Machine Learning 101: The Integrity of Image (Mis)Classification? Professor Ron Rivest observed the close relationship between cryptogra... 2022-12-15 22:9:25 | 阅读: 17 | 收藏 | NCC Group Research - research.nccgroup.com sorry incorrectly machine realistic

Replicating CVEs with KLEE This blog post details the steps taken to replicate a udhcpc process crash on BusyBox 1.24.2 usi... 2022-12-13 01:10:15 | 阅读: 23 | 收藏 | NCC Group Research - research.nccgroup.com busybox klee dhcp dname crash

Public Report – VPN by Google One Security Assessment During the summer of 2022, Google engaged NCC Group to conduct a security... 2022-12-10 06:25:22 | 阅读: 24 | 收藏 | NCC Group Research - research.nccgroup.com security undue engaged goals responsibly

Public Report – Confidential Space Security Review During the summer of 2022, Google engaged NCC Group to conduct a security... 2022-12-6 08:1:0 | 阅读: 17 | 收藏 | NCC Group Research - research.nccgroup.com cloud security navigation engaged

Exploring Prompt Injection Attacks Have you ever heard about Prompt Injection Attacks[1]? Prompt Injection is a new vulnerability t... 2022-12-6 06:12:8 | 阅读: 61 | 收藏 | NCC Group Research - research.nccgroup.com injection pwned haha payload remote

So long and thanks for all the 0day After nearly four years into my role, I am stepping down as NCC Group’s SVP & Global Head of Res... 2022-11-24 03:52:10 | 阅读: 42 | 收藏 | research.nccgroup.com security novel machine

A jq255 Elliptic Curve Specification, and a Retrospective First things first: there is now a specification for the jq255e and jq255s elliptic curves; it i... 2022-11-22 00:38:6 | 阅读: 16 | 收藏 | research.nccgroup.com curves elliptic cofactor eprint formulas

Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163) Vendor: NXP SemiconductorsVendor URL: https://www.nxp.comAffected Devices: i.MX RT 101x, i.MX... 2022-11-18 00:0:44 | 阅读: 59 | 收藏 | research.nccgroup.com sdp nxp memory dcd ddr

Tool Release – Web3 Decoder Burp Suite Extension Web3 Decoder is a Burp Suite Extension that allows to decode “web3” JSON-R... 2022-11-11 03:13:54 | 阅读: 28 | 收藏 | research.nccgroup.com chains web3 library python github

Tales of Windows detection opportunities for an implant framework The below are slides from a fifteen minute lightening talk I gave yesterd... 2022-11-9 17:58:39 | 阅读: 17 | 收藏 | research.nccgroup.com ollie whitehouse yesterday windows slides

Check out our new Microcorruption challenges! by Nick Galloway Today we are releasing several new challenges for the emb... 2022-11-1 01:28:55 | 阅读: 46 | 收藏 | research.nccgroup.com jennifer fernick hardware enjoy

Toner Deaf – Printing your next persistence (Hexacon 2022) On Friday 14th of October 2022 Alex Plaskett (@alexjplaskett) and Cedric H... 2022-10-17 16:13:17 | 阅读: 20 | 收藏 | research.nccgroup.com printer security firmware lexmark enhance

Technical Advisory – OpenJDK – Weak Parsing Logic in java.net.InetAddress and Related Classes Vendor: OpenJDK ProjectVendor URL: https://openjdk.java.netVersions affected: 8-17+ (and likel... 2022-10-7 00:40:50 | 阅读: 26 | 收藏 | research.nccgroup.com inetaddress security baz 0101

Public Report – IOV Labs powHSM Security Assessment In June 2022, IOV Labs engaged NCC Group to perform a review of powHSM. Pe... 2022-10-5 21:0:0 | 阅读: 23 | 收藏 | research.nccgroup.com iov jennifer fernick consultants powhsm

Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices NXP’s HABv4 API documentation references a now-mitigated defect in ROM-resident High Assurance B... 2022-10-4 01:56:34 | 阅读: 26 | 收藏 | research.nccgroup.com dcd nxp hab rom csf

A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion Authors: William Backhouse (@Will0x04), Michael Mullen (@DropTheBase64) and Nikolaos Pantazopoul... 2022-9-30 16:40:24 | 阅读: 32 | 收藏 | research.nccgroup.com shadowpad network windows c2 proxy

Detecting Mimikatz with Busylight In 2015 Raphael Mudge released an article [1] that detailed that versions of mimikatz released a... 2022-9-30 16:0:0 | 阅读: 26 | 收藏 | research.nccgroup.com mimikatz busylight hid github umdf

Whitepaper – Project Triforce: Run AFL On Everything (2017) Six years ago, NCC Group researchers Tim Newsham and Jesse Burns released... 2022-9-28 03:28:27 | 阅读: 24 | 收藏 | research.nccgroup.com triforceafl jennifer fuzzer fernick fuzzy

Tool Release – Project Kubescout: Adding Kubernetes Support to Scout Suite tl;dr You can now have Scout Suite scan notonly your cloud environments, but your Kubernetes cl... 2022-9-23 01:41:29 | 阅读: 27 | 收藏 | research.nccgroup.com scout kubernetes scoutsuite kubescout virtualenv

Technical Advisory – Multiple Vulnerabilities in Juplink RX4-1800 WiFi Router (CVE-2022-37413, CVE-2022-37414) Juplink’s RX4-1800 WiFi router was found to have multiple vulnerabilities... 2022-9-22 23:0:0 | 阅读: 52 | 收藏 | research.nccgroup.com juplink 1800 attacker rx4