Hacker News
- Project Triforce: Run AFL on Everything https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/june/project-triforce-run-afl-on-everything/ 16 comments
- Understanding and Hardening Linux Containers [pdf] https://www.nccgroup.trust/globalassets/our-research/us/whitepapers/2016/april/ncc_group_understanding_hardening_linux_containers-10pdf 106 comments
- Enough with the Salts: Updates on Secure Password Schemes https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2015/march/enough-with-the-salts-updates-on-secure-password-schemes/ 77 comments
Lobsters
- Owning the Virgin Media Hub 3.0: The perfect place for a backdoor https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/december/owning-the-virgin-media-hub-3.0-the-perfect-place-for-a-backdoor/ 2 comments security
- If You’re Typing the Letters A-E-S Into Your Code You’re Doing It Wrong https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2009/july/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing-it-wrong/ 2 comments cryptography , culture , practices
- If You’re Typing the Letters A-E-S Into Your Code You’re Doing It Wrong https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2009/july/if-youre-typing-the-letters-a-e-s-into-your-code-youre-doing-it-wrong/ 20 comments crypto
- CVE-2019-1405 and CVE-2019-1322 – Elevation to SYSTEM via the UPnP Device Host Service and the Update Orchestrator Service https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/november/cve-2019-1405-and-cve-2019-1322-elevation-to-system-via-the-upnp-device-host-service-and-the-update-orchestrator-service/ 4 comments netsec
- Bypassing Authentication on SSH Bastion Hosts https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/october/bypassing-authentication-on-ssh-bastion-hosts/ 34 comments netsec
- Sniffle: A Sniffer for Bluetooth 5 - the world’s first open source sniffer for Bluetooth 5 https://www.nccgroup.trust/us/our-research/sniffle-a-sniffer-for-bluetooth-5/?research=public+tools 13 comments netsec
- Requests-Racer: A Python Library for Exploiting Concurrency-Related Vulnerabilities in Web Applications https://www.nccgroup.trust/us/our-research/requests-racer-a-python-library-for-exploiting-concurrency-related-vulnerabilities-in-web-applications/ 4 comments netsec
- Private Key Extraction from Qualcomm Hardware-backed Keystores https://www.nccgroup.trust/us/our-research/private-key-extraction-qualcomm-keystore/?research=technical+advisories 3 comments crypto
- Apple’s App-Site Association - The New robots.txt https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/april/apples_app_site_association_the_new_robots_txt/ 5 comments netsec
- Downgrade Attack on TLS 1.3 and Vulnerabilities in Major TLS Libraries https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2019/february/downgrade-attack-on-tls-1.3-and-vulnerabilities-in-major-tls-libraries/?year=2019&month=2 48 comments netsec
- Owning the Virgin Media Hub 3.0 https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/december/owning-the-virgin-media-hub-3.0-the-perfect-place-for-a-backdoor/ 5 comments netsec
- The 9 Lives of Bleichenbacher's CAT: New Cache ATtacks on TLS Implementations https://www.nccgroup.trust/us/our-research/the-9-lives-of-bleichenbachers-cat-new-cache-attacks-on-tls-implementations/ 5 comments netsec
- Singularity of Origin: A DNS Rebinding Attack Framework https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2018/august/singularity-of-origin-a-dns-rebinding-attack-framework/ 4 comments netsec
- Freddy: Burp Suite extension to automatically identify deserialization issues in Java and .NET applications https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/finding-deserialisation-issues-has-never-been-easier-freddy-the-serialisation-killer/ 17 comments netsec
- SMB hash hijacking & user tracking in MS Outlook (CVE-2017-11927 and CVE-2017-8572) https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/may/smb-hash-hijacking-and-user-tracking-in-ms-outlook/ 10 comments netsec
- TPM Genie: Interposer Attacks Against the Trusted Platform Module Serial Bus https://www.nccgroup.trust/us/our-research/tpm-genie-interposer-attacks-against-the-trusted-platform-module-serial-bus/?style=cyber+security 3 comments netsec
- Robin Hood vs Cisco ASA AnyConnect - Recon Brussels https://www.nccgroup.trust/uk/about-us/newsroom-and-events/events/2018/february/recon-brussels/ 6 comments netsec
- Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1 https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/november/cisco-asa-series-part-eight-exploiting-the-cve-2016-1287-heap-overflow-over-ikev1/ 4 comments netsec
- [PDF] Managing PowerShell in a modern corporate environment (defensive security) https://www.nccgroup.trust/uk/our-research/managing-powershell-in-a-modern-corporate-environment/ 27 comments netsec
- [pdf] Combating Java Deserialization Vulnerabilities with Look-Ahead Object Input Streams (LAOIS) https://www.nccgroup.trust/us/our-research/combating-java-deserialization-vulnerabilities-with-look-ahead-object-input-streams-laois/ 3 comments netsec
- Cisco ASA - Exploiting the IKEv1 heap overflow - CVE-2016-1287 https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/june/a-warcon-2017-presentation-cisco-asa-exploiting-the-ikev1-heap-overflow-cve-2016-1287/ 4 comments netsec
- Privilege Escalation in CA Common Services casrvc due to Arbitrary Write https://www.nccgroup.trust/us/our-research/advisory-craigsblackie-cve-2016-9795/?research=technical+advisories 3 comments netsec
- I chained five lame bugs together to get pre-auth RCE. Here's the advisory. https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/february/multiple_vulnerabilities_in_accellion_file_transfer_appliance/ 18 comments netsec
- Compromising Apache Tomcat via JMX access https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/february/compromising-apache-tomcat-via-jmx-access/ 4 comments netsec
- Introducing RedSnarf a tool for redteaming Windows environments (Win2k3 - 2k16) https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/november/introducing-redsnarf-and-the-importance-of-being-careful/ 32 comments netsec
- Understanding and Hardening Linux Containers https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/april/understanding-and-hardening-linux-containers/ 4 comments docker
- Run AFL on Everything! AFL + QEMU + Linux = CVEs https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/june/project-triforce-run-afl-on-everything/ 9 comments netsec
- Writing Exploits for Win32 Systems from Scratch https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/writing-exploits-for-win32-systems-from-scratch/ 5 comments netsec
- The dangers of NBNS/LLMNR spoofing attacks and how to prevent them https://www.nccgroup.trust/globalassets/resources/uk/premium-downloads/whitepapers/local-network-compromise-despite-good-patchingpdf 7 comments netsec
- Sakula: an adventure in DLL planting https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/june/sakula-an-adventure-in-dll-planting/?page=1 3 comments netsec
- Abusing Privileged and Unprivileged Linux Containers - white paper from NCC Group https://www.nccgroup.trust/us/our-research/abusing-privileged-and-unprivileged-linux-containers/ 8 comments netsec
- GSM/GPRS Traffic Interception for Penetration Testing Engagements https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2016/may/gsmgprs-traffic-interception-for-penetration-testing-engagements/ 18 comments netsec
- Javascript Cryptography Considered Harmful https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/august/javascript-cryptography-considered-harmful/ 8 comments privacy
- Understanding and Hardening Linux Containers https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2016/april/understanding-and-hardening-linux-containers/ 18 comments netsec
- Intel Software Guard Extensions (SGX): A Researcher’s Primer https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2015/january/intel-software-guard-extensions-sgx-a-researchers-primer/ 8 comments netsec
- Enough with the salts: Updates on secure password schemes https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2015/march/enough-with-the-salts-updates-on-secure-password-schemes/ 129 comments netsec
- Abusing Blu-ray Players Pt. 1 – Sandbox Escapes http://nccgroup.trust/en/blog/2015/02/abusing-blu-ray-players-pt-1-sandbox-escapes 3 comments netsec