Frequent verification codes may appear for non-Mainland China IP visits. If visitors are severely affected, please send [IP|ASN](|AS14618) to the bottom mailbox to add to the whitelist


dby 08:01   Public Report – Confidential Space Security Review    #NCC Group Research #威胁情报 During the summer of 2022, Google engaged NCC Group to conduct a security assessment of the Confidential Space product. The system provides a confidential computing environment that allows cloud customers to run workloads in the cloud that can be attested to run a specific payload with high assuranc

dby 06:12   Exploring Prompt Injection Attacks    #NCC Group Research #威胁情报 Have you ever heard about Prompt Injection Attacks[1]? Prompt Injection is a new vulnerability that is affecting some AI/ML models and, in particular, certain types of language models using prompt-based learning.  This vulnerability was initially reported to OpenAI by Jon Cefalu (May 2022)[2] b

2022-11-24 03:52   So long and thanks for all the 0day    #NCC Group Research #威胁情报 After nearly four years into my role, I am stepping down as NCC Group’s SVP & Global Head of Research. In part just for myself, to reflect on a whirlwind few years, and in part as a thank you and celebration of all of the incredible researchers with whom I have had the privilege of … Conti

2022-11-22 00:38   A jq255 Elliptic Curve Specification, and a Retrospective    #NCC Group Research #威胁情报 First things first: there is now a specification for the jq255e and jq255s elliptic curves; it is published on the C2SP initiative and is formally in (draft) version 0.0.1: The jq255e and jq255s groups are prime-order groups appropriate for building cr

2022-11-18 00:00   Technical Advisory – NXP i.MX SDP_READ_DISABLE Fuse Bypass (CVE-2022-45163)    #NCC Group Research #威胁情报 Summary NXP System-on-a-Chip (SoC) fuse configurations with the SDP READ_REGISTER operation disabled (SDP_READ_DISABLE=1) but other serial download functionality still enabled (SDP_DISABLE=0) can be abused to read memory contents in warm and cold boot attack scenarios. In lieu of an enabled SDP READ

2022-11-11 03:13   Tool Release – Web3 Decoder Burp Suite Extension    #NCC Group Research #威胁情报 Web3 Decoder is a Burp Suite Extension that allows to decode “web3” JSON-RPC calls that interact with smart contracts in a EVM blockchain. As it is said that a picture is worth a thousand words, the following two screenshots shows a Raw JSON-RPC call, and its decoded function call: Backg

2022-11-09 17:58   Tales of Windows detection opportunities for an implant framework    #NCC Group Research #威胁情报 Slides from a fifteen minute lightening on detection opportunities for implant framework behaviour on Windows.

2022-11-01 01:28   Check out our new Microcorruption challenges!    #NCC Group Research #威胁情报 by Nick Galloway Today we are releasing several new challenges for the embedded security CTF, Microcorruption. These challenges highlight types of vulnerabilities that NCC Group’s Hardware and Embedded Systems practice have discovered in real products. The new challenges provide a simple interface t

2022-10-17 16:13   Toner Deaf – Printing your next persistence (Hexacon 2022)    #NCC Group Research #威胁情报 On Friday 14th of October 2022 Alex Plaskett (@alexjplaskett) and Cedric Halbronn (@saidelike) presented Toner Deaf – Printing your next persistence at Hexacon 2022. This talk demonstrated remote over the network exploitation of a Lexmark printer and persistence across both firmware updates an

2022-10-07 00:40   Technical Advisory – OpenJDK – Weak Parsing Logic in and Related Classes    #NCC Group Research #威胁情报 Vendor: OpenJDK Project Vendor URL: Versions affected: 8-17+ (and likely earlier versions) Systems Affected: All supported systems Author: Jeff Dileo <jeff.dileo[at]nccgroup[dot]com> Advisory URL / CVE Identifier: TBD Risk: Low (implicit data validation bypass) Summa

2022-10-05 21:00   Public Report – IOV Labs powHSM Security Assessment    #NCC Group Research #威胁情报 In June 2022, IOV Labs engaged NCC Group to perform a review of powHSM. Per the project documentation: “Its main role is to safekeep and prevent the unauthorized usage of each of the powPeg’s members’ private keys. powHSM is implemented as a pair of applications for the Ledger Nano

2022-10-04 01:56   Shining New Light on an Old ROM Vulnerability: Secure Boot Bypass via DCD and CSF Tampering on NXP i.MX Devices    #NCC Group Research #威胁情报 NXP’s HABv4 API documentation references a now-mitigated defect in ROM-resident High Assurance Boot (HAB) functionality present in devices with HAB version < 4.3.7. I could find no further public documentation on whether this constituted a vulnerability or an otherwise “uninteresting” errata ite

2022-09-30 16:40   A glimpse into the shadowy realm of a Chinese APT: detailed analysis of a ShadowPad intrusion    #NCC Group Research #威胁情报 This blog looks to build on the work of other security research done by SecureWorks and PwC with firsthand experience of TTPs used in a recent incident where ShadowPad was deployed. ShadowPad is a modular remote access trojan (RAT) which is thought to be used almost exclusively by China-Based threat

2022-09-30 16:00   Detecting Mimikatz with Busylight    #NCC Group Research #威胁情报 In 2015 Raphael Mudge released an article [1] that detailed that versions of mimikatz released after 8th of October, 2015 had a new module that was utilising certain types of external USB devices to flash lights in different colours if mimikatz was executed. The technique presented in the article re

2022-09-28 03:28   Whitepaper – Project Triforce: Run AFL On Everything (2017)    #NCC Group Research #威胁情报 Six years ago, NCC Group researchers Tim Newsham and Jesse Burns released TriforceAFL – an extension of the American Fuzzy Lop (AFL) fuzzer which supports full-system fuzzing using QEMU – but unfortunately the associated whitepaper for this work was never published. Today, we’re releasin