Outline 1. Introduction 2. How does xorshift128 PRNG work? 3. Neural Networks and XOR gates 4. Using Neural Networks to model the xorshift128 PRNG 4.1 Neural Network Model Design 4.2 Model Results 4.3 Model Deep Dive 5. Creating a machine-learning-resistant version of xorshift128 6. Conclusion 1. Introduction This blog post proposes an approach to crack Pseudo-Random … Continue reading Cracking Random Number Generators using Machine Learning – Part 1: xorshift128 →

Futureproofing the UK’s digital identity market. We're sharing our thoughts on the #security and data privacy considerations of the UK Government’s voluntary ‘Trust Framework’. https://t.co/S0EueDJx8I #DataPrivacy #DigitalIdentities

In June of this year, Traficom – the Finnish transport and communications agency – along with the Aalto University, Cisco, Ericsson, Nokia, and PwC, organized the 5G Cyber Security Hack competition. A similar event was organised in November 2019 in Oulu, Finland and this hackathon-style event was a follow-up to their successful 2019 event. Due … Continue reading NCC Group placed first in global 5G Cyber Security Hack competition →

Congratulations to our colleagues Dale Pavey and Guy Morley for being awarded the Best Ethical Hacker/Pen Tester Award at this year's Security Serious Unsung Heroes Awards! https://t.co/ZWYNhytvHx

We present here a new construction which has no real immediate usefulness, but is a good illustration of a fundamental concept of cryptography, namely that there is a great difference between knowing that some mathematical object exists, and being able to build it in practice. Thus, this construction can be thought of as having some … Continue reading Paradoxical Compression with Verifiable Delay Functions →

Among the variety of penetration testing engagements NCC Group delivers, some – often within the gaming industry – require performing the assignment in a blackbox fashion against an obfuscated binary, and the client’s priorities revolve more around evaluating the strength of their obfuscation against content protection violations, rather than exercising the application’s security boundaries. The … Continue reading A Look At Some Real-World Obfuscation Techniques →

Over the past few months NCC Group has observed an increasing number of data breach extortion cases, where the attacker steals data and threatens to publish said data online if the victim decides not to pay. Given the current threat landscape, most notable is the absence of ransomware or any technical attempt at disrupting the … Continue reading SnapMC skips ransomware, steals data →

If you have ever looked at fuzzing in any depth you will quickly realize it’s not as trivial as it first appears. There are many different types of fuzzers, but here we are focused on network fuzzers.  These fuzzers are of particular interest as they are most suited to fuzzing telecoms products/protocols, where the application … Continue reading The Challenges of Fuzzing 5G Protocols →

Our latest regulation spotlight looks to the #UAE and the regulation shaping the region’s financial services sector. We break down what the regulation advises, what the key guidelines are and what financial institutions should do to prepare. https://t.co/Qg0wwX7Sw3

Author: Jelle Vergeer This blog will be a technical deep-dive into CyberArk credential files and how the credentials stored in these files are encrypted and decrypted. I discovered it was possible to reverse engineer the encryption and key generation algorithms and decrypt the encrypted vault password. I also provide a python implementation to decrypt the … Continue reading Reverse engineering and decrypting CyberArk vault credential files →

Inge Bryan, Managing Director of NCC Europe, will join the Singapore International Cyber Week (SICW) on the 8th of October. Find out more in the tweet below! https://t.co/BnFJT3CDNT

Summary When connecting to the UPF port for the PFCP protocol (8805) and sending an Association Setup Request followed by a Session Establishment Request with a PDI Network Instance set to ‘internet’, it causes a stack corruption to occur. Impact Exploitation of this vulnerability would lead to denial of service for the subscriber’s equipment. Details … Continue reading Technical Advisory – Open5GS Stack Buffer Overflow During PFCP Session Establishment on UPF (CVE-2021-41794) →