5G security – how to minimise the threats to a 5G network
To ensure security of new 5G telecom networks, NCC Group has been providing guidance, conducting code reviews, red team engagements and pentesting 5G standalone and non-standalone networks since 2019. As with any network various attackers are motivated by different reasons. An attacker could be motivated to either gain information about subscribers on an operator’s network […]
Tool Release – insject: A Linux Namespace Injector
tl;dr Grab the release binary from our repo and have fun. Also, happy new year; 2021 couldn’t end soon enough. Background A while back, I was asked by one of my coworkers on the PSC team about ways in which to make their custom credit card data scanner cloud native to assess Kubernetes clusters. While […]
Testing Infrastructure-as-Code Using Dynamic Tooling
Erik Steringer, NCC Group Overview TL;DR: Go check out https://github.com/ncc-erik-steringer/Aerides As public cloud service consumption has grown, engineering and security professionals have responded with different tools and techniques to achieve security in the cloud. As a consultancy, we at NCC Group have published multiple tools that we use to guide testing and identify risks for […]
Detection Engineering for Kubernetes clusters
Written by Ben Lister and Kane Ryans This blog post details the collaboration between NCC Group’s Detection Engineering team and our Containerisation team in tackling detection engineering for Kubernetes. Additionally, it describes the Detection Engineering team’s more generic methodology around detection engineering for new/emerging technologies and how it was used when developing detections for Kubernetes-based […]
NSA & CISA Kubernetes Security Guidance – A Critical Review
Last month, the United States’ National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report (CTR) detailing the security hardening they recommend be applied to Kubernetes clusters, which is available here. The guidance the document contains is generally reasonable, but there are several points which are either incorrect or […]
Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes
Wubes is like Qubes but for Microsoft Windows. The idea is to leverage the Windows Sandbox technology to spawn applications in isolation. We currently support spawning a Windows Sandbox for the Firefox browser, with other applications easily added.
ABSTRACT SHIMMER (CVE-2020-15257): Host Networking is root-Equivalent, Again
This post is a technical discussion of the underlying vulnerability of CVE-2020-15257, and how it can be exploited. Our technical advisory on this issue is available here, but this post goes much further into the process that led to finding the issue, the practicalities of exploiting the vulnerability itself, various complications around fixing the issue, […]
The CIS Security Standard for Docker available now
This is just a short blog post to announce the availability of the new CIS Security Standard for Docker 1.12 which NCC Group was involved in co-authoring and contributing to. The Docker project (and containerisation as a concept in general) has become a hot topic in various aspects of IT over the last few years. […]
Adventures in Xen Exploitation
tl;dr This post is about my experience trying to exploit the Xen SYSRET bug (CVE-2012-0217). This issue was patched in June 2012 and was disclosed in Xen Security Advisory 7 [1]. The bug was found by Rafal Wojtczuk and Jan Beulich. Rafal gave a talk about it at BlackHat USA 2012, [2][3]. Xen versions unpatched […]