UK SC RSS Feed en-GB Tue, 17 Oct 2017 02:00:00 GMT (c) Copyright 2017 NCC Group UK SC RSS Feed 20 20 <![CDATA[Exploring SIEM solutions and their security benefits]]> A blog explaining what a SIEM is, and how it fits into the security posture of enterprises.]]> Tue, 17 Oct 2017 02:00:00 GMT <![CDATA[Employee Spotlight: Anthony, Principal Security Consultant, Australia]]> Anthony Caulfield, Principal Security Consultant for NCC Group in Sydney, features in our latest Employee Spotlight.]]> Mon, 16 Oct 2017 04:00:00 GMT <![CDATA[Cisco ASA series part five: libptmalloc gdb plugin]]> We're releasing a gdb plugin for analysing ptmalloc2. This plugin is essentially a fork from an older version of cloudburst's...]]> Mon, 16 Oct 2017 02:00:00 GMT <![CDATA[Policy as Code: An opportunity to increase resilience while lowering the cost of compliance]]> Cyber resilience is now a game of scale, complexity, compliance and cost. On one hand, we have organisations and supply chains...]]> Mon, 16 Oct 2017 01:00:00 GMT <![CDATA[Avoid a data hostage situation with Managed NTM from NCC Group]]> Ransomware is one of the biggest security challenges facing businesses of all sizes. And as organisations seek to streamline...]]> Fri, 13 Oct 2017 02:00:00 GMT <![CDATA[How recent data breaches can help you avoid a catfish attack]]> Suggestions that recent, high profile data breaches were enabled with so-called ‘catfish’ operations should not come as a...]]> Thu, 12 Oct 2017 10:00:00 GMT <![CDATA[Can we nudge our way to improved cyber security? Why a simple thank you might help]]> When the new Nobel Economics laureate, Dr Richard Thaler, was asked how he would spend the more than one million dollars in...]]> Thu, 12 Oct 2017 02:00:00 GMT <![CDATA[Cisco ASA series part four: dlmalloc-2.8.x, libdlmalloc, & dlmalloc on Cisco ASA]]> This article is meant to provide a summary of some key functionality for dlmalloc-2.8.x and introduce a debugging plugin called...]]> Mon, 09 Oct 2017 02:00:00 GMT <![CDATA[SusanRTTI: an IDAPython plugin for viewing run-time type information]]> Run‐type type information, or RTTI, refers to class information present in compiled C++ binaries. Depending on the class...]]> Thu, 05 Oct 2017 00:00:00 GMT <![CDATA[Splunk .conf2017 highlights]]> This blog post provides highlights of Splunk .conf2017. ]]> Tue, 03 Oct 2017 00:00:00 GMT <![CDATA[Decoder Improved Burp Suite Plugin Release, Part 2]]> In the previous blog post, we walked through the primary benefits of using Decoder Improved over the Burp Suite’s built-in...]]> Tue, 03 Oct 2017 00:00:00 GMT <![CDATA[Cisco ASA series part three: Debugging Cisco ASA firmware]]> Cisco ASA series part three: Debugging Cisco ASA firmware]]> Mon, 02 Oct 2017 01:00:00 GMT <![CDATA[Splunk 5.x: EOL & what does that mean for you?]]> End of life for Splunk 5.x has officially been announced, so we explore the implications for businesses that currently use 5.x.]]> Fri, 29 Sep 2017 03:00:00 GMT <![CDATA[Splunk .conf2017: Splunk 7 released and other news]]> We explore the latest news from Splunk's annual conference, plus details on new version 7.0.0, including how you can upgrade.]]> Fri, 29 Sep 2017 02:00:00 GMT <![CDATA[Cisco ASA series part two: Static analysis & datamining of Cisco ASA firmware]]> During our research, we ended up wanting to analyse a large number of Cisco ASA firmware files. Most importantly, we needed to...]]> Mon, 25 Sep 2017 02:00:00 GMT <![CDATA[Cisco ASA series part one: Intro to the Cisco ASA]]> We’ve spent a bunch of time investigating Cisco ASA devices and their firmware while looking into exploiting CVE-2016-1287...]]> Wed, 20 Sep 2017 02:00:00 GMT <![CDATA[EternalGlue part one: Rebuilding NotPetya to assess real-world resilience]]> We were engaged by a client back in June 2017 to rebuild NotPetya from scratch. However, instead of the data destruction...]]> Tue, 19 Sep 2017 02:00:00 GMT <![CDATA[Machiavelli not Monty: Why CISOs may need a degree in politics more than security]]> A recent Twitter exchange between the military historian Jill S. Russell and journalist Tom Ricks on a question of modern...]]> Mon, 18 Sep 2017 02:00:00 GMT <![CDATA[Decoder Improved Burp Suite plugin release part one]]> Burp Suite’s built-in decoder component, while useful, is missing important features and cannot be extended. To remedy this...]]> Wed, 13 Sep 2017 00:00:00 GMT <![CDATA[NCC Group at BSides Manchester 2017]]> In August, BSides Manchester returned for its fourth year, providing a fantastic showcase of the northern InfoSec community...]]> Tue, 12 Sep 2017 02:00:00 GMT <![CDATA[Rare ASP.NET request validation bypass using request encoding]]> This blog outlines an issue that allowed us to bypass the ASP.NET request validation capability.]]> Fri, 08 Sep 2017 17:00:00 GMT <![CDATA[Employee spotlight: Tony, Principal Security Consultant, NCC Group North America]]> Tony Cargile, Principal Security Consultant in our Austin office, talks about his time at NCC Group, career progression and more. ]]> Thu, 07 Sep 2017 03:00:00 GMT <![CDATA[Poison Ivy string decryption]]> This is a short and quick blog to share with you, as promised, the IDAPython script used to decrypt Poison Ivy strings...]]> Thu, 07 Sep 2017 02:00:00 GMT <![CDATA[Invoice fraud: Third party vulnerabilities]]> No matter how secure your IT network is, you or your customers can still be defrauded due to a third party’s vulnerabilities.]]> Wed, 06 Sep 2017 02:00:00 GMT <![CDATA[Common CSRF prevention misconceptions]]> At NCC Group we’ve noticed, among applicants and the general public, some common misconceptions regarding CSRF]]> Tue, 05 Sep 2017 00:00:00 GMT <![CDATA[Signaturing an Authenticode anomaly with Yara]]> Investigating the use of Yara to detect inconsistencies between PE file timestamps and Authenticode signing certificates.]]> Fri, 01 Sep 2017 03:00:00 GMT <![CDATA[Analysing a recent Poison Ivy sample]]> In a recent blog post, Fortinet discussed a new version of Poison Ivy spreading through malicious PowerPoint files...]]> Thu, 31 Aug 2017 02:00:00 GMT <![CDATA[Educational Tools for Binary Ninja]]> A series of plugins designed to improve Binary Ninja’s potential as a tool for beginners.]]> Wed, 30 Aug 2017 00:00:00 GMT <![CDATA[DeLux Edition: Getting root privileges on the eLux Thin Client OS]]> While on an engagement I came across a thin client running the eLux Linux distribution...]]> Thu, 24 Aug 2017 02:00:00 GMT <![CDATA[Request encoding to bypass web application firewalls]]> This blog post introduces a technique to send HTTP requests using encoding. This method should be added to the list of tests...]]> Wed, 23 Aug 2017 02:00:00 GMT <![CDATA[CENTA: A global cyber advisory practice for regulated industries]]> NCC Group has formed a new global advisory practice called the Centre for Evolved Next-generation Threat Assurance (CENTA).]]> Tue, 22 Aug 2017 02:00:00 GMT <![CDATA[Introducing G-Scout]]> G‐Scout is a tool to help assess the security of Google Cloud Platform (GCP) environment configurations.]]> Tue, 15 Aug 2017 00:00:00 GMT <![CDATA[Incremental threat modelling: A follow-up]]> In May 2017, I gave a talk at AppSecEu about incremental threat modelling. The audience was great and we had excellent...]]> Mon, 14 Aug 2017 02:00:00 GMT <![CDATA[When a web application SSRF causes the cloud to rain credentials & more]]> This blog post reviews an interesting Server-Side Request Forgery (SSRF) technique against applications that are in cloud...]]> Fri, 11 Aug 2017 00:00:00 GMT <![CDATA[UK government cyber security guidelines for connected & autonomous vehicles]]> The Department for Transport, in conjunction with Centre for the Protection of National Infrastructure (CPNI), has created...]]> Tue, 08 Aug 2017 03:00:00 GMT <![CDATA[Smuggling HTA files in Internet Explorer/Edge]]> In this blog post, we will demonstrate how attackers can serve malicious HTML Application files in a way that may bypass...]]> Tue, 08 Aug 2017 02:00:00 GMT <![CDATA[Developing trust and gitting betrayed]]> At NCC Group, one of our core offerings for clients is performing external network penetration tests. In these tests, we...]]> Mon, 07 Aug 2017 00:00:00 GMT <![CDATA[FedEx & TNT Express: A lesson in M&A cyber security due diligence & collateral economic disruption]]> In August 2015, FedEx started an acquisition process of TNT Express which it concluded nine months later in May 2016...]]> Thu, 03 Aug 2017 02:00:00 GMT <![CDATA[The value of having a chartered engineer on the team]]> NCC Group's Paul Dart, who has recently achieved chartered engineer status from IET gives an overview of the chartership. ]]> Tue, 01 Aug 2017 00:00:00 GMT <![CDATA[Penetration testing: Thinking in scenarios]]> We explore what penetration testing’s various definitions are today and how scenario-based penetration testing allows...]]> Fri, 28 Jul 2017 02:00:00 GMT <![CDATA[Sobelow: Static analysis for the Phoenix Framework]]> The Phoenix Framework is a relatively new web framework, powered by the Elixir programming language. Elixir runs on the...]]> Thu, 27 Jul 2017 00:00:00 GMT <![CDATA[Frequently asked questions about ransomware]]> NCC Group’s Tim Anderson has summarised from the frequently asked questions that were featured in our eBook.]]> Tue, 25 Jul 2017 00:00:00 GMT <![CDATA[Silent but deadly? How cyber risk is affecting your insurance]]> This blog discusses the effects of cyber risk to businesses and their insurers.]]> Fri, 21 Jul 2017 15:00:00 GMT <![CDATA[Call Map: A tool for navigating call graphs in Python]]> Call Map is a tool for navigating call graphs in Python, with plans to support other languages. A call graph is a natural way...]]> Tue, 18 Jul 2017 00:00:00 GMT <![CDATA[UK Transport Strategy 2017 - A cyber security view: Part 1 - London]]> This blog focuses on the impact of the new transport strategies from the Mayor of London and Transport for London.]]> Fri, 14 Jul 2017 12:00:00 GMT <![CDATA[When batteries go bang as electric cars charge: Insights from a cyber security perspective]]> Insights from a cyber security perspective as to why lithium-ion batteries catch fire.]]> Thu, 13 Jul 2017 00:00:00 GMT <![CDATA[NCC Group recognised for cyber security efforts in maritime sector]]> On Friday, NCC Group was delighted to be a shortlisted runner-up in the Cyber Security category at the Seatrade Awards. ]]> Wed, 05 Jul 2017 00:00:00 GMT <![CDATA[Live incident blog: June Global ransomware outbreak]]> Today we saw another outbreak of ransomware. This blog is live and will be updated as we know more.]]> Tue, 27 Jun 2017 02:00:00 GMT <![CDATA[How NCC Group’s Network Threat Monitoring service identified an undiscovered Remote Access Trojan]]> If you pay attention to the news, it may seem as though a different organisation is being breached almost every day by new and...]]> Tue, 27 Jun 2017 02:00:00 GMT <![CDATA[A WarCon 2017 presentation: Cisco ASA - Exploiting the IKEv1 heap overflow - CVE-2016-1287]]> Exodus Intel released a proof of concept (POC) in early 2016, demonstrating how to obtain remote code execution on...]]> Thu, 15 Jun 2017 01:00:00 GMT