site:research.nccgroup.com

Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100 https://research.nccgroup.com/2023/12/04/shooting-yourself-in-the-flags-jailbreaking-the-sonos-era-100/ 5 comments 4/12/2023 netsec

Monkey 365 is a plugin-based PowerShell module that can be used to review the security posture of your Microsoft cloud environment. https://research.nccgroup.com/2022/09/07/tool-release-monkey365/ 8 comments 8/9/2022 netsec

Writing FreeBSD Kernel Modules in Rust https://research.nccgroup.com/2022/08/31/writing-freebsd-kernel-modules-in-rust/ 13 comments 31/8/2022 rust

u-ps (Two vulnerabilities were uncovered in the IP Defragmentation algorithm implemented in U-Boot) https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ 4 comments 4/6/2022 openwrt

Ghostrings: Ghidra scripts for recovering string definitions in Go binaries with P-Code analysis https://research.nccgroup.com/2022/05/20/tool-release-ghostrings/ 5 comments 20/5/2022 reverseengineering

Technical Advisory – Blueooth Low Energy Proximity Authentication Vulnerable to Relay Attacks https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/ 2 comments 16/5/2022 netsec

SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/ 85 comments 6/3/2022 android

Testing Infrastructure-as-Code Using Dynamic Tooling https://research.nccgroup.com/2022/02/02/testing-infrastructure-as-code-using-dynamic-tooling/ 3 comments 5/2/2022 netsec

10 real-world stories of how we’ve compromised CI/CD pipelines https://research.nccgroup.com/2022/01/13/10-real-world-stories-of-how-weve-compromised-ci-cd-pipelines/ 7 comments 15/1/2022 netsec

log4j-jndi-be-gone: A simple mitigation for CVE-2021-44228 - log4j https://research.nccgroup.com/2021/12/12/log4j-jndi-be-gone-a-simple-mitigation-for-cve-2021-44228/ 7 comments 15/12/2021 netsec

Announcing NCC Group’s Cryptopals Guided Tour! https://research.nccgroup.com/2021/12/10/announcing-ncc-groups-cryptopals-guided-tour/ 5 comments 10/12/2021 crypto

Encryption Does Not Equal Invisibility – Detecting Anomalous TLS Certificates with the Half-Space-Trees Algorithm https://research.nccgroup.com/2021/12/02/encryption-does-not-equal-invisibility-detecting-anomalous-tls-certificates-with-the-half-space-trees-algorithm/ 7 comments 2/12/2021 netsec

An Illustrated Guide to Elliptic Curve Cryptography Validation https://research.nccgroup.com/2021/11/18/an-illustrated-guide-to-elliptic-curve-cryptography-validation/ 3 comments 1/12/2021 netsec

Cracking Random Number Generators using Machine Learning – Part 1: xorshift128 https://research.nccgroup.com/2021/10/15/cracking-random-number-generators-using-machine-learning-part-1-xorshift128/ 3 comments 20/11/2021 programming

Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/ 70 comments 10/11/2021 crypto

TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/ 6 comments 8/11/2021 netsec

Cracking RDP NLA Supplied Credentials for Threat Intelligence https://research.nccgroup.com/2021/10/21/cracking-rdp-nla-supplied-credentials-for-threat-intelligence/ 4 comments 22/10/2021 netsec

Cracking Random Number Generators using Machine Learning – Part 2: Mersenne Twister https://research.nccgroup.com/2021/10/18/cracking-random-number-generators-using-machine-learning-part-2-mersenne-twister/ 2 comments 18/10/2021 netsec

Reverse engineering and decrypting CyberArk vault credential files https://research.nccgroup.com/2021/10/08/reverse-engineering-and-decrypting-cyberark-vault-credential-files/ 8 comments 8/10/2021 netsec

Detecting Rclone – An Effective Tool for Exfiltration - detecting rclone via Sigma rules - which is a precursor step for some threat actors to do their exfil before ransomware deployment https://research.nccgroup.com/2021/05/27/detecting-rclone-an-effective-tool-for-exfiltration/ 6 comments 28/5/2021 netsec

Technical Advisory – 15 Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches including remote pre-auth firmware installation (which isn't cryptographically signed) https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ 6 comments 10/3/2021 netsec

Deception Engineering: exploring the use of Windows Service Canaries against ransomware https://research.nccgroup.com/2021/03/04/deception-engineering-exploring-the-use-of-windows-service-canaries-against-ransomware/ 7 comments 4/3/2021 netsec

Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes https://research.nccgroup.com/2021/03/03/wubes-leveraging-the-windows-10-sandbox-for-arbitrary-processes/ 5 comments 4/3/2021 netsec

Abusing cloud services to fly under the radar - NCC Group and Fox-IT have been tracking a threat group with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to passenger data from the airline industry who regularly use cloud services. https://research.nccgroup.com/2021/01/12/abusing-cloud-services-to-fly-under-the-radar/ 2 comments 12/1/2021 netsec

Building an RDP Credential Catcher for Threat Intelligence https://research.nccgroup.com/2021/01/10/building-an-rdp-credential-catcher-for-threat-intelligence/ 2 comments 11/1/2021 netsec

Decrypting OpenSSH sessions for fun and profit - Decrypt SSH session and gain knowledge of it by recovering key material from the memory snapshot - the research into OpenSSH and release some tools to dump OpenSSH from memory https://research.nccgroup.com/2020/11/11/decrypting-openssh-sessions-for-fun-and-profit/ 12 comments 14/11/2020 netsec

There’s A Hole In Your SoC: Glitching The MediaTek BootROM https://research.nccgroup.com/2020/10/15/theres-a-hole-in-your-soc-glitching-the-mediatek-bootrom/ 2 comments 17/10/2020 reverseengineering

Multiple HTML Injection Vulnerabilities in KaiOS (a mobile OS based on Firefox OS) Pre-installed Mobile Applications https://research.nccgroup.com/2020/08/21/technical-advisory-multiple-html-injection-vulnerabilities-in-kaios-pre-installed-mobile-applications/ 3 comments 22/8/2020 netsec

Exploring macOS Calendar - One-click file disclosure via malicious calendar events (CVE-2020-3882) https://research.nccgroup.com/2020/05/28/exploring-macos-calendar-alerts-part-2-exfiltrating-data-cve-2020-3882/ 9 comments 28/5/2020 netsec

CVE-2018-8611 Exploiting Windows KTM Part 4/5 – From race win to kernel read and write primitive https://research.nccgroup.com/2020/05/18/cve-2018-8611-exploiting-windows-ktm-part-4-5-from-race-win-to-kernel-read-and-write-primitive/ 3 comments 18/5/2020 netsec

Tool Release – Socks Over RDP https://research.nccgroup.com/2020/05/06/tool-release-socks-over-rdp/ 5 comments 6/5/2020 netsec

LDAPFragger: Bypassing network restrictions using LDAP attributes - to control workstations in two isolated segments remotely with Cobalt Strike, we built a tool that uses the shared Active Directory component to build a communication channel. https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/ 5 comments 19/3/2020 netsec

Deep Dive into Real-World Kubernetes Threats https://research.nccgroup.com/2020/02/12/command-and-kubectl-talk-follow-up/ 3 comments 12/2/2020 netsec

Tool Release – Collaborator++ for Burp Suite https://research.nccgroup.com/2020/01/28/tool-release-collaborator/ 3 comments 28/1/2020 netsec

On Linux's Random Number Generation https://research.nccgroup.com/2019/12/19/on-linuxs-random-number-generation/ 18 comments 21/12/2019 crypto

On Linux's Random Number Generation https://research.nccgroup.com/2019/12/19/on-linuxs-random-number-generation/ 15 comments 21/12/2019 programming

On Linux's Random Number Generation https://research.nccgroup.com/2019/12/19/on-linuxs-random-number-generation/ 19 comments 20/12/2019 linux

On Linux's Random Number Generation https://research.nccgroup.com/2019/12/19/on-linuxs-random-number-generation/ 30 comments 20/12/2019 netsec

Hacker News

Lobsters

Reddit