Technical Advisory – wolfSSL TLS 1.3 Client Man-in-the-Middle Attack Vendor: wolfSSLVendor URL: https://www.wolfssl.com/Versions affected: Ve... 2020-08-24 21:00:00 | 阅读: 459 | 收藏 | research.nccgroup.com wolfssl client library github machine

Technical Advisory – Multiple HTML Injection Vulnerabilities in KaiOS Pre-installed Mobile Applications Multiple HTML injection vulnerabilities were found in several KaiOS mobile applications that are... 2020-08-22 05:33:00 | 阅读: 541 | 收藏 | research.nccgroup.com kaios injection attacker certified inject

Technical Advisory – FreePBX – Multiple Authenticated SQL Injections in UCP application Summary:The User Control Panel (UCP) application is vulnerable to... 2020-08-22 00:39:19 | 阅读: 563 | 收藏 | research.nccgroup.com cel sangoma ucp cdr security

Immortalising 20 Years of Epic Research In December 2019 we launched this new technical security research blog site. As part of its launch w... 2020-08-21 21:37:00 | 阅读: 502 | 收藏 | research.nccgroup.com security windows analysis whitepaper

Pairing over BLS12-381, Part 3: Pairing! This is the last of three code-centric blog posts on pairing based cryptography. Support for the... 2020-08-13 21:00:00 | 阅读: 426 | 收藏 | research.nccgroup.com pairing scalar miller bls

Public Report – Pixel 4/4XL and Pixel 4a ioXt Audit NCC Group was contracted by Google to conduct a security assessment of the... 2020-08-10 22:00:00 | 阅读: 603 | 收藏 | research.nccgroup.com security ioxt alliance 4xl 4a

NCC Group researchers named amongst MSRC’s Most Valuable Security Researchers in 2020 Yesterday, the Microsoft Security Response Center announced their Most Val... 2020-08-07 06:33:11 | 阅读: 514 | 收藏 | research.nccgroup.com dirk security microsoft windows

Lights, Camera, HACKED! An insight into the world of popular IP Cameras PrefaceDuring the Covid-19 pandemic, the battle to secure and protect businesses as well as... 2020-07-31 21:37:11 | 阅读: 960 | 收藏 | research.nccgroup.com security username heartbleed uart rtsp

Conference Talks – August 2020 This month, NCC Group researchers will be presenting their work at the fol... 2020-07-31 20:00:00 | 阅读: 527 | 收藏 | research.nccgroup.com kubernetes security database roadrecon usa

Tool Release – Winstrument: An Instrumentation Framework for Windows Application Assessments by George OsterweilWinstrument is a modular framework built on top of Frida designed to help... 2020-07-30 01:40:00 | 阅读: 505 | 收藏 | research.nccgroup.com winstrument mspaint windows readfile oster

Tool Release: Sinking U-Boots with Depthcharge Depthcharge is an extensible Python 3 toolkit designed to aid security researchers when analyzin... 2020-07-23 01:00:49 | 阅读: 726 | 收藏 | research.nccgroup.com depthcharge i2c security memory bootloader

Technical Advisory: Heartbleed chained with a Pass-the-Hash attack leads to device compromise on TP-Link C200 IP Camera Vendor: TP-LinkVendor URL: https://www.tp-link.com/uk/Versions aff... 2020-07-21 18:00:03 | 阅读: 580 | 收藏 | research.nccgroup.com heartbleed stok security tapo memory

Public Report – Qredo Apache Milagro MPC Cryptographic Assessment During the spring of 2020, Qredo engaged NCC Group Cryptography Services to co... 2020-07-20 20:00:00 | 阅读: 467 | 收藏 | research.nccgroup.com mpc ecdsa library milagro goldfeder

Pairing over BLS12-381, Part 2: Curves This is the second of three code-centric blog posts on pairing based cryptography. The first pos... 2020-07-13 20:00:00 | 阅读: 564 | 收藏 | research.nccgroup.com pairing scalar coordinates fq2

Understanding the root cause of F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 tl;drCVE-2020-5902 was disclosed on July 1st, 2020 by F5 Networks in K52145254 as a CVSS 10.... 2020-07-13 04:09:07 | 阅读: 635 | 收藏 | research.nccgroup.com tmui hsqldb ajp proxy fileread

RIFT: Citrix ADC Vulnerabilities CVE-2020-8193, CVE-2020-8195 and CVE-2020-8196 Intelligence tl;drCitrix disclosed on July 7th, 2020 a number of vulnerabilities in... 2020-07-10 21:51:11 | 阅读: 644 | 收藏 | research.nccgroup.com rift fusion strategic fox attackers

An offensive guide to the Authorization Code grant OAuth is the widely used standard for access delegation, enabling many of the “Sign in with X” b... 2020-07-07 20:00:01 | 阅读: 581 | 收藏 | research.nccgroup.com client security attacker victim rami

Technical Advisory – KwikTag Web Admin Authentication Bypass Vendor: ImageTagVendor URL: https://www.kwiktag.comVersions affected: 4.5.... 2020-07-07 05:33:03 | 阅读: 515 | 收藏 | research.nccgroup.com security kwiktag expired requesting draft

Pairing over BLS12-381, Part 1: Fields This is the first of three code-centric blog posts on pairing based cryptography. The series wil... 2020-07-06 20:00:00 | 阅读: 515 | 收藏 | research.nccgroup.com fq1 haskell pairing degree declaration

RIFT: F5 Networks K52145254: TMUI RCE vulnerability CVE-2020-5902 Intelligence tl;drCVE-2020-5902 was disclosed on June 1, 2020 by F5 Networks in K5... 2020-07-05 23:44:45 | 阅读: 1015 | 收藏 | research.nccgroup.com tmui jul 0700 localdomain acc