Technical Advisory – Jitsi Meet Electron – Limited Certificate Validation Bypass (CVE-2020-27161) Current Vendor: JitsiVendor URL: https://jitsi.orgVersions affected: 1.x... 2020-10-23 12:07:12 | 阅读: 396 | 收藏 | research.nccgroup.com jitsi ignores robert wessen

Public Report – Filecoin Bellman and BLS Signatures Cryptographic Review In May 2020, Protocol Labs engaged NCC Group’s Cryptography Services team... 2020-10-21 21:00:00 | 阅读: 388 | 收藏 | research.nccgroup.com filecoin network security relies sha2

Technical Advisory – Linksys WRT160NL – Authenticated Remote Buffer Overflow (CVE-2020-26561) Current Vendor: BelkinVendor URL: https://www.linksys.com/sg/p/P-WRT160NL... 2020-10-20 21:37:00 | 阅读: 422 | 收藏 | research.nccgroup.com wrt160nl linksys belkin firmware diego

There’s A Hole In Your SoC: Glitching The MediaTek BootROM This research was conducted by our intern Ilya Zhuravlev, who has returned to school but will be... 2020-10-16 04:00:00 | 阅读: 489 | 收藏 | research.nccgroup.com glitch preloader bootrom mediatek emmc

RIFT: F5 CVE-2020-5902 and Citrix CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 honeypot data release tl;drNCC Group is today releasing three months of honeypot web traffic... 2020-10-09 19:15:15 | 阅读: 484 | 收藏 | research.nccgroup.com rift hsqldb attacker fusion citrix

Technical Advisory: Pulse Connect Secure – RCE via Template Injection (CVE-2020-8243) Vendor: Pulse SecureVendor URL: https://www.pulsesecure.net/Versions aff... 2020-10-07 02:28:13 | 阅读: 403 | 收藏 | research.nccgroup.com pulse pcs 1r8 thtml perl

Tool – Windows Executable Memory Page Delta Reporter tl;drOne true constant (until someone schools me and ROP etc. not with... 2020-10-03 15:06:16 | 阅读: 436 | 收藏 | research.nccgroup.com memory github telemetry nccgroup windows

Salesforce Security with Remote Working With Coronavirus still active across the world, life is far from settled, but the uptake of remo... 2020-10-02 22:00:00 | 阅读: 393 | 收藏 | research.nccgroup.com salesforce activation security monitoring

Tool Release – ScoutSuite 5.10 We’re proud to announce the release of a new version of our open-source, m... 2020-10-01 17:45:12 | 阅读: 443 | 收藏 | research.nccgroup.com xavier cloud security github scout

Conference Talks – October 2020 This month, members of NCC Group will be presenting their work at the foll... 2020-09-30 21:00:00 | 阅读: 474 | 收藏 | research.nccgroup.com security cloud attendees forest speaker

Tool Release – ICPin, an integrity-check and anti-debug detection pintool by Nicolas Guigo ICPin is an Intel pintool leveraging the framework’s... 2020-09-30 09:45:02 | 阅读: 410 | 收藏 | research.nccgroup.com icpin memory portability porting

Faster Modular Inversion and Legendre Symbol, and an X25519 Speed Record Elliptic curves are commonly used to implement asymmetric cryptographic operations such as key e... 2020-09-29 05:00:00 | 阅读: 512 | 收藏 | research.nccgroup.com cycles inversion gcd legendre x25519

Technical Advisory – Lansweeper Privilege Escalation via CSRF Using HTTP Method Interchange (CVE-2020-13658) Vendor: Lansweeper SoftwareVendor URL: https://www.lansweeper.com/Versio... 2020-09-25 20:40:00 | 阅读: 512 | 收藏 | research.nccgroup.com lansweeper 18th

Online Casino Roulette – A guideline for penetration testers and security researchers IntroductionIn recent years, the gaming industry has grown significantly, especially casino... 2020-09-18 18:00:00 | 阅读: 695 | 收藏 | research.nccgroup.com roulette winning bet ball wheel

Extending a Thinkst Canary to become an interactive honeypot Building on Ollie’s previous blog, in which he built a TCP proxying servic... 2020-09-14 19:54:51 | 阅读: 414 | 收藏 | research.nccgroup.com ssh nmap containers fingerprint ecdsa

StreamDivert: Relaying (specific) network connections Author: Jelle VergeerThe first part of this blog will be the story of... 2020-09-10 17:14:23 | 阅读: 475 | 收藏 | research.nccgroup.com network client software userland

Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review In June 2020, the Electric Coin Company engaged NCC Group to conduct a sec... 2020-09-04 20:00:00 | 阅读: 378 | 收藏 | research.nccgroup.com zips zcash eight consultants

Machine learning from idea to reality: a PowerShell case study Detecting both ‘offensive’ and obfuscated PowerShell scripts in Splunk using Windows Event Log 4... 2020-09-02 17:27:49 | 阅读: 454 | 收藏 | research.nccgroup.com powershell windows github powerup

Conference Talks – September 2020 This month, NCC Group researchers will be presenting their work at the fol... 2020-08-31 21:00:16 | 阅读: 412 | 收藏 | research.nccgroup.com security forest cloud trusts forests

Whitepaper – Exploring the Security of KaiOS Mobile Applications KaiOS is a mobile operating system, forked from the discontinued Firefox O... 2020-08-25 05:05:35 | 阅读: 464 | 收藏 | research.nccgroup.com security kaios remote forked injection