Research Blog

We’ve published a whitepaper about how we built WiMap, which is a Wi-Fi mapping drone.  The paper includes details of the methods used to create, from parts, a hexacopter capable of being controlled over 3/4G and equipped to perform wireless and infrastructure assessments. We’d love to hear your feedback via the comments section or via […]

This whitepaper details the vulnerability and examines some of the concepts needed for browser exploitation before describing how to construct a working exploit that exits gracefully. Download whitepaper Authored by Katy Winterborn

This whitepaper details the vulnerability and examines some of the concepts needed for browser exploitation before describing how to construct a working exploit that exits gracefully. Download Whitepaper: Click to access cve-2014-0282.pdf Authored by Katy Winterborn

Six years ago, NCC Group researchers Tim Newsham and Jesse Hertz released TriforceAFL – an extension of the American Fuzzy Lop (AFL) fuzzer which supports full-system fuzzing using QEMU – but unfortunately the associated whitepaper for this work was never published. Today, we’re releasing it for the curious reader and historical archives alike. While fuzzing […]

Introduction netlink and nf_tables Overview Sets Expressions Set Expressions Stateful Expressions Expressions of Interest nft_lookup nft_dynset nft_connlimit Vulnerability Discovery CVE-2022-32250 Analysis Set Creation Set Deactivation Initial Limited UAF Write Exploitation Building an Initial Plan Offsets We Can Write at Into the UAF Chunk Hunting for Replacement Objects What Pointer Do We Want to Arbitrary Free? […]

This paper collects a set of notes and research projects conducted by NCC Group on the topic of the security of Machine Learning (ML) systems. The objective is to provide some industry perspective to the academic community, while collating helpful references for security practitioners, to enable more effective security auditing and security-focused code review of ML systems. Details of specific practical attacks and common security problems are described. Some general background information on the broader subject of ML is also included, mostly for context, to ensure that explanations of attack scenarios are clear, and some notes on frameworks and development processes are provided.

Double fetch vulnerabilities in C and C++ have been known about for a number of years. However, they can appear in multiple forms and can have varying outcomes. As much of this information is spread across various sources, this whitepaper draws the knowledge together into a single place, in order to better describe the different […]

For the past few years, NCC Group has been an industry partner to the Centre for Doctoral Training in Data Intensive Science (CDT in DIS) at University College London (UCL). CDT is composed of a group of over 80 academics from across UCL in areas such as High Energy Physics, Astrophysics, Atomic and Molecular Physics, […]

KaiOS is a mobile operating system, forked from the discontinued Firefox OS, in which all the mobile applications running on a KaiOS-based mobile device are built using web technologies, such as HTML, JavaScript, and CSS. In this independent research project, we demonstrate that six of the pre-installed mobile applications are vulnerable to remote, and local, […]

NCC Group’s Transport Security Practice has co-authored with the Surrey Center for Cyber Security and the Surrey Space Center a new paper titled ‘Cyber security in New Space’. It provides analysis of the threats, challenges and key technologies related to the satellite industry.