UK SC RSS Feed en-GB Fri, 19 Jan 2018 02:00:00 GMT (c) Copyright 2018 NCC Group UK SC RSS Feed 20 20 <![CDATA[NCC Group's trends of 2018]]> For better or worse, 2017 was a memorable year across the technology and cyber security landscapes. Data breaches were massive...]]> Fri, 19 Jan 2018 02:00:00 GMT <![CDATA[Mandatory data breach notification: Are you ready?]]> This blog discusses the Australian mandatory data breach notification scheme, and how to know if your organisation is prepared.]]> Fri, 19 Jan 2018 01:00:00 GMT <![CDATA[From Splunk 5.x to 7.0: Just what have you been missing out on?]]> In this blog we discuss the top 10 changes between Splunk versions 5.x and 7.0 that has had the biggest impacts on users.]]> Fri, 12 Jan 2018 02:00:00 GMT <![CDATA[What can ‘ghost ships’ tell us about the North Korean cyber threat?]]> In this blog we discuss the link between an increase in ships washing ashore in Japan and the cyber threat from North Korea.]]> Thu, 21 Dec 2017 02:00:00 GMT <![CDATA[HIDDEN COBRA Volgmer: A technical analysis]]> In November, US-CERT published two alerts about malicious activity by the North Korean government, referred to as HIDDEN COBRA...]]> Wed, 13 Dec 2017 02:00:00 GMT <![CDATA[BlackHat Europe 2017: NCC Group pre-event challenge part two]]> Following on from the cipher challenge released recently in the build up to BlackHat EU (Hint: people seem to have had more...]]> Tue, 05 Dec 2017 00:00:00 GMT <![CDATA[Black Hat Europe 2017: NCC Group’s pre-event challenges part one]]> Black Hat Europe 2017 is less than one week away, so we thought it would be fun to release a couple of security challenges to...]]> Wed, 29 Nov 2017 04:00:00 GMT <![CDATA[Eggplant AI from Testplant: No test automation experience, no problem]]> At the start of November, Testplant launched Eggplant AI, a brand new addition to the digital test specialist’s Eggplant...]]> Wed, 29 Nov 2017 02:00:00 GMT <![CDATA[Kubernetes security: Consider your threat model]]> One of the questions that I've been asked on multiple occasions when presenting on Kubernetes security is...]]> Thu, 23 Nov 2017 02:00:00 GMT <![CDATA[Common security issues in Azure & the importance of configuring your cloud environment]]> Azure audits (or Azure configuration reviews) are slowly becoming more common as larger organisations move their infrastructure...]]> Tue, 21 Nov 2017 02:00:00 GMT <![CDATA[Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1]]> Exodus Intel released how they exploited [1] CVE-2016-1287 for IKEv2 in February 2016, but there wasn't anything public for...]]> Fri, 10 Nov 2017 02:00:00 GMT <![CDATA[WhatsApp scams and the use of internationalised domain names]]> There has recently been widespread reporting of scams that are circulating in the UK on the WhatsApp messaging platform, an...]]> Thu, 09 Nov 2017 02:00:00 GMT <![CDATA[Bypassing Android’s Network Security Configuration]]> With the release of Android Nougat (Android 7) came a new security feature called Network Security Configuration.]]> Fri, 03 Nov 2017 02:00:00 GMT <![CDATA[Cisco ASA series part seven: Checkheaps]]> As part of our ongoing series we would like to talk about Cisco's Checkheaps security and stability mechanism.]]> Thu, 26 Oct 2017 01:00:00 GMT <![CDATA[BadRabbit ransomware hits targets within Eastern Europe]]> In this blog we provide a summary of all the details known about the latest Bad Rabbit ransomware outbreak.]]> Wed, 25 Oct 2017 02:00:00 GMT <![CDATA[Cisco ASA series part six: Cisco ASA mempools]]> In part five, we document some of the details around Cisco ASA mempools and how the mempool-related functions wrap more...]]> Mon, 23 Oct 2017 02:00:00 GMT <![CDATA[Exploring SIEM solutions and their security benefits]]> A blog explaining what a SIEM is, and how it fits into the security posture of enterprises.]]> Tue, 17 Oct 2017 02:00:00 GMT <![CDATA[Employee Spotlight: Anthony, Principal Security Consultant, Australia]]> Anthony Caulfield, Principal Security Consultant for NCC Group in Sydney, features in our latest Employee Spotlight.]]> Mon, 16 Oct 2017 04:00:00 GMT <![CDATA[Cisco ASA series part five: libptmalloc gdb plugin]]> We're releasing a gdb plugin for analysing ptmalloc2. This plugin is essentially a fork from an older version of cloudburst's...]]> Mon, 16 Oct 2017 02:00:00 GMT <![CDATA[Policy as Code: An opportunity to increase resilience while lowering the cost of compliance]]> Cyber resilience is now a game of scale, complexity, compliance and cost. On one hand, we have organisations and supply chains...]]> Mon, 16 Oct 2017 01:00:00 GMT <![CDATA[Avoid a data hostage situation with Managed NTM from NCC Group]]> Ransomware is one of the biggest security challenges facing businesses of all sizes. And as organisations seek to streamline...]]> Fri, 13 Oct 2017 02:00:00 GMT <![CDATA[How recent data breaches can help you avoid a catfish attack]]> Suggestions that recent, high profile data breaches were enabled with so-called ‘catfish’ operations should not come as a...]]> Thu, 12 Oct 2017 10:00:00 GMT <![CDATA[Can we nudge our way to improved cyber security? Why a simple thank you might help]]> When the new Nobel Economics laureate, Dr Richard Thaler, was asked how he would spend the more than one million dollars in...]]> Thu, 12 Oct 2017 02:00:00 GMT <![CDATA[Cisco ASA series part four: dlmalloc-2.8.x, libdlmalloc, & dlmalloc on Cisco ASA]]> This article is meant to provide a summary of some key functionality for dlmalloc-2.8.x and introduce a debugging plugin called...]]> Mon, 09 Oct 2017 02:00:00 GMT <![CDATA[SusanRTTI: an IDAPython plugin for viewing run-time type information]]> Run‐type type information, or RTTI, refers to class information present in compiled C++ binaries. Depending on the class...]]> Thu, 05 Oct 2017 00:00:00 GMT <![CDATA[Splunk .conf2017 highlights]]> This blog post provides highlights of Splunk .conf2017. ]]> Tue, 03 Oct 2017 00:00:00 GMT <![CDATA[Decoder Improved Burp Suite Plugin Release, Part 2]]> In the previous blog post, we walked through the primary benefits of using Decoder Improved over the Burp Suite’s built-in...]]> Tue, 03 Oct 2017 00:00:00 GMT <![CDATA[Cisco ASA series part three: Debugging Cisco ASA firmware]]> Cisco ASA series part three: Debugging Cisco ASA firmware]]> Mon, 02 Oct 2017 01:00:00 GMT <![CDATA[Splunk 5.x: EOL & what does that mean for you?]]> End of life for Splunk 5.x has officially been announced, so we explore the implications for businesses that currently use 5.x.]]> Fri, 29 Sep 2017 03:00:00 GMT <![CDATA[Splunk .conf2017: Splunk 7 released and other news]]> We explore the latest news from Splunk's annual conference, plus details on new version 7.0.0, including how you can upgrade.]]> Fri, 29 Sep 2017 02:00:00 GMT <![CDATA[Cisco ASA series part two: Static analysis & datamining of Cisco ASA firmware]]> During our research, we ended up wanting to analyse a large number of Cisco ASA firmware files. Most importantly, we needed to...]]> Mon, 25 Sep 2017 02:00:00 GMT <![CDATA[Cisco ASA series part one: Intro to the Cisco ASA]]> We’ve spent a bunch of time investigating Cisco ASA devices and their firmware while looking into exploiting CVE-2016-1287...]]> Wed, 20 Sep 2017 02:00:00 GMT <![CDATA[EternalGlue part one: Rebuilding NotPetya to assess real-world resilience]]> We were engaged by a client back in June 2017 to rebuild NotPetya from scratch. However, instead of the data destruction...]]> Tue, 19 Sep 2017 02:00:00 GMT <![CDATA[Machiavelli not Monty: Why CISOs may need a degree in politics more than security]]> A recent Twitter exchange between the military historian Jill S. Russell and journalist Tom Ricks on a question of modern...]]> Mon, 18 Sep 2017 02:00:00 GMT <![CDATA[Decoder Improved Burp Suite plugin release part one]]> Burp Suite’s built-in decoder component, while useful, is missing important features and cannot be extended. To remedy this...]]> Wed, 13 Sep 2017 00:00:00 GMT <![CDATA[NCC Group at BSides Manchester 2017]]> In August, BSides Manchester returned for its fourth year, providing a fantastic showcase of the northern InfoSec community...]]> Tue, 12 Sep 2017 02:00:00 GMT <![CDATA[Rare ASP.NET request validation bypass using request encoding]]> This blog outlines an issue that allowed us to bypass the ASP.NET request validation capability.]]> Fri, 08 Sep 2017 17:00:00 GMT <![CDATA[Employee spotlight: Tony, Principal Security Consultant, NCC Group North America]]> Tony Cargile, Principal Security Consultant in our Austin office, talks about his time at NCC Group, career progression and more. ]]> Thu, 07 Sep 2017 03:00:00 GMT <![CDATA[Poison Ivy string decryption]]> This is a short and quick blog to share with you, as promised, the IDAPython script used to decrypt Poison Ivy strings...]]> Thu, 07 Sep 2017 02:00:00 GMT <![CDATA[Invoice fraud: Third party vulnerabilities]]> No matter how secure your IT network is, you or your customers can still be defrauded due to a third party’s vulnerabilities.]]> Wed, 06 Sep 2017 02:00:00 GMT <![CDATA[Common CSRF prevention misconceptions]]> At NCC Group we’ve noticed, among applicants and the general public, some common misconceptions regarding CSRF]]> Tue, 05 Sep 2017 00:00:00 GMT <![CDATA[Signaturing an Authenticode anomaly with Yara]]> Investigating the use of Yara to detect inconsistencies between PE file timestamps and Authenticode signing certificates.]]> Fri, 01 Sep 2017 03:00:00 GMT <![CDATA[Analysing a recent Poison Ivy sample]]> In a recent blog post, Fortinet discussed a new version of Poison Ivy spreading through malicious PowerPoint files...]]> Thu, 31 Aug 2017 02:00:00 GMT <![CDATA[Educational Tools for Binary Ninja]]> A series of plugins designed to improve Binary Ninja’s potential as a tool for beginners.]]> Wed, 30 Aug 2017 00:00:00 GMT <![CDATA[DeLux Edition: Getting root privileges on the eLux Thin Client OS]]> While on an engagement I came across a thin client running the eLux Linux distribution...]]> Thu, 24 Aug 2017 02:00:00 GMT <![CDATA[Request encoding to bypass web application firewalls]]> This blog post introduces a technique to send HTTP requests using encoding. This method should be added to the list of tests...]]> Wed, 23 Aug 2017 02:00:00 GMT <![CDATA[CENTA: A global cyber advisory practice for regulated industries]]> NCC Group has formed a new global advisory practice called the Centre for Evolved Next-generation Threat Assurance (CENTA).]]> Tue, 22 Aug 2017 02:00:00 GMT <![CDATA[Introducing G-Scout]]> G‐Scout is a tool to help assess the security of Google Cloud Platform (GCP) environment configurations.]]> Tue, 15 Aug 2017 00:00:00 GMT <![CDATA[Incremental threat modelling: A follow-up]]> In May 2017, I gave a talk at AppSecEu about incremental threat modelling. The audience was great and we had excellent...]]> Mon, 14 Aug 2017 02:00:00 GMT <![CDATA[When a web application SSRF causes the cloud to rain credentials & more]]> This blog post reviews an interesting Server-Side Request Forgery (SSRF) technique against applications that are in cloud...]]> Fri, 11 Aug 2017 00:00:00 GMT