Metastealer – filling the Racoon void Author: Peter GurneyMetaStealer is a new information stealer varia... 2022-5-20 23:47:24 | 阅读: 61 | 收藏 | research.nccgroup.com metastealer hexintxor hexbytes hexintkey defender

earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis scripts (The version of Ghidra used in this article is 10.1.2. For the Go string recovery tool release,... 2022-5-20 17:0:0 | 阅读: 151 | 收藏 | research.nccgroup.com 0x0048e7ea 0x0048e7cb analysis i0x0048e7ea 0x0048e7d0

Tool Release – Ghostrings IntroductionGhostrings is a collection of Ghidra scripts for recoverin... 2022-5-20 16:59:0 | 阅读: 22 | 收藏 | research.nccgroup.com analysis ghostrings decompiler memory recovering

Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks Vendor: Kwikset/Weiser (Spectrum Brands)Vendor URLs: https://www.kwikset.com/kevo/smart-lock, h... 2022-5-16 07:58:0 | 阅读: 21 | 收藏 | research.nccgroup.com kevo spectrum brands gatt fob

Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks Vendor: Tesla, Inc.Vendor URL: https://www.tesla.comVersions affected: Attack tested with vehi... 2022-5-16 07:54:0 | 阅读: 47 | 收藏 | research.nccgroup.com vehicle tesla fob relaying vehicles

Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks Vendor: Bluetooth SIG, Inc.Vendor URL: https://www.bluetooth.comVersions Affected: Specificati... 2022-5-16 06:52:0 | 阅读: 26 | 收藏 | research.nccgroup.com proximity sig encryption gatt

Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777) Vendor: Ruby on RailsVendor URL: https://rubyonrails.orgVersions affected: versions prior to 7... 2022-5-7 01:27:22 | 阅读: 39 | 收藏 | research.nccgroup.com rails malicious helpers payload thename

North Korea’s Lazarus: their initial access trade-craft using social media and social engineering Authored by: Michael Matthews and Nikolaos Pantazopoulos This blog post documents some o... 2022-5-5 16:20:43 | 阅读: 78 | 收藏 | research.nccgroup.com network malicious payload analysis security

Adventures in the land of BumbleBee – a new malicious loader Authored by: Mike Stokkel, Nikolaos Totosis and Nikolaos Pantazopoulos... 2022-4-29 18:54:58 | 阅读: 23 | 收藏 | research.nccgroup.com bumblebee network loader analysis windows

LAPSUS$: Recent techniques, tactics and procedures Authored by: David Brown, Michael Matthews and Rob Smallridgetl;dr... 2022-4-28 17:55:15 | 阅读: 24 | 收藏 | research.nccgroup.com lapsus victim cloud remote network

Real World Cryptography Conference 2022 The IACR’s annual Real World Cryptography (RWC) conference took place in Amsterdam a few weeks a... 2022-4-26 21:0:0 | 阅读: 26 | 收藏 | research.nccgroup.com security encryption pq client ecdsa

Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark As one of the proud contributors to the newest version of the CIS Google Cloud Platform Foundati... 2022-4-21 00:47:18 | 阅读: 25 | 收藏 | research.nccgroup.com cloud security metric network

A brief look at Windows telemetry: CIT aka Customer Interaction Tracker tl;drWindows version up to at least version 7 contained a telemetry source called Customer I... 2022-4-12 22:6:46 | 阅读: 29 | 收藏 | research.nccgroup.com cit bitmaps windows filetime

Public Report – Google Enterprise API Security Assessment During the autumn of 2021, Google engaged NCC Group to perform a review of... 2022-4-8 04:6:20 | 阅读: 32 | 收藏 | research.nccgroup.com jennifer fernick stig criteria

Conti-nuation: methods and techniques observed in operations post the leaks Authored by: Nikolaos Pantazopoulos, Alex Jessop and Simon BiggsExecu... 2022-3-31 20:57:16 | 阅读: 20 | 收藏 | research.nccgroup.com ransomware network cobalt lateral windows

Whitepaper – Double Fetch Vulnerabilities in C and C++ Double fetch vulnerabilities in C and C++ have been known about for a numb... 2022-3-28 21:0:0 | 阅读: 28 | 收藏 | research.nccgroup.com whitepaper varying outcomes draws

Mining data from Cobalt Strike beacons Since we published about identifying Cobalt Strike Team Servers in the wild just over three year... 2022-3-26 00:18:44 | 阅读: 47 | 收藏 | research.nccgroup.com beacon cobalt beacons dissect

Remote Code Execution on Western Digital PR4100 NAS (CVE-2022-23121) Mooncake ExploitThis blog post describes an unchecked return value vulnerability found and... 2022-3-24 21:13:5 | 阅读: 149 | 收藏 | research.nccgroup.com afp dsi netatalk adouble eid

Tool Release – ScoutSuite 5.11.0 We’re proud to announce the release of a new version of our open-source, m... 2022-3-17 01:39:58 | 阅读: 50 | 收藏 | research.nccgroup.com cloud github scout 1added

Technical Advisory – Apple macOS XAR – Arbitrary File Write (CVE-2022-22582) Vendor: AppleVendor URL: https://www.apple.com/Systems Affected: macOS M... 2022-3-16 03:34:53 | 阅读: 50 | 收藏 | research.nccgroup.com xar richard 30833 security warren