aleo snarkVM Implementation Review

No content preview

Public cloud

No content preview

Research Insights Volume 5 – Sector Focus: Automotive

No content preview

Public Report – Entropy/Rust Cryptography Review

No content preview

Premium Practical Law Content Gateway

No content preview

SSL checklist for pentesters

No content preview

Revealing Embedded Fingerprints: Deriving intelligence from USB stack interactions

No content preview

Public Report – WhatsApp Auditable Key Directory (AKD) Implementation Review

No content preview

Sniffle: A Sniffer for Bluetooth 5

No content preview

SecureIE.ActiveX

No content preview

RIFT: F5 CVE-2020-5902 and Citrix CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 honeypot data release

No content preview

Public Report – go-cose Security Assessment

No content preview

PRTG Network Monitor Command injection

No content preview ( 6 min )

Public Report – Zcash NU5 Cryptography Review

No content preview

Public Report – Protocol Labs Groth16 Proof Aggregation: Cryptography and Implementation Review

No content preview

SecureCisco

No content preview

Reverse Engineering Coin Hunt World’s Binary Protocol

No content preview

Quantum Cryptography – A Study Into Present Technologies and Future Applications

No content preview

Public Report – AWS Nitro System API & Security Claims Spanish

No content preview

Public Report – Security Review of RSA Blind Signatures with Public Metadata

No content preview

Public Report – O(1) Labs Mina Client SDK, Signature Library and Base Components Cryptography and Implementation Review

No content preview

Public Report – WhatsApp End-to-End Encrypted Backups Security Assessment

No content preview ( 6 min )

Salesforce Security with Remote Working

No content preview

Real World Cryptography Conference 2022

No content preview

SMACK, SKIP-TLS & FREAK SSL/TLS Vulnerabilities

No content preview

SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store

No content preview

SAML Pummel

No content preview

RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence

No content preview

Symantec Backup Exec 2012 – Persistent XSS Vulnerability Affecting Custom Reports

No content preview

Rise of the Sensors: Securing LoRaWAN Networks

No content preview

Research Paper – Machine Learning for Static Malware Analysis, with University College London

No content preview

SSLyze v0.8

No content preview ( 6 min )

Supply Chain Security Begins with Secure Software Development

No content preview

Some Musings on Common (eBPF) Linux Tracing Bugs

No content preview

SecureBigIP

No content preview

Puckungfu: A NETGEAR WAN Command Injection

No content preview

Research Insights Volume 2 – Defensive Trends

No content preview ( 6 min )

Scenester – A Small Tool for Cross-Platform Web Application

No content preview

Real World Cryptography Conference 2023 – Part I

No content preview

Samba on the BlackBerry PlayBook

No content preview

Rise of the machines: Machine Learning & its cyber security applications

No content preview

Ricochet Security Assessment Public Report

No content preview

Symantec Messaging Gateway – Authenticated arbritary file download

No content preview

Secure Session Management With Cookies for Web Applications

No content preview

RM3 – Curiosities of the wildest banking malware

No content preview

Stopping Automated Attack Tools

No content preview

Samba _netr_ServerPasswordSet Expoitability Analysis

No content preview

Public Report – WhatsApp opaque-ke Cryptographic Implementation Review

No content preview

Spectre on a Television

No content preview

Readable Thrift (1)

No content preview

Setting a New Standard for Kubernetes Deployments

No content preview

Research Insights Volume 7: Exploitation Advancements

No content preview ( 6 min )

Symantec Backup Exec 2012 – Backup Exec Utility Stored XSS when adding Groups, Servers and Computers

No content preview ( 7 min )

Secure Messaging for Normal People

No content preview

Sobelow Update

No content preview

Singularity of Origin

No content preview

Securing Teradata Database

No content preview

Cups-filters remote code execution

No content preview ( 6 min )

Conference Talks – June 2022

No content preview

Symantec Messaging Gateway – Unauthorised SSH access

No content preview

Symantec Messaging Gateway – Unauthenticated detailed version disclosure

No content preview

Symantec Messaging Gateway – Out of band stored XSS via email

No content preview

Symantec Messaging Gateway Out of band stored XSS delivered by email

No content preview

Symantec Messaging Gateway Easy CSRF to add a backdoor-administrator (for example)

No content preview

Symantec Messaging Gateway Arbitrary file download is possible with a crafted URL (authenticated)

No content preview

SysAid Helpdesk Pro – Blind SQL Injection

No content preview

SysAid Helpdesk blind SQL injection

No content preview

Symantec PC Anywhere Remote Code Extecution

No content preview

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access

No content preview

SysPWN – VR for Pwn2Own

No content preview

Sysinternals SDelete: When Secure Delete Fails

No content preview

SysAid Helpdesk stored XSS

No content preview

TANDBERG Video Communication Server Arbitrary File Retrieval

No content preview

Tales of Windows detection opportunities for an implant framework

No content preview

tcpprox

No content preview

TANDBERG Video Communication Server Static SSH Host Keys

No content preview

TANDBERG Video Communication Server Authentication Bypass

No content preview

Technical Advisory – Arbitrary File Read in Dell Wyse Management Suite (CVE-2021-21586, CVE-2021-21587)

No content preview

Technical Advisory – Apple XAR – Arbitrary File Write (CVE-2021-30833)

No content preview

Technical Advisory – Apple iOS / OSX: Foundation NSXMLParser XXE Vulnerability

No content preview

Technical Advisory – Authenticated SQL Injection in SOAP Request in Broadcom CA Network Flow Analysis (CVE-2021-44050)

No content preview

Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries (CVE-2021-43572, CVE-2021-43570, CVE-2021-43569, CVE-2021-43568, CVE-2021-43571)

No content preview

Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks

No content preview

Technical Advisory – Authorization Bypass Allows for Pinboard Corruption

No content preview

Technical Advisory – Citrix Access Gateway Command Injection Vulnerability

No content preview

Technical Advisory – Bomgar Remote Support – Local Privilege Escalation

No content preview

Technical Advisory – Coda Filesystem Kernel Memory Disclosure

No content preview

Technical Advisory – FUJITSU CentricStor Control Center <= V8.1 – Unauthenticated Command Injection ( CVE-2022-31794 and CVE-2022-31795)

No content preview

Technical Advisory – ExpressLRS vulnerabilities allow for hijack of control link

No content preview

Detecting and Hunting for the Malicious NetFilter Driver

No content preview ( 8 min )

5G security – how to minimise the threats to a 5G network

5G security – how to minimise the threats to a 5G network ( 25 min )

Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications

No content preview ( 14 min )

Reverse, Reveal, Recover: Windows Defender Quarantine Forensics

No content preview ( 21 min )

Exploiting the Sudo Baron Samedit vulnerability (CVE-2021-3156) on VMWare vCenter Server 7.0

No content preview ( 30 min )

There’s A Hole In Your SoC: Glitching The MediaTek BootROM

No content preview ( 18 min )

Technical advisory: CVE-2017-8592 – XMLHttpRequest in IE followed 307 redirections with additional or customised headers

No content preview ( 8 min )

A Guide to Improving Security Through Infrastructure-as-Code

No content preview

WSBang

No content preview ( 6 min )

Public Report: Aleo snarkOS Implementation and Consensus Mechanism Review

No content preview

Technical Advisory: Multiple Vulnerabilities in Kyocera Printers

No content preview ( 12 min )

Smuggling HTA files in Internet Explorer/Edge

No content preview

Crave the Data: Statistics from 1,300 Phishing Campaigns

No content preview

Bypassing software update package encryption – extracting the Lexmark MC3224i printer firmware (part 1)

No content preview ( 24 min )

MeshyJSON: A TP-Link tdpServer JSON Stack Overflow

No content preview ( 30 min )

iOS SSL Killswitch

No content preview

HIDDEN COBRA Volgmer: A Technical Analysis

No content preview

DataArmor Full Disk Encryption 3.0.12c – Restricted Environment breakout, Privilege Escalation and Full Disk Decryption

No content preview

Rust for Security and Correctness in the embedded world

No content preview

Security First Umbrella

No content preview

osquery Application Security Assessment Public Report

No content preview

Fat-Finger

No content preview

Conference Talks – September 2021

No content preview

Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)

No content preview ( 10 min )

Whatsupgold Premium Directory traversal

No content preview ( 6 min )

Trust in the Internet Survey

No content preview ( 6 min )

How I did not get a shell

No content preview ( 16 min )

Tool Release – ICPin, an integrity-check and anti-debug detection pintool

No content preview ( 7 min )

Technical Advisory – Jitsi Meet Electron – Limited Certificate Validation Bypass (CVE-2020-27161)

No content preview

Technical Advisory – SonicWall SMA 100 Series – Multiple Unauthenticated Heap-based and Stack-based Buffer Overflow (CVE-2021-20045)

No content preview

Technical Advisory – Nullsoft Scriptable Installer System (NSIS) – Insecure Temporary Directory Usage

No content preview

Technical Advisory – Multiple vulnerabilities in Nuki smart locks (CVE-2022-32509, CVE-2022-32504, CVE-2022-32502, CVE-2022-32507, CVE-2022-32503, CVE-2022-32510, CVE-2022-32506, CVE-2022-32508, CVE-2022-32505)

No content preview

Technical Advisory – macOS Installer Local Root Privilege Escalation (CVE-2020-9817)

No content preview

Technical Advisory – Linksys WRT160NL – Authenticated Remote Buffer Overflow (CVE-2020-26561)

No content preview

Technical Advisory – play-pac4j Authentication rule bypass

No content preview

Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)

No content preview

Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414)

No content preview

Technical Advisory – SonicWall SMA 100 Series – Post-Authentication Remote Command Execution (CVE-2021-20044)

No content preview

Technical Advisory – libraptor – XXE in RDF/XML File Interpretation

No content preview

Technical Advisory – HTC IQRD Android Permission Leakage

No content preview

Technical Advisory – Garuda Linux Insecure User Creation (CVE-2021-3784)

No content preview

Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043)

No content preview

Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)

No content preview

Technical Advisory – Linux RDS Protocol Local Privilege Escalation

No content preview

Technical Advisory – IBM WebSphere Commerce: Encrypted URL Parameter Vulnerable to Padding Oracle Attacks

No content preview

Technical Advisory – IBM TAM: Remote Directory Traversal and File Retrieval via web server plug-in

No content preview

Technical Advisory – U-Boot – Unchecked Download Size and Direction in USB DFU (CVE-2022-2347)

No content preview

Technical Advisory – New York State Excelsior Pass Vaccine Passport Credential Forgery

No content preview

Technical Advisory – Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969)

No content preview

Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks

No content preview

Technical advisory: “ROHNP”- key extraction side channel in multiple crypto libraries

No content preview

Technical Advisory – Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243)

No content preview

Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794)

No content preview

Technical Advisory – New York State Excelsior Pass Vaccine Passport Scanner App Sends Data to a Third Party not Specified in Privacy Policy

No content preview

Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)

No content preview

Technical Advisory – Shop app sends pasteboard data to Shopify’s servers

No content preview

Technical Advisory – playSMS Pre-Authentication Remote Code Execution (CVE-2020-8644)

No content preview

Technical Advisory – ParcelTrack sends all pasteboard data to ParcelTrack’s servers on startup

No content preview

Technical Advisory – OpenOffice.org Multiple Memory Corruption Vulnerabilities

No content preview

Technical Advisory – Ollama DNS Rebinding Attack (CVE-2024-28224)

No content preview

Technical Advisory – ICTFAX 7-4 – Indirect Object Reference

No content preview

Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack (CVE-2020-24613)

No content preview

Technical Advisory – Sunhillo SureLine Unauthenticated OS Command Injection (CVE-2021-36380)

No content preview

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS

No content preview

Treat your points as cash

No content preview ( 10 min )

Technical Advisory – VMware Tools Multiple Vulnerabilities

No content preview

Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks

No content preview

Technical Advisory – Jitsi Meet Electron – Arbitrary Client Remote Code Execution (CVE-2020-27162)

No content preview

Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582)

No content preview

Technical Advisory: Gaining root access on Sumpple S610 IP Camera via Telnet; and Unprotected client and server data transmission between Android and IOS clients

No content preview

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Arbitrary File Deletion

No content preview

Technical Advisory – SonicWall Global Management System (GMS) & Analytics – Multiple Critical Vulnerabilities

No content preview

Technical Advisory – NULL Pointer Derefence in McAfee Drive Encryption (CVE-2021-23893)

No content preview

The Importance of a Cryptographic Review

No content preview ( 6 min )

Windows Remote Desktop Memory Corruption Leading to RCE on XPSP3

No content preview ( 7 min )

Welcome to the new NCC Group Global Research blog

No content preview ( 6 min )

Social Engineering Penetration Testing

No content preview ( 6 min )

Tool Release – ScoutSuite 5.12.0

No content preview ( 7 min )

PMKID Attacks: Debunking the 802.11r Myth

No content preview ( 11 min )

Tool Release: SSL pinning bypass and other Android tools

No content preview ( 6 min )

Understanding cyber risk management vs uncertainty with confidence in 2017

No content preview ( 6 min )

A deeper dive into CVE-2021-39137 – a Golang security bug that Rust would have prevented

No content preview ( 12 min )

Tool Release – HTTPSignatures: A Burp Suite Extension Implementing HTTP Signatures

No content preview ( 11 min )

Technical Advisory: Authentication rule bypass

No content preview ( 7 min )

Understanding the insider threat & how to mitigate it

No content preview ( 6 min )

Tool Release: Blackbox Android App Analysis with Introspy

No content preview ( 6 min )

A Census of Deployed Pulse Connect Secure (PCS) Versions

No content preview ( 9 min )

Technical Advisory: Multiple Vulnerabilities in Accellion File Transfer Appliance

No content preview ( 11 min )

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion

No content preview ( 16 min )

Trust in the New Internet Survey

No content preview ( 6 min )

White Paper: Login Service Security

No content preview ( 6 min )

State of DNS Rebinding in 2023

No content preview ( 13 min )

Tool Release: iOS Secure State Preservation

No content preview ( 7 min )

They Ought to Know Better: Exploiting Security Gateways via their Web Interfaces

No content preview ( 6 min )

Tool Release – ScoutSuite 5.8.0

No content preview ( 6 min )

Threat Actors: exploiting the pandemic

No content preview ( 8 min )

Tool Release – Reliably-checked String Library Binding

No content preview ( 16 min )

Weak Passwords Led to (SafePay) Ransomware…Yet Again

No content preview ( 12 min )

An adventure in PoEKmon NeutriGo land

No content preview

AssetHook

No content preview

Analysis of Boomerang Differential Trials via a SAT-Based Constraint Solver URSA

No content preview

A Peek Behind the Great Firewall of Russia

No content preview

A New Flying Kitten?

No content preview

CVE-2018-8611 Exploiting Windows KTM Part 5/5 – Vulnerability detection and a better read/write primitive

No content preview ( 26 min )

Threat Profiling Microsoft SQL Server

No content preview ( 6 min )

Apache Struts Vulnerability

No content preview

Violating Database – Enforced Security Mechanisms

No content preview ( 7 min )

Choosing the Right MCU for Your Embedded Device — Desired Security Features of Microcontrollers

No content preview

A jq255 Elliptic Curve Specification, and a Retrospective

No content preview

An Introduction to Heap overflows on AIX 5.3L

No content preview

Attacking Web Service Security: Message Oriented Madness, XML Worms and Web Service Security Sanity

No content preview

Apple QuickTime Player m4a Processing Buffer Overflow

No content preview

An Illustrated Guide to Elliptic Curve Cryptography Validation

No content preview

Abusing Privileged and Unprivileged Linux Containers

No content preview

Abusing Blu-ray Players Part 1 – Sandbox Escapes

No content preview

A few notes on usefully exploiting libstagefright on Android 5.x

No content preview

An Analysis of Mobile Geofencing App Security

No content preview

Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling (1)

No content preview ( 17 min )

Assessing IIS Configuration Remotely

No content preview

A Simple and Practical Approach to Input Validation

No content preview

Advice for security decision makers contemplating the value of Antivirus

No content preview

Advanced Exploitation of Oracle PL/SQL Flaws

No content preview

Adobe Acrobat Reader XML Forms Data Format Buffer Overflow

No content preview

A WarCon 2017 Presentation: Cisco ASA – Exploiting the IKEv1 Heap Overflow – CVE-2016-1287

No content preview

Attacking the Windows Kernel (Black Hat Las Vegas 2007)

No content preview

An Introduction to Fault Injection (Part 1/3)

No content preview

A Survey of Istio’s Network Security Features

No content preview

Black Hat 2013 – Bluetooth Smart Presentation Available

No content preview

Accessing Private Fields Outside of Classes in Java

No content preview

Advisory-CraigSBlackie-CVE-2016-9795

No content preview

An Introduction to Ultrasound Security Research

No content preview

Adversarial Machine Learning: Approaches & defences

No content preview

Adventures in Xen Exploitation

No content preview

Advanced SQL Injection in SQL Server Applications

No content preview

Automated Reverse Engineering of Relationships Between Data Structures in C++ Binaries

No content preview

Announcing NCC Group’s Cryptopals Guided Tour: Set 2

No content preview

An Adventure in Contingency Debugging: Ruby IO#read/IO#write Considered Harmful

No content preview

An Adaptive-Ciphertext Attack Against “I ⊕ C” Block Cipher Modes With an Oracle

No content preview

Alternative Approaches for Fault Injection Countermeasures (Part 3/3)

No content preview

Beyond data loss prevention

No content preview

APT15 is Alive and Strong: An Analysis of RoyalCli and RoyalDNS

No content preview

Android-SSL-TrustKiller

No content preview

Analysing a recent Poison Ivy sample

No content preview

Announcing the AWS blog post series

No content preview

Android-OpenDebug

No content preview

Android Cloud Backup/Restore

No content preview

Analysis of the Linux backdoor used in freenode IRC network compromise

No content preview

An Introduction to Quantum Computing for Security Professionals

No content preview

Best Practices for the use of Static Code Analysis within a Real-World Secure Development Lifecycle

No content preview

Automating extraction from malware and recent campaign analysis

No content preview

Application Layer Attacks – The New DDoS Battleground

No content preview

An offensive guide to the Authorization Code grant

No content preview

AutoRepeater: Automated HTTP Request Repeating With Burp Suite

No content preview

Apple OSX/iPhone iOS ImageIO TIFF getBandProcTIFF TileWidth Heap Overflow

No content preview

Apple CoreAnimation Heap Overflow

No content preview

Android-KillPermAndSigChecks

No content preview

Android SSL Bypass

No content preview

Berserko: Kerberos Authentication for Burp Suite

No content preview

Batten down the hatches: Cyber threats facing DP operations

No content preview

Attacks on SSL

No content preview

ASE 12.5.1 datatype overflow

No content preview

Testing HTTP/2 only web services

No content preview ( 12 min )

Assessing Unikernel Security

No content preview

Approximately 2000 Citrix NetScalers backdoored in mass-exploitation campaign

No content preview

Announcing NCC Group’s Cryptopals Guided Tour!

No content preview

AtHoc Toolbar

No content preview

Assuring Your DDoS Defences

No content preview

Anti Brute Force Resource Metering

No content preview

Back Office Web Administration Authentication Bypass

No content preview

ASP.NET Security and the Importance of KB2698981 in Cloud Environments Threat Brief

No content preview

ASP.NET Security and the Importance of KB2698981 in Cloud Environments

No content preview

Apple Mac OS X ImageIO TIFF Integer Overflow

No content preview

Black Hat USA 2015 presentation: Broadcasting your attack-DAB security

No content preview

Best practices with BYOD

No content preview

Assessing the security and privacy of Vaccine Passports

No content preview

Are you oversharing (in Salesforce)? Our new tool could sniff it out!

No content preview

Archived Technical Advisories

No content preview

Breaking into Security Research at NCC Group

No content preview

BlackBerry PlayBook Security – Part Two – BlackBerry Bridge

No content preview

AWS environment security assessment with Scout2

No content preview

Authorisation

No content preview

Browser Extension Password Managers

No content preview

BlackBerry Link WebDav Server Bound to the BlackBerry VPN Adapter

No content preview

Black Hat Europe 2013 Andy Davis: To dock or not to dock…

No content preview

Automated enumeration of email filtering solutions

No content preview

Broadcasting your attack – DAB security

No content preview

BlackHat Asia USB Physical Access

No content preview

Black Hat 2013 – Cryptopocalypse Presentation Available

No content preview

BAT: a Fast and Small Key Encapsulation Mechanism

No content preview

Azucar

No content preview

Blind Return Oriented Programming

No content preview

Black Hat 2013 – Femtocell Presentation Slides, Videos and App

No content preview

Chafer backdoor analysis

No content preview

Blind Security Testing – An Evolutionary Approach

No content preview

Blackbox iOS App Assessments Using idb

No content preview

BlackBerry PlayBook Security – Part One

No content preview

Cisco ASA series part five: libptmalloc gdb plugin

No content preview

Buffer Underruns, DEP, ASLR and improving the Exploitation Prevention Mechanisms (XPMs) on the Windows platform

No content preview

Breaking Pedersen Hashes in Practice

No content preview

Call Map: A Tool for Navigating Call Graphs in Python

No content preview

Building WiMap the Wi-Fi Mapping Drone

No content preview

Building Intuition for Lattice-Based Signatures – Part 1: Trapdoor Signatures

No content preview

Building an RDP Credential Catcher for Threat Intelligence

No content preview

Build Your Own Wi-Fi Mapping Drone Capability

No content preview

Building Intuition for Lattice-Based Signatures – Part 2: Fiat-Shamir with Aborts

No content preview

Bypassing Android’s Network Security Configuration

No content preview

Business Insights: Cyber Security in the Financial Sector

No content preview

CertPortal: Building Self-Service Secure S/MIME Provisioning Portal

No content preview

CECSTeR

No content preview

C Language Standards Update – Zero-size Reallocations are Undefined Behavior

No content preview

Bypassing Oracle DBMS_ASSERT (in certain situations)

No content preview

Chrome Password Manager Cross Origin Weakness

No content preview

Check out our new Microcorruption challenges!

No content preview

Celebrating NCC Con Europe 2018

No content preview

Cisco ASA series part four: dlmalloc-2.8.x, libdlmalloc, & dlmalloc on Cisco ASA

No content preview

Retro Gaming Vulnerability Research: Warcraft 2

No content preview

Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1

No content preview

Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes

No content preview ( 17 min )

Symantec Backup Exec 2012 Backup/Restore Data Traverses Memory with Weak ACLs

No content preview

Symantec Backup Exec 2012 – OS version and service pack information leak

No content preview

Story of a Hundred Vulnerable Jenkins Plugins

No content preview

Symantec Messaging Gateway – Addition of a backdoor adminstrator via CSRF

No content preview

State-of-the-art email risk

No content preview

Sobelow: Static analysis for the Phoenix Framework

No content preview

Security of Things: An Implementers’ Guide to Cyber-Security for Internet of Things Devices and Beyond

No content preview

Symantec Message Filter Session Hijacking via session

No content preview

Social Engineering

No content preview

scenester

No content preview

Return of the hidden number problem

No content preview

Introducing Chuckle and the Importance of SMB Signing

No content preview

External Enumeration and Exploitation of Email and Web Security Solutions

No content preview

VoIP Security Methodology and Results

No content preview ( 6 min )

The Automotive Threat Modeling Template

No content preview ( 8 min )

To dock or not to dock, that is the question: Using laptop docking stations as hardware-based attack platforms

No content preview ( 6 min )

How Microsoft Office knows a document came from the Internet and might be dangerous

No content preview ( 7 min )

Understanding and Hardening Linux Containers

No content preview ( 6 min )

Tool: WStalker – an easy proxy to support Web API assessments

No content preview ( 8 min )

Vaccine Misinformation Part 1: Misinformation Attacks as a Cyber Kill Chain

No content preview ( 15 min )

USB under the bonnet: Implications of USB security vulnerabilities in vehicle systems

No content preview ( 6 min )

White Paper: Cryptopocalypse Reference Paper

No content preview ( 7 min )

Testing Infrastructure-as-Code Using Dynamic Tooling

No content preview ( 10 min )

Technical Advisory: Authentication Bypass in libSSH

No content preview ( 9 min )

Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Archive Extraction – CVE-2021-22937 (Patch Bypass)

No content preview ( 9 min )

USB keyboards by post – use of embedded keystroke injectors to bypass autorun restrictions on modern desktop operating systems

No content preview ( 6 min )

Exposing Vulnerabilities in Media Software

No content preview ( 6 min )

Time Trial: Racing Towards Practical Remote Timing Attacks

No content preview ( 6 min )

CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 1

No content preview ( 31 min )

Past, Present and Future of Effective C

No content preview ( 14 min )

Samsung Galaxy S24 Pwn2Own Ireland 2024

No content preview ( 6 min )

Vehicle Emissions and Cyber Security

No content preview ( 9 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 5: Development of Prototype #1 – Text Processing and Semantic Relationships

No content preview ( 11 min )

Public Report: WhatsApp Contacts Security Assessment

No content preview ( 6 min )

Technical Advisory: Multiple Vulnerabilities in Brother Printers

No content preview ( 9 min )

White Paper: Browser Extension Password Managers

No content preview ( 7 min )

umap

No content preview ( 6 min )

The Update Framework (TUF) Security Assessment

No content preview ( 6 min )

Detecting and Protecting when Remote Desktop Protocol (RDP) is open to the Internet

No content preview ( 13 min )

There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities

No content preview ( 19 min )

Windows Firewall Hook Enumeration

No content preview ( 16 min )

NETGEAR Routers: A Playground for Hackers?

No content preview ( 26 min )

Why IoT Security Matters

No content preview ( 13 min )

Cryptopals: Exploiting CBC Padding Oracles

No content preview ( 16 min )

Technical Advisory – Multiple Vulnerabilities in Connectize G6 AC2100 Dual Band Gigabit WiFi Router (CVE-2023-24046, CVE-2023-24047, CVE-2023-24048, CVE-2023-24049, CVE-2023-24050, CVE-2023-24051, CVE-2023-24052)

No content preview ( 20 min )

Defending Your Directory: An Expert Guide to Fortifying Active Directory Certificate Services (ADCS) Against Exploitation

No content preview ( 16 min )

Technical Advisory: Shell Injection in SourceTree

No content preview ( 7 min )

Visualising Firewall Rulesets – Simplifying Firewall Administration and Spotting the Pivot Point

No content preview ( 9 min )

Zcash Overwinter Consensus and Sapling Cryptography Review

No content preview ( 6 min )

WebLogic Plugin HTTP Injection via Encoded URLs

No content preview ( 11 min )

44CON - Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own Automotive 2024

No content preview ( 7 min )

The CIS Security Standard for Docker available now

No content preview ( 7 min )

Whitepaper: Perfect Forward Security

No content preview ( 7 min )

Unmasking Lorenz Ransomware: A Dive into Recent Tactics, Techniques and Procedures

No content preview ( 8 min )

Blue Coat BCAAA Remote Code Execution Vulnerability

No content preview ( 7 min )

typofinder

No content preview ( 6 min )

Public Report - Security Risks of AI Hardware for Personal and Edge Computing Devices

No content preview ( 6 min )

WebSense content filter bypass when deployed in conjunction with Cisco filtering devices

No content preview ( 10 min )

Tool Release: SSLyze v0.8 released

No content preview ( 6 min )

Threats and vulnerabilities within the Maritime and shipping sectors

No content preview ( 6 min )

Research Blog Test Playground

No content preview ( 6 min )

Public Report – Threshold ECDSA Cryptography Review

No content preview ( 6 min )

Whitepaper – Double Fetch Vulnerabilities in C and C++

No content preview ( 6 min )

Whitepaper – Microcontroller Readback Protection: Bypasses and Defenses

No content preview ( 6 min )

Technical Advisory: Mosquitto Broker DoS through a Memory Leak vulnerability

No content preview ( 9 min )

Decoder Improved Burp Suite plugin release part two

No content preview ( 9 min )

Tool Release: YoNTMA

No content preview ( 7 min )

WSMap

No content preview ( 6 min )

vlan-hopping

No content preview ( 6 min )

Windows USB RNDIS driver kernel pool overflow

No content preview ( 6 min )

Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches

No content preview ( 8 min )

BrokenPrint: A Netgear stack overflow

No content preview ( 21 min )

Avoiding Pitfalls Developing with Electron

No content preview ( 10 min )

The death of USB autorun and the rise of the USB keyboard

No content preview ( 7 min )

Threat Intelligence: Benefits for the Enterprise

No content preview ( 7 min )

Log4Shell: Reconnaissance and post exploitation network detection

No content preview ( 17 min )

Tool Release – insject: A Linux Namespace Injector

No content preview ( 12 min )

Tool Release – Socks Over RDP

No content preview ( 8 min )

Testing Two-Factor Authentication

No content preview ( 21 min )

Stepping Insyde System Management Mode

No content preview ( 17 min )

CVE-2021-31956 Exploiting the Windows Kernel (NTFS with WNF) – Part 2

No content preview ( 28 min )

The Extended AWS Security Ramp-Up Guide

No content preview ( 13 min )

Technical Advisory: Citrix Workspace / Receiver Remote Code Execution Vulnerability

No content preview ( 7 min )

Tool Release – ScoutSuite 5.10

No content preview ( 7 min )

whitebox

No content preview ( 6 min )

U plug, we play

No content preview ( 6 min )

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121)

No content preview ( 26 min )

Making New Connections – Leveraging Cisco AnyConnect Client to Drop and Run Payloads

No content preview ( 11 min )

Tool Release: PeachFarmer

No content preview ( 7 min )

Windows remote desktop memory corruptoin leading to RCE on XPSP3

No content preview ( 6 min )

xcavator

No content preview ( 6 min )

SnapMC skips ransomware, steals data

No content preview ( 10 min )

Whitepaper – A Heap of Trouble: Breaking the Linux Kernel SLOB Allocator

No content preview ( 6 min )

Analyzing AI Application Threat Models

No content preview ( 25 min )

Defending Your Directory: An Expert Guide to Fortifying Active Directory Against LDAP Injection Threats

No content preview ( 9 min )

tybocer

No content preview ( 6 min )

Understanding Microsoft Word OLE Exploit Primitives

No content preview ( 6 min )

The 9 Lives of Bleichenbacher’s CAT: New Cache ATtacks on TLS Implementations

No content preview ( 7 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 8: Development of Prototype #4 – Building on Takaesu’s Approach with Focus on XSS

No content preview ( 10 min )

Technical Advisory: Adobe ColdFusion RMI Registry.bind() Deserialisation RCE

No content preview ( 7 min )

Technical Advisory: Shell Injection in MacVim mvim URI Handler

No content preview ( 7 min )

iSEC’s Analysis of Microsoft’s SDL and its ROI

No content preview ( 6 min )

Tool Release: Sinking U-Boots with Depthcharge

No content preview ( 23 min )

Thin Clients: Slim Security

No content preview ( 6 min )

Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)

No content preview ( 7 min )

Technical Advisory: Pulse Connect Secure – Arbitrary File Read via Logon Message (CVE-2020-8255)

No content preview ( 7 min )

Improving Software Security through C Language Standards

No content preview ( 11 min )

SETTLERS OF NETLINK: Exploiting a limited UAF in nf_tables (CVE-2022-32250)

No content preview ( 51 min )

Threat Modelling Cloud Platform Services by Example: Google Cloud Storage

No content preview ( 19 min )

Constant-Time Data Processing At a Secret Offset, Privacy and QUIC

No content preview ( 21 min )

Technical Advisory – Multiple Vulnerabilities in Victure WR1200 WiFi Router (CVE-2021-43282, CVE-2021-43283, CVE-2021-43284)

No content preview ( 11 min )

A Brief Review of Bitcoin Locking Scripts and Ordinals

No content preview ( 16 min )

Real World Cryptography Conference 2024

No content preview ( 18 min )

Technical Advisory: Multiple Vulnerabilities in Lexmark Printers

No content preview ( 13 min )

Technical Advisory: Multiple Vulnerabilities in HP Printers

No content preview ( 10 min )

Whitepaper – XML Schema, DTD, and Entity Attacks: A Compendium of Known Techniques

No content preview ( 6 min )

The Password is Dead, Long Live the Password!

No content preview ( 12 min )

Technical Advisory: Bypassing Workflows Protection Mechanisms – Remote Code Execution on SharePoint

No content preview ( 8 min )

Variations in Exploit methods between Linux and Windows

No content preview ( 7 min )

Tool Release – Principal Mapper v1.1.0 Update

No content preview ( 7 min )

Tool Release: You’ll Never (Ever) Take Me Alive!

No content preview ( 7 min )

Windows 10 USB Mass Storage driver arbitrary code execution in kernel mode

No content preview ( 6 min )

Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902

No content preview ( 10 min )

The Dark Side: How Threat Actors Leverage AnyDesk for Malicious Activities

No content preview ( 13 min )

Work daily with enforced MFA-protected API access

No content preview ( 8 min )

Unauthenticated XML eXternal Entity (XXE) vulnerability

No content preview ( 8 min )

Proxying PyRIT for fun and profit

No content preview ( 10 min )

Wheel of Fortune Outcome Prediction – Taking the Luck out of Gambling

No content preview ( 17 min )

The Sorry State of Aftermarket Head Unit Security

No content preview ( 16 min )

Turla PNG Dropper is back

No content preview ( 11 min )

Android Malware Vultur Expands Its Wingspan

No content preview ( 23 min )

Much Ado About Hardware Implants

No content preview ( 15 min )

ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again

No content preview ( 24 min )

Dangers of Kubernetes IAM Integrations

No content preview ( 11 min )

Technical Advisory: Xiaomi 13 Pro Code Execution via GetApps DOM Cross-Site Scripting (XSS)

No content preview ( 12 min )

Chainspotting 2: The Unofficial Sequel to the 2018 Talk "Chainspotting" - OffensiveCon 2025

No content preview ( 6 min )

Technical Advisory: Stored and Reflected XSS Vulnerability in Nagios Log Server (CVE-2021-35478,CVE-2021-35479)

No content preview ( 7 min )

USB attacks need physical access right? Not any more…

No content preview ( 6 min )

Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite

No content preview ( 9 min )

Violating the Virtual Channel – RDP Testing

No content preview ( 12 min )

AWS Inventory: A tool for mapping AWS resources

No content preview ( 6 min )

Whitepaper – Hardware-Backed Heist: Extracting ECDSA Keys from Qualcomm’s TrustZone

No content preview ( 7 min )

Nagios XI Network Monitor – Stored and Reflective XSS

No content preview ( 7 min )

The Shellcoder’s Handbook: Discovering and Exploiting Security Holes, 2nd Edition

No content preview ( 6 min )

Self-Driving Cars- The future is now…

No content preview ( 6 min )

Use of Deserialisation in .NET Framework Methods and Classes

No content preview ( 6 min )

TPM Genie

No content preview ( 7 min )

Threat Spotlight – Hydra

No content preview ( 12 min )

Tool Release – ScoutSuite 5.11.0

No content preview ( 6 min )

Tracking a P2P network related to TA505

No content preview ( 15 min )

Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments

No content preview ( 11 min )

Tool Release – Solitude: A privacy analysis tool

No content preview ( 8 min )

Trusted Gateway

No content preview ( 6 min )

The SSL Conservatory

No content preview ( 6 min )

The Pharming Guide – Understanding and preventing DNS related attacks by phishers

No content preview ( 6 min )

Technical Advisory: Adobe ColdFusion Object Deserialisation RCE

No content preview ( 8 min )

What the HEC? Security implications of HDMI Ethernet Channel and other related protocols

No content preview ( 6 min )

Technical Advisory: Reflected Cross-Site Scripting (XSS) vulnerability in Jenkins Delivery Pipeline plugin

No content preview ( 7 min )

HITBAMS – Your Not so “Home” Office – Soho Hacking at Pwn2Own

No content preview ( 8 min )

The Future of C Code Review

No content preview ( 6 min )

The disadvantages of a blacklist-based approach to input validation

No content preview ( 6 min )

A Look At Some Real-World Obfuscation Techniques

No content preview ( 17 min )

Whitepaper – Project Triforce: Run AFL On Everything (2017)

No content preview ( 6 min )

Tool Update – ruby-trace: A Low-Level Tracer for Ruby

No content preview ( 10 min )

WebRATS

No content preview ( 6 min )

Exploiting MS15-061 Use-After-Free Windows Kernel Vulnerability

No content preview ( 6 min )

Understanding the Impact of Ransomware on Patient Outcomes – Do We Know Enough?

No content preview ( 15 min )

Modelling Threat Actor Phishing Behaviour

No content preview ( 6 min )

Tool Release: Exploring SSL Pinning on iOS

No content preview ( 8 min )

The Case of Missing File Extensions

No content preview ( 11 min )

The role of security research in improving cyber security

No content preview ( 6 min )

Tis the Season to Be…

No content preview ( 9 min )

Tool Release: Announcing the Release of RtspFuzzer

No content preview ( 8 min )

Technical Advisory: Insufficient Proxyman HelperTool XPC Validation

No content preview ( 10 min )

Conference Talks – March 2020

No content preview ( 8 min )

The facts about BadUSB

No content preview ( 8 min )

TLSPretense — SSL/TLS Client Testing Framework

No content preview ( 6 min )

Tool – Windows Executable Memory Page Delta Reporter

No content preview ( 8 min )

Webinar: SMACK, SKIP-TLS & FREAK SSL/TLS vulnerabilities

No content preview ( 6 min )

The economics of defensive security

No content preview ( 6 min )

Tool Release – JWT-Reauth

No content preview ( 8 min )

Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)

No content preview ( 7 min )

Technical Advisory: Intel Driver Support & Assistance – Local Privilege Escalation

No content preview ( 9 min )

Understanding Ransomware

No content preview ( 6 min )

Tool Release: DIBF Tool Suite

No content preview ( 7 min )

Technical Advisory: Sonos Era 100 Secure Boot Bypass Through Unchecked setenv() call

No content preview ( 8 min )

A Race to Report a TOCTOU: Analysis of a Bug Collision in Intel SMM

No content preview ( 9 min )

Tool Release – Web3 Decoder Burp Suite Extension

No content preview ( 9 min )

Back in Black: Unlocking a LockBit 3.0 Ransomware Attack

No content preview ( 10 min )

The Paillier Cryptosystem with Applications to Threshold ECDSA

No content preview ( 20 min )

Understanding Ransomware: Impact, Evolution and Defensive Strategies

No content preview ( 6 min )

Tool Release: A Simple DLL Injection Utility

No content preview ( 6 min )

Tool Release: Code Credential Scanner (ccs)

No content preview ( 7 min )

UK government cyber security guidelines for connected & autonomous vehicles

No content preview ( 8 min )

Using graph databases to assess the security of thingernets based on the thingabilities and thingertivity of things

No content preview ( 6 min )

Whitepaper – Practical Attacks on Machine Learning Systems

No content preview ( 6 min )

CVE-2018-8611 Exploiting Windows KTM Part 1/5 – Introduction

No content preview ( 22 min )

Technical Advisory – Hash Denial-of-Service Attack in Multiple QUIC Implementations

No content preview ( 13 min )

Virtual Access Monitor Multiple SQL Injection Vulnerabilities

No content preview ( 6 min )

Tool Release – ScoutSuite 5.13.0

No content preview ( 7 min )

The L4m3ne55 of Passw0rds: Notes from the field

No content preview ( 6 min )

Webinar – PCI Version 3.0: Are you ready?

No content preview ( 6 min )

Top of the Pops: Three common ransomware entry techniques

No content preview ( 9 min )

Immortalising 20 Years of Epic Research

No content preview ( 42 min )

eBPF Adventures: Fiddling with the Linux Kernel and Unix Domain Sockets

No content preview ( 56 min )

Public Report – VPN by Google One Security Assessment

No content preview

Hardware Security By Design: ESP32 Guidance

No content preview ( 18 min )

SCOMplicated? – Decrypting SCOM “RunAs” credentials

No content preview ( 9 min )

RIFT: Detection capabilities for recent F5 BIG-IP/BIG-IQ iControl REST API vulnerabilities CVE-2021-22986

No content preview ( 11 min )

Puckungfu 2: Another NETGEAR WAN Command Injection

No content preview ( 13 min )

Securing Google Cloud Platform – Ten best practices

No content preview ( 11 min )

Updated: Technical Advisory and Proofs of Concept – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)

No content preview ( 14 min )

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040)

No content preview ( 8 min )

Phish Supper: An Incident Responder’s Bread and Butter

No content preview ( 10 min )

Defending Your Directory: An Expert Guide to Mitigating Pass-the-Hash Attacks in Active Directory

No content preview ( 10 min )

Technical Advisory – KwikTag Web Admin Authentication Bypass

No content preview ( 8 min )

The Spelling Police: Searching for Malicious HTTP Servers by Identifying Typos in HTTP Responses

No content preview ( 12 min )

WastedLocker: A New Ransomware Variant Developed By The Evil Corp Group

No content preview ( 20 min )

McAfee Email and Web Security Appliance v5.6 – Arbitrary file download is possible with a crafted URL, when logged in as any user

No content preview ( 7 min )

RokRat Analysis

No content preview ( 11 min )

Technical Advisory – Multiple Vulnerabilities in Faronics Insight (CVE-2023-28344, CVE-2023-28345, CVE-2023-28346, CVE-2023-28347, CVE-2023-28348, CVE-2023-28349, CVE-2023-28350, CVE-2023-28351, CVE-2023-28352, CVE-2023-28353)

No content preview ( 24 min )

Technical Advisory: Multiple Vulnerabilities in Ricoh Printers

No content preview ( 14 min )

Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100

No content preview ( 12 min )

Tool Release – Ghostrings

No content preview ( 9 min )

Tool Release – Collaborator++

No content preview ( 8 min )

Technical Advisory: Adobe ColdFusion WDDX Deserialization Gadgets

No content preview ( 16 min )

Technical Advisory – Multiple Vulnerabilities in Trendnet TEW-831DR WiFi Router (CVE-2022-30325, CVE-2022-30326, CVE-2022-30327, CVE-2022-30328, CVE-2022-30329)

No content preview ( 10 min )

Symantec Messaging Gateway SSH with backdoor user account + privilege escalation to root due to very old Kernel

No content preview ( 8 min )

The Challenges of Fuzzing 5G Protocols

No content preview ( 16 min )

Technical Advisory: containerd – containerd-shim API Exposed to Host Network Containers (CVE-2020-15257)

No content preview ( 12 min )

Tool Release: Introducing opinel: Scout2’s favorite tool

No content preview ( 8 min )

The ABCs of NFC chip security

No content preview ( 14 min )

Remote Exploitation of Microsoft Office DLL Hijacking (MS15-132) via Browsers

No content preview ( 10 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 10: Efficacy Demonstration, Project Conclusion and Next Steps

No content preview ( 11 min )

Technical Advisory: Pulse Connect Secure – RCE via Uncontrolled Gzip Extraction (CVE-2020-8260)

No content preview ( 9 min )

Technical Advisory: Multiple Vulnerabilities in Xerox Printers

No content preview ( 11 min )

Handy guide to a new Fivehands ransomware variant

No content preview ( 12 min )

Car Parking Apps Vulnerable To Hacks

No content preview ( 13 min )

Announcing the Cryptopals Guided Tour Video 17: Padding Oracles!

No content preview ( 9 min )

Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777)

No content preview ( 9 min )

Technical Advisory: Multiple Vulnerabilities in ManageEngine Desktop Central

No content preview ( 10 min )

Software Verification and Analysis Using Z3

No content preview ( 38 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 1: Understanding the Basics and What Platforms and Frameworks Are Available

No content preview ( 12 min )

Writing FreeBSD Kernel Modules in Rust

No content preview ( 16 min )

Forensic Readiness in Container Environments

No content preview ( 9 min )

Analyzing Secure AI Design Principles

No content preview ( 17 min )

Analysis of setting cookies for third party websites in different browsers

No content preview ( 9 min )

Rustproofing Linux (Part 2/4 Race Conditions)

No content preview ( 13 min )

Online Casino Roulette – A guideline for penetration testers and security researchers

No content preview ( 19 min )

Use and enforce Multi-Factor Authentication

No content preview ( 9 min )

Vulnerability Overview: Ghost (CVE-2015-0235)

No content preview ( 9 min )

Shaking The Foundation of An Online Collaboration Tool: Microsoft 365 Top 5 Attacks vs the CIS Microsoft 365 Foundation Benchmark

No content preview ( 10 min )

Username enumeration techniques and their value

No content preview ( 13 min )

Real World Cryptography Conference 2023 – Part II

No content preview ( 13 min )

Writing Exploits for Win32 Systems from Scratch

No content preview ( 53 min )

Analyzing a PJL directory traversal vulnerability – exploiting the Lexmark MC3224i printer (part 2)

No content preview ( 18 min )

Technical Advisory: Multiple Vulnerabilities in TCPDF

No content preview ( 12 min )

A brief look at Windows telemetry: CIT aka Customer Interaction Tracker

A brief look at Windows telemetry: CIT aka Customer Interaction Tracker ( 24 min )

Pumping Iron on the Musl Heap – Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap

No content preview ( 32 min )

Windows 2000 Format String Vulnerabilities

No content preview ( 6 min )

WSSiP: A Websocket Manipulation Proxy

No content preview ( 6 min )

Zcash Cryptography and Code Review

No content preview ( 6 min )

Xen HYPERVISOR_xen_version stack memory revelation

No content preview ( 6 min )

Security Best Practice: Host Naming & URL Conventions

No content preview ( 6 min )

Aurora Response Recommendations

No content preview ( 6 min )

Technical Advisory: SMB Hash Hijacking and User Tracking in MS Outlook

No content preview ( 7 min )

Machine Learning 101: The Integrity of Image (Mis)Classification?

No content preview ( 7 min )

Securing PL/SQL Applications with DBMS_ASSERT

No content preview ( 6 min )

Technical Advisory: Command Injection

No content preview ( 7 min )

Public Report – AWS Nitro System API & Security Claims Italian

No content preview ( 6 min )

Tool Release: Magisk Module – Conscrypt Trust User Certs

No content preview ( 8 min )

Software Security Austerity Security Debt in Modern Software Development

No content preview ( 6 min )

Tool Release – ScoutSuite 5.9.0

No content preview ( 7 min )

Third party assurance

No content preview ( 6 min )

Shellshock Bash Vulnerability

No content preview ( 8 min )

Discovering Smart Contract Vulnerabilities with GOATCasino

No content preview ( 9 min )

Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application

No content preview ( 8 min )

Public Report – Electric Coin Company NU3 Specification and Blossom Implementation Audit

No content preview ( 6 min )

Tool Release: iOS SSL Kill Switch v0.5 Released

No content preview ( 8 min )

Public Report: XMTP MLS Implementation Review

No content preview ( 6 min )

Technical Advisory: Nexpose Hard‐coded Java Key Store Passphrase Allows Decryption of Stored Credentials

No content preview ( 8 min )

The Myth of Twelve More Bytes: Security on the Post-Scarcity Internet

No content preview ( 6 min )

Symantec Message Filter Unauthenticated verbose software version information disclosure

No content preview ( 6 min )

Tool Release: Calculating SQL Permissions

No content preview ( 7 min )

Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)

No content preview ( 7 min )

HTML5 Security The Modern Web Browser Perspective

No content preview ( 6 min )

Weaknesses and Best Practices of Public Key Kerberos with Smart Cards

No content preview ( 6 min )

Tor Browser Research Report Released

No content preview ( 8 min )

Pip3line – The Swiss Army Knife of Byte Manipulation

No content preview ( 7 min )

Whitepaper – Exploring the Security of KaiOS Mobile Applications

No content preview ( 6 min )

Tool Release – Monkey365

No content preview ( 7 min )

Tool Release: Redirecting traffic with dnsRedir.py

No content preview ( 7 min )

The Pentesters Guide to Akamai

No content preview ( 6 min )

Modernizing Legacy Systems: Software Technologies, Engineering Processes, and Business Practices

No content preview ( 6 min )

Understanding Microsoft Word OLE Exploit Primitives: Exploiting CVE-2015-1642 Microsoft Office CTaskSymbol Use-After-Free Vulnerability

No content preview ( 6 min )

Autochrome

No content preview ( 6 min )

Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera

No content preview ( 7 min )

Webinar: 4 Secrets to a Robust Incident Response Plan

No content preview ( 6 min )

The Demise of Signature Based Antivirus

No content preview ( 6 min )

Vulnerabilities Found In Geofencing Apps

No content preview ( 7 min )

Whitepaper – A Tour of Curve 25519 in Erlang

No content preview ( 6 min )

CERT C Secure Coding Standard

No content preview ( 6 min )

Technical Advisory: Multiple Vulnerabilities in MailEnable

No content preview ( 8 min )

Writing Robust Yara Detection Rules for Heartbleed

No content preview ( 10 min )

How organisations can properly configure SSL services to ensure the integrity and confidentiality of data in transit

No content preview ( 7 min )

Technical Advisory: Unauthenticated Remote Command Execution through Multiple Vulnerabilities in Virgin Media Hub 3.0

No content preview ( 8 min )

USB Undermining Security Barriers:further adventures with USB

No content preview ( 6 min )

Technical Advisory: Espressif Systems - ESP32 BluFi Reference Application Vulnerabilities

No content preview ( 7 min )

Applying normalised compression distance for architecture classification

No content preview ( 6 min )

Toner Deaf – Printing your next persistence (Hexacon 2022)

No content preview ( 7 min )

BLEBoy

No content preview ( 6 min )

Using Semgrep with Jupyter Notebook files

No content preview ( 8 min )

Writing Secure ASP Scripts

No content preview ( 6 min )

The factoring dead: Preparing for the cryptopocalypse

No content preview ( 6 min )

Security Compliance as an Engineering Discipline

No content preview ( 6 min )

Hackproofing Lotus Domino Web Server

No content preview ( 6 min )

Technical Advisory: Unauthenticated SQL Injection in Lansweeper

No content preview ( 7 min )

Technical Advisory: Code Execution by Viewing Resource Files in .NET Reflector

No content preview ( 7 min )

Building Security In: Software Penetration Testing

Build secure software from the start. NCC Group’s blog explores the role of penetration testing in modern, resilient app development. ( 6 min )

Tool Release: Cartographer

No content preview ( 9 min )

When a Trusted Site in Internet Explorer was Anything But

No content preview ( 9 min )

Technical Advisory: IP Office Stored Cross Site Scripting (XSS) Vulnerability

No content preview ( 7 min )

TPM Genie: Interposer Attacks Against the Trusted Platform Module Serial Bus

No content preview ( 6 min )

Whitepaper – Weaning the Web off of Session Cookies: Making Digest Authentication Viable

No content preview ( 6 min )

ZigTools: An Open Source 802.15.4 Framework

No content preview ( 6 min )

Deception Engineering: exploring the use of Windows Service Canaries against ransomware

No content preview ( 8 min )

CERT Oracle Secure Coding Standard for Java

No content preview ( 6 min )

Writing Small Shellcode

No content preview ( 6 min )

Tool Release: tcpprox

No content preview ( 6 min )

Tool Release: Code Query (cq)

No content preview ( 6 min )

Tool Release – Socks Over RDP Now Works With Citrix

No content preview ( 7 min )

Windows DACLs & Why There Is Still Room for Interest

No content preview ( 7 min )

VeChain JavaScript SDK Cryptography and Security Review

No content preview ( 6 min )

Tool Release: SSLyze v 0.9 released – Heartbleed edition

No content preview ( 7 min )

The Phishing Guide: Understanding & Preventing Phishing Attacks

No content preview ( 6 min )

Which database is more secure? Oracle vs. Microsoft

No content preview ( 6 min )

Detecting and Hunting for the PetitPotam NTLM Relay Attack

No content preview ( 8 min )

Whitepaper: CA Alternative

No content preview ( 7 min )

Working with the Open Technology Fund

No content preview ( 7 min )

Blind Exploitation of Stack Overflow Vulnerabilities

No content preview ( 7 min )

Defending Your Directory: An Expert Guide to Securing Active Directory Against DCSync Attacks

No content preview ( 9 min )

Weak Randomness Part I – Linear Congruential Random Number Generators

No content preview ( 6 min )

Jenkins Plugins and Core Technical Summary Advisory

No content preview ( 8 min )

Technical Advisory: SQL Injection and Reflected Cross-Site Scripting (XSS) Vulnerabilities in Oracle Communications Diameter Signaling Router (CVE-2020-14787, CVE-2020-14788)

No content preview ( 8 min )

NCC Group Connected Health Whitepaper July 2019

No content preview ( 7 min )

Matty McMattface: Security implications, mitigations & testing strategies for biometric facial recognition systems

No content preview ( 6 min )

Absolute Security

No content preview ( 6 min )

Technical Advisory: PDFTron JavaScript URLs Allowed in WebViewer UI (CVE-2021-39307)

No content preview ( 7 min )

Windows DACL Enum Project

No content preview ( 6 min )

The why behind web application penetration test prerequisites

NCC Group explains why pen test prerequisites are essential for accurate, efficient, and secure web application assessments. ( 6 min )

Whitepaper – Coinbugs: Enumerating Common Blockchain Implementation-Level Vulnerabilities

No content preview ( 6 min )

Flash local-with-filesystem Bypass in navigateToURL

No content preview ( 6 min )

iSEC reviews SecureDrop

No content preview ( 7 min )

Whitepaper – HTTP Digest Integrity: Another look, in light of recent attacks

No content preview ( 6 min )

Auditing K3s Clusters

No content preview ( 8 min )

YoNTMA

No content preview ( 6 min )

An Introduction to Authenticated Encryption

No content preview ( 6 min )

Windows IPC Fuzzing Tools

No content preview ( 6 min )

CVE-2018-8611 Exploiting Windows KTM Part 4/5 – From race win to kernel read and write primitive

No content preview ( 33 min )

Toxic Tokens: Using UUIDs for Authorization is Dangerous (even if they’re cryptographically random)

No content preview ( 11 min )

Security Code Review With ChatGPT

Security Code Review With ChatGPT ( 20 min )

Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches

No content preview ( 19 min )

Adventures in Windows Driver Development: Part 1

No content preview ( 12 min )

Technical advisory: Remote shell commands execution in ttyd

No content preview ( 9 min )

earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis scripts

No content preview ( 27 min )

Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark

No content preview ( 12 min )

Unveiling the Dark Side: A Deep Dive into Active Ransomware Families

No content preview ( 14 min )

CVE-2018-8611 Exploiting Windows KTM Part 2/5 – Patch analysis and basic triggering

No content preview ( 30 min )

Technical Advisory – Multiple Vulnerabilities in Nagios XI

No content preview ( 24 min )

Adventures in the land of BumbleBee – a new malicious loader

No content preview ( 11 min )

Reverse engineering and decrypting CyberArk vault credential files

No content preview ( 10 min )

Shining the Light on Black Basta

No content preview ( 12 min )

Popping Blisters for research: An overview of past payloads and exploring recent developments

No content preview ( 23 min )

Xen SMEP (and SMAP) Bypass

No content preview ( 13 min )

CVE-2018-8611 Exploiting Windows KTM Part 3/5 – Triggering the race condition and debugging tricks

No content preview ( 24 min )

A Primer On Slowable Encoders

No content preview ( 12 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 2: Going off on a Tangent – AI/ML Applications in Social Engineering

No content preview ( 14 min )

Defeating Windows DEP With A Custom ROP Chain

No content preview ( 27 min )

Finding and Exploiting .NET Remoting over HTTP using Deserialisation

No content preview ( 12 min )

Detecting Mimikatz with Busylight

No content preview ( 10 min )

Sifting through the spines: identifying (potential) Cactus ransomware victims

No content preview ( 11 min )

Technical Advisory – Multiple Vulnerabilities in PandoraFMS Enterprise

No content preview ( 15 min )

North Korea’s Lazarus: their initial access trade-craft using social media and social engineering

No content preview ( 10 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 3: Understanding Existing Approaches and Attempts

No content preview ( 18 min )

Tool Release – Enumerating Docker Registries with go-pillage-registries

No content preview ( 8 min )

Using SharePoint as a Phishing Platform

No content preview ( 11 min )

The Next C Language Standard (C23)

No content preview ( 8 min )

Metastealer – filling the Racoon void

No content preview ( 10 min )

Analyzing Secure AI Architectures

No content preview ( 15 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 7: Development of Prototype #3 – Adventures in Anomaly Detection

No content preview ( 19 min )

Rustproofing Linux (Part 3/4 Integer Overflows)

No content preview ( 10 min )

Tool Release – Carnivore: Microsoft External Assessment Tool

No content preview ( 9 min )

5 MCP Security Tips

No content preview ( 11 min )

Technical Advisory: Cross-Site Scripting in Umbraco Rich Text Display

No content preview ( 9 min )

Technical Advisory – Multiple Vulnerabilities in the Galaxy App Store (CVE-2023-21433, CVE-2023-21434)

No content preview ( 10 min )

Nameless and shameless: Ransomware Encryption via BitLocker

No content preview ( 14 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 9: Adventures with Expert Systems

No content preview ( 13 min )

Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs

No content preview ( 10 min )

Defending Your Directory: An Expert Guide to Combating Kerberoasting in Active Directory

No content preview ( 11 min )

Technical Advisory: Multiple Vulnerabilities in SmarterMail

No content preview ( 14 min )

Mallory and Me: Setting up a Mobile Mallory Gateway

No content preview ( 12 min )

The Development of a Telco Attack Testing Tool

No content preview ( 11 min )

Practical Considerations of Right-to-Repair Legislation

No content preview ( 17 min )

GSM/GPRS Traffic Interception for Penetration Testing Engagements

Discover how GSM/GPRS traffic interception enhances mobile security testing. A technical guide from NCC Group’s research team. ( 18 min )

Autonomous AI Agents: A hidden Risk in Insecure smolagents “CodeAgent” Usage

No content preview ( 11 min )

Cracking Mifare Classic 1K: RFID, Charlie Cards, and Free Subway Rides

No content preview ( 16 min )

Streamlining Global Automotive Cybersecurity Governance to Accelerate Innovation, Assurance, and Compliance

No content preview ( 16 min )

Windows Phone 7 Application Security Survey

No content preview ( 6 min )

A Rendezvous with System Management Interrupts

No content preview ( 9 min )

Tool Release: Blackbox iOS App Analysis with Introspy

No content preview ( 7 min )

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs

No content preview ( 6 min )

Whitepaper: Recognizing and Preventing TOCTOU

No content preview ( 7 min )

The Browser Hacker’s Handbook

No content preview ( 6 min )

Zulu

No content preview ( 6 min )

Professional C Programming LiveLessons, (Video Training) Part I: Writing Robust, Secure, Reliable Code

No content preview ( 6 min )

Public Report: eBPF Verifier Code Review

No content preview ( 6 min )

Multiple Vulnerabilities in MailEnable

No content preview ( 6 min )

NCC Group WhitepaperUnderstanding and HardeningLinux ContainersJune 29, 2016 – Version 1.1

No content preview ( 6 min )

ProxMon

No content preview ( 6 min )

Stepping Stones – A Red Team Activity Hub

No content preview ( 8 min )

Insomnihack - Pioneering Zero Days at Pwn2Own Automotive 2024

No content preview ( 7 min )

Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658)

No content preview ( 9 min )

WindowsJobLock

No content preview ( 6 min )

Secure Coding in C and C++

No content preview ( 6 min )

Denial of Service in Parsing a URL by ierutil.dll

No content preview ( 6 min )

44Con2013Game

Game from 44CON 2013 ( 6 min )

Multiple security vulnerabilities in SAP NetWeaver BSP Logon

No content preview ( 6 min )

Freddy: An extension for automatically identifying deserialisation issues in Java and .NET applications

No content preview ( 7 min )

Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes

No content preview ( 7 min )

SQL Server Security

No content preview ( 6 min )

The CERT® C Coding Standard, Second Edition: 98 Rules for Developing Safe, Reliable, and Secure Systems

No content preview ( 6 min )

iOS Application Security: The Definitive Guide for Hackers and Developers

No content preview ( 6 min )

Secure Coding Rules for Java LiveLessons, Part 1

No content preview ( 6 min )

Xendbg: A Full-Featured Debugger for the Xen Hypervisor

No content preview ( 7 min )

Technical Advisory: CyberArk EPM Non-paged Pool Buffer Overflow

No content preview ( 7 min )

Where You Inject Matters: The Role-Specific Impact of Prompt Injection Attacks on OpenAI models

No content preview ( 8 min )

On Almost Signing Android Builds

No content preview ( 8 min )

White Paper: An Introduction to Authenticated Encryption

No content preview ( 7 min )

Disabling Office Macros to Reduce Malware Infections

No content preview ( 8 min )

OffensiveCon 2023 – Exploit Engineering – Attacking the Linux Kernel

No content preview ( 7 min )

The Mobile Application Hacker’s Handbook

No content preview ( 6 min )

When Security Gets in the Way: PenTesting Mobile Apps That Use Certificate Pinning

No content preview ( 6 min )

Quantum Data Centre of the Future

No content preview ( 10 min )

Auditing Enterprise Class Applications and Secure Containers on Android

No content preview ( 6 min )

The Database Hacker’s Handbook

No content preview ( 6 min )

Developing Secure Mobile Applications for Android

No content preview ( 6 min )

RomHack – Revving Up: The Journey to Pwn2Own Automotive 2024

No content preview ( 7 min )

Nine years of bugs at NCC Group

No content preview ( 6 min )

Mallory: Transparent TCP and UDP Proxy

No content preview ( 7 min )

Machine Learning 102: Attacking Facial Authentication with Poisoned Data

No content preview ( 7 min )

Tattler

No content preview ( 7 min )

NCC Group’s 2024 Annual Research Report

No content preview ( 7 min )

Bit51 Better Security WP Security Plugin – Unauthenticated Stored XSS to RCE

No content preview ( 7 min )

BlackHat USA 2024 - Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap

No content preview ( 8 min )

Adobe flash sandbox bypass to navigate to local drives

No content preview ( 6 min )

Technical Advisory: Mitel MiVoice 5330e Memory Corruption Flaw

No content preview ( 7 min )

HTTP to MCP Bridge

No content preview ( 9 min )

An Engineer’s View: Operational Technology

No content preview ( 15 min )

Pentesting V. Red Teaming V. Bug Bounty

Explore the differences between penetration testing, red teaming, and bug bounty programs. NCC Group helps you choose the right approach. ( 10 min )

Security Tips For Your AI Cloud Infrastructure

No content preview ( 10 min )

IG Learner Walkthrough

No content preview ( 14 min )

In-Depth Technical Analysis of the Bybit Hack

No content preview ( 15 min )

Lights, Camera, HACKED! An insight into the world of popular IP Cameras

No content preview ( 14 min )

Masquerade: You Downloaded ScreenConnect not Grok AI!

No content preview ( 9 min )

10 real-world stories of how we’ve compromised CI/CD pipelines

10 real-world stories of how we’ve compromised CI/CD pipelines ( 15 min )

NCC Group’s Exploit Development Capability: Why and What

No content preview ( 9 min )

Getting Shell with XAMLX Files

No content preview ( 8 min )

Project Ava: On the Matter of Using Machine Learning for Web Application Security Testing – Part 6: Development of Prototype #2 – Creating a SQLi PoC

No content preview ( 15 min )

Rustproofing Linux (Part 1/4 Leaking Addresses)

No content preview ( 13 min )

Comparing AI Against Traditional Static Analysis Tools to Highlight Buffer Overflows

No content preview ( 12 min )

EAP-TLS: The most secure option?

No content preview ( 14 min )

Rustproofing Linux (Part 4/4 Shared Memory)

No content preview ( 11 min )

SMB hash hijacking & user tracking in MS Outlook

No content preview ( 12 min )

Technical Advisory: Bypassing Microsoft XOML Workflows Protection Mechanisms using Deserialisation of Untrusted Data

No content preview ( 10 min )

Fake CAPTCHA led to LUMMA

No content preview ( 9 min )

Cross-Execute Your Linux Binaries, Don’t Cross-Compile Them

No content preview ( 10 min )

A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext

A Back-to-Front TrueCrypt Recovery Story: The Plaintext is the Ciphertext ( 14 min )

Adobe Flash Player Cross Domain Policy Bypass

No content preview ( 6 min )

Public Report – Lantern and Replica Security Assessment

From September 28th through October 23rd, 2020, Lantern – in partnership with the Open Technology Fund – engaged NCC Group to conduct a security assessment of the Lantern client. Lantern provides a proxy in order to circumvent internet censorship. This assessment was open ended and time-boxed, providing a best-effort security analysis in a fixed amount […] ( 7 min )

OCP S.A.F.E. How-to

No content preview ( 9 min )

iSEC Completes TrueCrypt Audit

No content preview ( 8 min )

Secure Coding in C and C++, 2nd Edition

No content preview ( 6 min )

SmarterMail – Stored XSS in emails

No content preview ( 6 min )

Technical Advisory: Code Execution by Unsafe Resource Handling in Multiple Microsoft Products

No content preview ( 8 min )

NCLoader

No content preview ( 7 min )

VMware Workstation Guest-to-Host Escape Exploit Development

VMware Workstation Guest-to-Host Escape Exploit Development ( 6 min )

iOS 7 tool updates

No content preview ( 7 min )

44CON Workshop – How to assess and secure iOS apps

44CON Workshop – How to assess and secure iOS apps ( 6 min )

Why AI Will Not Fully Replace Humans for Web Penetration Testing

Explore why AI alone isn’t enough for web penetration testing. NCC Group explains the irreplaceable value of human expertise in security assessments. ( 8 min )

Building Systems from Commercial Components

No content preview ( 6 min )

Announcing the Cryptopals Guided Tour Video 18: Implement CTR

No content preview ( 8 min )

Public Report - VeChainThor Galactica Security Assessment

No content preview ( 6 min )

Potential false redirection of web site content in Internet in SAP NetWeaver web applications

No content preview ( 6 min )

Technical Advisory: Condeon CMS

No content preview ( 7 min )

Local network compromise despite good patching

No content preview ( 7 min )

Public Report - Google Confidential Space Security Assessment

No content preview ( 6 min )

Voice Impersonation and DeepFake Vishing in Realtime

Voice Impersonation and DeepFake Vishing in Realtime ( 6 min )