On the malicious use of large language models like GPT-3 (Or, “Can large language models generate exploits?”)While attacking machine learning systems... 2022-1-1 06:30:0 | 阅读: 33 | 收藏 | research.nccgroup.com gpt security openai codex

Exploring the Security & Privacy of Canada’s Digital Proof of Vaccination Programs by Drew Wade, Emily Liu, and Siddarth AdukiaTL; DRWe studied a range of Canadian provinc... 2022-1-1 03:17:0 | 阅读: 20 | 收藏 | research.nccgroup.com vaccination qr ontario verifier proofs

Tool Update – ruby-trace: A Low-Level Tracer for Ruby We released ruby-trace back in August to coincide with my DEF CON 29 talk on it and parasitic tracin... 2022-1-1 01:59:0 | 阅读: 19 | 收藏 | research.nccgroup.com 6236 cfunc 2147483648 topn cfp

Tool Release – shouganaiyo-loader: A Tool to Force JVM Attaches BackgroundJava Virtual Machines (JVMs) provide a number of mechanisms to... 2021-12-30 06:38:0 | 阅读: 26 | 收藏 | research.nccgroup.com agents shouganaiyo jvmti loader hotspot

Technical Advisory – Lenovo ImController Local Privilege Escalation (CVE-2021-3922, CVE-2021-3969) Vendor: LenovoVendor URL: https://www.lenovo.com/Versions affected: 1.1.... 2021-12-16 07:29:55 | 阅读: 38 | 收藏 | research.nccgroup.com attacker lenovo processes

Choosing the Right MCU for Your Embedded Device — Desired Security Features of Microcontrollers The Microcontroller (MCU) is the heart of an embedded device, where the main firmware executes i... 2021-12-16 00:49:38 | 阅读: 23 | 收藏 | research.nccgroup.com firmware security memory

FPGAs: Security Through Obscurity? BackgroundFor the uninitiated, an FPGA is a field-programmable array of logic that is ty... 2021-12-14 17:14:31 | 阅读: 20 | 收藏 | research.nccgroup.com fpgas security bitstream hardware development

Public Report – WhatsApp opaque-ke Cryptographic Implementation Review In June 2021, WhatsApp engaged NCC Group to conduct a security assessment... 2021-12-13 22:48:06 | 阅读: 17 | 收藏 | research.nccgroup.com opaque jennifer fernick ke library

log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228 tl;dr Run add our new tool, -javaagent:log4j-jndi-be-gone-1.0.0-standalone.jar to all of your JV... 2021-12-13 08:55:00 | 阅读: 71 | 收藏 | research.nccgroup.com log4j jndi log4shell weird

Log4Shell: Reconnaissance and post exploitation network detection Note: This blogpost will be live-updated with new information. NCC Group’s... 2021-12-13 04:15:23 | 阅读: 141 | 收藏 | research.nccgroup.com fox log4j suricata srt classtype

Announcing NCC Group’s Cryptopals Guided Tour! Hello and welcome to NCC Group’s Cryptopals guided tour! This post is the first in a series of e... 2021-12-10 19:00:00 | 阅读: 24 | 收藏 | research.nccgroup.com wiki cryptopals python hamming talking

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Arbitrary File Deletion Vendor: SonicWallVendor URL: https://www.sonicwall.com/Versions affected... 2021-12-10 11:27:09 | 阅读: 28 | 收藏 | research.nccgroup.com attacker sma psirt remote deletion

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated Stored XSS Vendor: SonicWallVendor URL: https://www.sonicwall.com/Versions affected... 2021-12-10 11:22:30 | 阅读: 46 | 收藏 | research.nccgroup.com sma psirt firmware warren attacker

Technical Advisory – SonicWall SMA 100 Series – Multiple Unauthenticated Heap-based and Stack-based Buffer Overflow (CVE-2021-20045) Vendor: SonicWallVendor URL: https://www.sonicwall.com/Versions affected... 2021-12-10 08:33:38 | 阅读: 18 | 收藏 | research.nccgroup.com warren richard psirt sma attacker

Technical Advisory – SonicWall SMA 100 Series – Post-Authentication Remote Command Execution (CVE-2021-20044) Vendor: SonicWallVendor URL: https://www.sonicwall.com/Versions affected... 2021-12-10 08:32:24 | 阅读: 21 | 收藏 | research.nccgroup.com sma richard psirt attacker warren

Technical Advisory – SonicWall SMA 100 Series – Heap-Based Buffer Overflow (CVE-2021-20043) Vendor: SonicWallVendor URL: https://www.sonicwall.com/Versions affected... 2021-12-10 08:29:38 | 阅读: 25 | 收藏 | research.nccgroup.com sma richard psirt warren 19sv

Technical Advisory – SonicWall SMA 100 Series – Unauthenticated File Upload Path Traversal (CVE-2021-20040) Vendor: SonicWallVendor URL: https://www.sonicwall.com/Versions affected... 2021-12-10 08:27:46 | 阅读: 42 | 收藏 | research.nccgroup.com sma psirt attacker warren richard

Why IoT Security Matters IntroductionInternet of Things security can mean any number of things for your product and i... 2021-12-09 18:00:00 | 阅读: 22 | 收藏 | research.nccgroup.com security attacker attackers hardware oem

Technical Advisory – Authenticated SQL Injection in SOAP Request in Broadcom CA Network Flow Analysis (CVE-2021-44050) Vendor: BroadcomVendor URL: https://www.broadcom.com/Systems Affected: C... 2021-12-03 04:41:52 | 阅读: 35 | 收藏 | research.nccgroup.com tns network broadcom analysis envelope

Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm tl;dr In our Research and Intelligence Fusion Team (RIFT) we applied an incremental anomaly... 2021-12-02 16:17:06 | 阅读: 20 | 收藏 | research.nccgroup.com anomaly trees incremental security hst