Unveiling the Dark Side: A Deep Dive into Active Ransomware Families  Author: Molly Dewis  Intro  Our technical experts have written a blog series focused on Tactics, Techniques and Procedures (TTP’s) deployed by four ransomware families recently observed during NCC Group’s incident response engagements.    In case you missed it, our last…

Introduction If you are a pentester and enjoy tinkering with Windows, you have probably come across the following post by Raphael Mudge: Windows Access Tokens and Alternate Credentials In this post, he explains how the Windows program runas works and how the netonly flag allows the creation of processes where…

Overview Android 14 introduced a new feature which allows to remotely install CA certificates. This change implies that instead of using the /system/etc/security/cacerts directory to check the trusted CA’s, this new feature uses the com.android.conscrypt APEX module, and reads the certificates from the directory /apex/com.android.conscrypt/cacerts. Inspired by this blog post by Tim Perry,…