Tool Release – Solitude: A privacy analysis tool Created by Dan Hastings and Emanuel Flores Solitude is an open source... 2021-03-17 21:00:00 | 阅读: 219 | 收藏 | research.nccgroup.com solitude proxy containers favorite routed

Deception Engineering: exploring the use of Windows Installer Packages against first stage payloads tl;drPreviously we explored the use of Windows Process Canaries to det... 2021-03-17 02:17:06 | 阅读: 232 | 收藏 | research.nccgroup.com uninstall uninstalled security stage

Lending a hand to the community – Covenant v0.7 Updates IntroductionCovenant [1] is an open source .NET command and control framework to support... 2021-03-16 19:52:31 | 阅读: 266 | 收藏 | research.nccgroup.com covenant sharpsploit github cobbr windows

Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-202-21518) Vendor: Dell / PC-DoctorVendor URL: https://www.dell.com/support/contents/en-uk/article/product... 2021-03-11 00:21:34 | 阅读: 262 | 收藏 | research.nccgroup.com costura dell pcdr

Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches Multiple vulnerabilities were found in Netgear ProSafe Plus JGS516PE switches that may pose a se... 2021-03-09 07:50:00 | 阅读: 358 | 收藏 | research.nccgroup.com netgear manuel firmware nsdp jgs516pe

Deception Engineering: exploring the use of Windows Service Canaries against ransomware tl;drWe prototyped a Windows Service Canary in order to target parts o... 2021-03-05 01:06:46 | 阅读: 286 | 收藏 | research.nccgroup.com windows encryption ransomware whitehouse ryuk

Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes tl;drWubes is like Qubes but for Microsoft Windows. The idea is to lev... 2021-03-04 00:59:15 | 阅读: 211 | 收藏 | research.nccgroup.com windows wubes vgpu rational

Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306) Current Vendor: GigasetVendor URL: https://www.gigaset.com/es_es/gigaset-... 2021-03-01 07:37:00 | 阅读: 208 | 收藏 | research.nccgroup.com gigaset dx600a 175 overflow v41

Cryptopals: Exploiting CBC Padding Oracles This is a write-up of the classic padding oracle attack on CBC-mode block ciphers. If you’ve don... 2021-02-18 01:16:07 | 阅读: 260 | 收藏 | research.nccgroup.com ciphertext ct zeroing pad encryption

Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved) OverviewRFCs have played a pivotal role in helping to formalise ideas... 2021-02-02 17:41:13 | 阅读: 246 | 收藏 | research.nccgroup.com security rfcs analysis github

Conference Talks – February/March 2021 Throughout February and March, members of NCC Group will be presenting the... 2021-01-31 23:00:00 | 阅读: 271 | 收藏 | research.nccgroup.com software security development frontiers fernick

NCC Group’s 2020 Annual Research Report In this post, we summarize our security research findings from across the nearly 200 conference... 2021-01-31 10:00:00 | 阅读: 444 | 收藏 | research.nccgroup.com security cloud network remote

Software Verification and Analysis Using Z3 This post provides a technical introduction on how to leverage the Z3 Theorem Prover to reason a... 2021-01-29 21:00:00 | 阅读: 258 | 收藏 | research.nccgroup.com bitvec z3 264 candidate gf

Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310) Current Vendor: Belkin (Linksys)Vendor URL: https://www.linksys.com/sg/p/... 2021-01-29 01:55:30 | 阅读: 278 | 收藏 | research.nccgroup.com belkin wrt160nl puvar7 linksys manuel

Real World Cryptography Conference 2021: A Virtual Experience Earlier this month, our Cryptography Services team got together and attended (virtually) the IAC... 2021-01-27 21:00:00 | 阅读: 299 | 收藏 | research.nccgroup.com attacker security aided rwc joppe

RIFT: Analysing a Lazarus Shellcode Execution Method About the Research and Intelligence Fusion Team (RIFT):RIFT leverages our... 2021-01-23 17:43:14 | 阅读: 295 | 收藏 | research.nccgroup.com windows shellcode programlogs rift fusion

MSSQL Lateral Movement Using discovered credentials to move laterally in an environment is a common goal for the NCC Gr... 2021-01-21 23:30:23 | 阅读: 292 | 收藏 | research.nccgroup.com database security microsoft shellcode trustworthy

Public Report – BLST Cryptographic Implementation Review In October 2020, Supranational, Protocol Labs and the Ethereum Foundation... 2021-01-21 03:45:02 | 阅读: 325 | 收藏 | research.nccgroup.com library stake ietf hashing

Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures In your emails, getting your hashes Capturing NetNTLM hashes from network communications is... 2021-01-16 02:54:59 | 阅读: 308 | 收藏 | research.nccgroup.com microsoft network software intranet

Abusing cloud services to fly under the radar tl;drNCC Group and Fox-IT have been tracking a threat group with a wide set of interests, fr... 2021-01-12 17:00:00 | 阅读: 346 | 收藏 | research.nccgroup.com network cobalt windows victim c2