Skip to navigation Skip to main content Skip to footer

Research Blog

Insights and research from our global cybersecurity team.

Filter content

Technical Advisory: Xiaomi 13 Pro Code Execution via GetApps DOM Cross-Site Scripting (XSS)


Read more
Ken Gannon

24 Sep 2024

The Dark Side: How Threat Actors Leverage AnyDesk for Malicious Activities


Read more

16 Sep 2024

BlackHat USA 2024 - Listen-Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap


Read more
Alex Plaskett
Robert Herrera

08 Aug 2024

Public Report - Security Risks of AI Hardware for Personal and Edge Computing Devices


Read more
Public Reports

15 Jul 2024

Stepping Stones – A Red Team Activity Hub

Executive Summary NCC Group is pleased to open source a new tool built to help Red Teams log their activity for later correlation with the Blue Team’s own logging. What started as a simple internal web based data-collection tool has grown to integrate with Cobalt Strike and BloodHound to improve the accuracy and ease of […]
Read more
Stephen Tomkinson
Public tools
Tool Release

12 Jun 2024

Pumping Iron on the Musl Heap – Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap

Pumping Iron on the Musl Heap – Real World CVE-2022-24834 Exploitation on an Alpine mallocng Heap Lua 5.1 Musl’s Next Generation Allocator – aka mallocng mallocng Cycling Offset Exploiting CVE-2022-24834 on the mallocng heap mallocng Heap Shaping Ensuring Correct Target Table->Array Distance Lua Table Confusion redis-server/libc ASLR Bypass and Code Execution Conclusion Resources Tools This […]
Read more
Aaron Adams
Vulnerability Research

11 Jun 2024

Enumerating System Management Interrupts

System Management Interrupts (SMI) provide a mechanism for entering System Management Mode (SMM) which primarily implements platform-specific functions related to power management. SMM is a privileged execution mode with access to the complete physical memory of the system, and to which the operating system has no visibility. This makes the code running in SMM an […]
Read more
Carles Pey
Cyber Security
Hardware & Embedded Systems
Tool Release

10 Jun 2024

Real World Cryptography Conference 2024

This year’s Real World Cryptography Conference recently took place in Toronto, Canada. As usual, this conference organized by the IACR showcased recent academic results and industry perspectives on current cryptography topics over three days of presentations. A number of co-located events also took place before and after the conference, including the FHE.org Conference, the Real […]
Read more
Paul Bottinelli
Cryptography
Conferences

07 Jun 2024

Public Report – Keyfork Implementation Review

In April 2024, Distrust engaged NCC Group’s Cryptography Services team to perform a cryptographic security assessment of keyfork, described as “an opinionated and modular toolchain for generating and managing a wide range of cryptographic keys offline and on smartcards from a shared mnemonic phrase”. The tool is intended to be run on an air-gapped system […]
Read more
R.Rivera
Cryptography
Public Reports

06 Jun 2024

Cross-Execute Your Linux Binaries, Don’t Cross-Compile Them

Lolbins? Where we’re going, we don’t need lolbins. At NCC Group, as a consultant in our hardware and embedded systems practice1, I often get to play with various devices, which is always fun, but getting your own software to run on them can be a bit of a pain.This article documents a few realisations and […]
Read more
Domen Puncer Kugler
Hardware & Embedded Systems

05 Jun 2024