US Blog RSS Feed en Fri, 16 Mar 2018 03:00:00 GMT (c) Copyright 2018 NCC Group US Blog RSS Feed 30 30 <![CDATA[Revisiting security debt: Are we ready to have a discussion yet?]]> A discussion on software security debt and its increasing importance of organizations.]]> Fri, 16 Mar 2018 03:00:00 GMT <![CDATA[Introducing BLEBoy]]> This blog introduces BLEboy, which allows users to understand and test BLE device communication security. ]]> Mon, 12 Mar 2018 00:00:00 GMT <![CDATA[APT15 is alive and strong: An analysis of RoyalCli and RoyalDNS]]> In May 2017, NCC Group's Incident Response team reacted to an ongoing incident where our client, which provides a range of...]]> Fri, 09 Mar 2018 22:00:00 GMT <![CDATA[NCC CON North America 2018: Taking Over San Diego]]> This past January, we gathered over 300 employees from our North American offices for NCC CON 2018 in San Diego.]]> Thu, 08 Mar 2018 00:00:00 GMT <![CDATA[EternalGlue part two: A rebuilt NotPetya gets its first execution outside of the lab]]> In June 2017, we were asked by a client to rebuild NotPetya from scratch. Instead of the data destruction payload, they asked...]]> Thu, 15 Feb 2018 02:00:00 GMT <![CDATA[Data Privacy: What’s Your Identity Worth?]]> When it comes to data privacy, organizations should be taking a proactive approach, not reactive. Learn why. ]]> Tue, 13 Feb 2018 00:00:00 GMT <![CDATA[AutoRepeater: Automated HTTP Request Repeating With Burp Suite]]> This blog is an overview of AutoRepeater, an open source Burp Suite extension.]]> Tue, 30 Jan 2018 00:00:00 GMT <![CDATA[Security oversight: The big picture view of security 2018]]> This blog discusses the importance of understanding the big picture of security via effective business metrics. ]]> Fri, 26 Jan 2018 02:00:00 GMT <![CDATA[Spectre and Meltdown: What you need to know]]> In the first days of 2018, a number of vulnerabilities were disclosed that are present in many modern-day CPUs. ]]> Fri, 26 Jan 2018 01:00:00 GMT <![CDATA[From Splunk 5.x to 7.0: Just what have you been missing out on?]]> In this blog we discuss the top 10 changes between Splunk versions 5.x and 7.0 that has had the biggest impacts on users.]]> Fri, 12 Jan 2018 02:00:00 GMT <![CDATA[34C3 Tool Release: Cachegrab]]> Today, NCC Group is releasing Cachegrab, a tool designed to help perform and visualize trace-driven cache attacks against...]]> Wed, 27 Dec 2017 00:00:00 GMT <![CDATA[Eggplant AI from Testplant: No test automation experience, no problem]]> At the start of November, Testplant launched Eggplant AI, a brand new addition to the digital test specialist’s Eggplant...]]> Wed, 29 Nov 2017 02:00:00 GMT <![CDATA[Kubernetes security: Consider your threat model]]> One of the questions that I've been asked on multiple occasions when presenting on Kubernetes security is...]]> Thu, 23 Nov 2017 02:00:00 GMT <![CDATA[Common security issues in Azure & the importance of configuring your cloud environment]]> Azure audits (or Azure configuration reviews) are slowly becoming more common as larger organisations move their infrastructure...]]> Tue, 21 Nov 2017 02:00:00 GMT <![CDATA[Cisco ASA series part eight: Exploiting the CVE-2016-1287 heap overflow over IKEv1]]> Exodus Intel released how they exploited [1] CVE-2016-1287 for IKEv2 in February 2016, but there wasn't anything public for...]]> Fri, 10 Nov 2017 02:00:00 GMT <![CDATA[Cisco ASA series part seven: Checkheaps]]> As a part of our ongoing series we would like to talk about Cisco's Checkheaps security and stability mechanism. ]]> Thu, 26 Oct 2017 01:00:00 GMT <![CDATA[Bad Rabbit ransomware hits targets within Eastern Europe]]> As you may have seen in the news, a new ransomware outbreak named Bad Rabbit reached Eastern Europe this week.]]> Wed, 25 Oct 2017 02:00:00 GMT <![CDATA[Cisco ASA series part six: Cisco ASA mempools]]> In part six, we document some of the details around Cisco ASA mempools and how the mempool-related functions wrap more...]]> Mon, 23 Oct 2017 02:00:00 GMT <![CDATA[Employee Spotlight: Anthony, Principal Security Consultant, Australia]]> Anthony Caulfield, Principal Security Consultant for NCC Group in Sydney, features in our latest Employee Spotlight.]]> Mon, 16 Oct 2017 04:00:00 GMT <![CDATA[Cisco ASA series part five: libptmalloc gdb plugin]]> We're releasing a gdb plugin for analyzing ptmalloc2. This plugin is essentially a fork from an older version of cloudburst's...]]> Mon, 16 Oct 2017 02:00:00 GMT <![CDATA[Cisco ASA series part four: dlmalloc-2.8.x, libdlmalloc, & dlmalloc on Cisco ASA]]> This article is meant to provide a summary of some key functionality for dlmalloc-2.8.x and introduce a debugging plugin called...]]> Mon, 09 Oct 2017 02:00:00 GMT <![CDATA[SusanRTTI: an IDAPython plugin for viewing run-time type information]]> Run‐type type information, or RTTI, refers to class information present in compiled C++ binaries. Depending on the class...]]> Thu, 05 Oct 2017 00:00:00 GMT <![CDATA[Splunk .conf2017 highlights]]> This blog post provides highlights of Splunk .conf2017.]]> Tue, 03 Oct 2017 00:00:00 GMT <![CDATA[Decoder Improved Burp Suite Plugin Release, Part 2]]> In the previous blog post, we walked through the primary benefits of using Decoder Improved over the Burp Suite’s built-in...]]> Tue, 03 Oct 2017 00:00:00 GMT <![CDATA[Cisco ASA series part three: Debugging Cisco ASA firmware]]> We have developed a small framework of tools to automate the debugging of most Cisco ASA firmware files using gdb, while...]]> Mon, 02 Oct 2017 01:00:00 GMT <![CDATA[Splunk 5.x: EOL & what does that mean for you?]]> End of life for Splunk 5.x has officially been announced, so we explore the implications for business that currently use 5.x.]]> Fri, 29 Sep 2017 03:00:00 GMT <![CDATA[Splunk .conf2017: Splunk 7 released and other news]]> We explore the latest news from Splunk's annual conference, plus details on new version 7.0.0, including how you can upgrade.]]> Fri, 29 Sep 2017 02:00:00 GMT <![CDATA[Cisco ASA series part two: Static analysis & datamining of Cisco ASA firmware]]> During our research, we ended up wanting to analyse a large number of Cisco ASA firmware files. Most importantly, we needed to...]]> Mon, 25 Sep 2017 02:00:00 GMT <![CDATA[Cisco ASA series part one: Intro to the Cisco ASA]]> We’ve spent a bunch of time investigating Cisco ASA devices and their firmware while looking into exploiting CVE-2016-1287...]]> Wed, 20 Sep 2017 02:00:00 GMT <![CDATA[EternalGlue part one: Rebuilding NotPetya to assess real-world resilience]]> Tl;dr - we were engaged by a client back in June 2017 to rebuild NotPetya from scratch. However, instead of the data destruction..]]> Tue, 19 Sep 2017 02:00:00 GMT <![CDATA[Decoder Improved Burp Suite Plugin Release, Part 1]]> Burp Suite’s built-in decoder component, while useful, is missing important features and cannot be extended. To remedy this...]]> Wed, 13 Sep 2017 00:00:00 GMT <![CDATA[Employee spotlight: Tony, Principal Security Consultant, NCC Group North America]]> Tony Cargile, Principal Security Consultant in our Austin office, talks about his time at NCC Group, career progression and more. ]]> Thu, 07 Sep 2017 03:00:00 GMT <![CDATA[Common CSRF Prevention Misconceptions]]> At NCC Group we’ve noticed, among applicants and the general public, some common misconceptions regarding CSRF]]> Tue, 05 Sep 2017 00:00:00 GMT <![CDATA[Educational Tools for Binary Ninja]]> A series of plugins designed to improve Binary Ninja’s potential as a tool for beginners.]]> Wed, 30 Aug 2017 00:00:00 GMT <![CDATA[DeLux Edition: Getting root privileges on the eLux Thin Client OS]]> While on an engagement I came across a thin client running the eLux Linux distribution...]]> Thu, 24 Aug 2017 02:00:00 GMT <![CDATA[Introducing G-Scout]]> G‐Scout is a tool to help assess the security of Google Cloud Platform (GCP) environment configurations.]]> Tue, 15 Aug 2017 00:00:00 GMT <![CDATA[Incremental threat modelling: A follow-up]]> ]]> Mon, 14 Aug 2017 02:00:00 GMT <![CDATA[When a web application SSRF causes the cloud to rain credentials & more]]> This blog post reviews an interesting Server-Side Request Forgery (SSRF) technique against applications that are in cloud...]]> Fri, 11 Aug 2017 00:00:00 GMT <![CDATA[Smuggling HTA files in Internet Explorer/Edge]]> In this blog post, we will demonstrate how attackers can serve malicious HTML Application (HTA) [1] files in a way that may...]]> Tue, 08 Aug 2017 02:00:00 GMT <![CDATA[Developing Trust and Gitting Betrayed]]> At NCC Group, one of our core offerings for clients is performing external network penetration tests. In these tests, we...]]> Mon, 07 Aug 2017 00:00:00 GMT <![CDATA[FedEx & TNT Express: A lesson in M&A cyber security due diligence & collateral economic disruption]]> In August 2015, FedEx started an acquisition process of TNT Express which it concluded nine months later in May 2016...]]> Thu, 03 Aug 2017 02:00:00 GMT <![CDATA[Penetration testing: Thinking in scenarios]]> We explore what penetration testing’s various definitions are today and how scenario-based penetration testing allows...]]> Fri, 28 Jul 2017 02:00:00 GMT <![CDATA[Sobelow: Static analysis for the Phoenix Framework]]> The Phoenix Framework is a relatively new web framework, powered by the Elixir programming language. Elixir runs on the...]]> Thu, 27 Jul 2017 00:00:00 GMT <![CDATA[Call Map: A Tool for Navigating Call Graphs in Python]]> Call Map is a tool for navigating call graphs in Python, with plans to support other languages. ]]> Tue, 18 Jul 2017 00:00:00 GMT <![CDATA[When batteries go bang as electric cars charge: Insights from a cyber security perspective]]> Insights from a cyber security perspective as to why lithium-ion batteries catch fire. ]]> Thu, 13 Jul 2017 00:00:00 GMT <![CDATA[Live incident blog: June Global Ransomware outbreak]]> Today we saw another outbreak of ransomware. This blog is live and will be updated as we know more.]]> Tue, 27 Jun 2017 02:00:00 GMT <![CDATA[AssetHook: A Redirector for Android Asset Files Using Old Dogs and Modern Tricks]]> AssetHook is a tool that enables Android security researchers & pentesters to modify the asset portions of Android applications...]]> Fri, 26 May 2017 00:00:00 GMT <![CDATA[WSSiP: A WebSocket Manipulation Proxy]]> WSSiP is a tool for viewing, interacting with, and manipulating WebSocket messages between a browser and web server.]]> Tue, 16 May 2017 00:00:00 GMT <![CDATA[The Countdown to GDPR]]> The long-anticipated EU General Data Protection Regulation (GDPR) takes effect on May 25, 2018 replacing the 1995 EU Data...]]> Fri, 28 Apr 2017 00:00:00 GMT <![CDATA[Technical Advisory: Command Injection and CSRF in Quantenna Chip Affecting Multiple Networking Devices]]> Technical Advisory: Command Injection and CSRF in Quantenna Chip Affecting Multiple Networking Devices]]> Wed, 26 Apr 2017 00:00:00 GMT