Total results: 2143
Page 1 of 86
Filters
Services
Topics
- Cyber Security (454)
- Consulting (404)
- Research (396)
- Technology, general (396)
- Whitepapers (239)
- Computer security (232)
- Technical advisories (219)
- Vulnerability (169)
- Cryptography (119)
- Tool Release (112)
- Hardware & Embedded Systems (109)
- Public tools (106)
- Threat Intelligence (94)
- Technology (85)
- General Consulting (83)
- Insights & Viewpoints (64)
- Presentations (55)
- Public Reports (54)
- Increasing regulatory & legislative requirements (53)
- iSec Partners (52)
- Reverse Engineering (49)
- Assessments (48)
- Tutorial/Study Guide (48)
- Digital Forensics and Incident Response (DFIR) (46)
- Growing threat landscape (45)
- Conferences (38)
- Securing our connected future (36)
- Patch notifications (35)
- Cloud & Containerization (34)
- Cloud Security (34)
- VSR (32)
- Machine Learning (30)
- North American Research (28)
- Regulations & Legislation (28)
- Uncategorized (28)
- Working life (26)
- UK (24)
- Managed Detection & Response (22)
- Reducing Vulnerabilities at Scale (22)
- Insight Space (21)
- Ransomware (20)
- Research Paper (20)
- Fox-IT (18)
- Sustainability (18)
- Books (17)
- Transport (17)
- Detection and Threat Hunting (16)
- Offensive Security & Artificial Intelligence (15)
- Standards (13)
- Emerging Technologies (12)
- Gender (12)
- Third-Party Risk Management (12)
- Inclusion and Diversity (11)
- Public interest technology (11)
- 5G Security & Smart Environments (10)
- Gaming & Media (10)
- Managed Detection & Response (MDR) (10)
- NCC Conversations (10)
- Social issues (10)
- UK Research (10)
- Virtualization, Emulation, & Containerization (10)
- #eachforequal (9)
- Finance (9)
- Giving Back (9)
- Talent and Careers (9)
- Vulnerability Research (9)
- Fox-IT and European Research (8)
- Politics (8)
- Corporate (7)
- General (7)
- Remediation (7)
- Security (7)
- Supply Chain Management (7)
- Working Environment (7)
- Business Insights (6)
- Crises, Incident (6)
- Cyber as a Science (6)
- Data, Telecom, IT (6)
- Health, Health Care, Pharmaceuticals (6)
- Risk Management & Governance (6)
- #People - making the world safer and more secure (5)
- Blockchain (5)
- Crime (5)
- Engineering (5)
- Government (5)
- Partnerships, cooperations (5)
- Telecom (5)
- Artificial Intelligence (4)
- Awards (4)
- Awards & Recognition (4)
- General data (4)
- Mental Health (4)
- Operational Technology (4)
- Reports (4)
- Science, technology (4)
- Academic Partnership (3)
- Annual Research Report (3)
- Business enterprise (3)
- CYBERUK (3)
- Children, Youth (3)
- Corona (3)
- Data (3)
- Gender equality (3)
- IT Consulting (3)
- People (3)
- School (3)
- Software Resilience (3)
- Threat briefs (3)
- UK cyber security policy (3)
- USA (3)
- Cars and traffic (2)
- Crime, Law, Legal affairs (2)
- Crises (2)
- Crypto (2)
- DDoS Assured (2)
- Education (2)
- Expert Insights (2)
- Incident Response (2)
- Intern Projects (2)
- Law (2)
- Legacy Systems (2)
- Legal affairs (2)
- MXDR (2)
- Microsoft (2)
- Misinformation, Deepfakes, & Synthetic Media (2)
- PCI DSS (2)
- Politics, general (2)
- Public sector (2)
- Resources (2)
- Smart cities (2)
- Social issues, General (2)
- Sustainability/CSR (2)
- Teaching, Learning (2)
- University, University College (2)
- Webinar (2)
- escrow (2)
- future of cyber (2)
- ADD (1)
- ADHD (1)
- Adult education (1)
- Alumni Network (1)
- Annual and interim reports (1)
- Asia Pacific Research (1)
- Business enterprise, General (1)
- CTFs/Microcorruption (1)
- Communication (1)
- Current events (1)
- Cyber Advice (1)
- Cyber Talent Development (1)
- Defence issues (1)
- Disclosure Policy (1)
- Economy (1)
- Economy, Finance (1)
- Educational sciences (1)
- Elections (1)
- Energy (1)
- Energy issues (1)
- Finance and Professional Services (1)
- Fintech (1)
- Fraud (1)
- Industry, manufacturing (1)
- Infrastructure (1)
- Investor Relations (1)
- IoT (1)
- LGBTQIA+ (1)
- Law, Justice (1)
- MDR (1)
- MISA (1)
- MVSS (1)
- Managed Detection and Response (1)
- Mental Wellbeing (1)
- Parliament (1)
- Petroleum, Oil, Gas (1)
- Pride (1)
- Pride month (1)
- Private savings (1)
- Radio, TV (1)
- Science, general (1)
- Secure Development Lifecycle (SDL) (1)
- Sentinel (1)
- Services, Consulting (1)
- Society (1)
- Solutions (1)
- Spa, fitness, well-being (1)
- Stocks (1)
- Supply Chain (1)
- Technology Policy (1)
- Telecommunication, mobile telephony (1)
- Training (1)
- Web services (1)
- Youth (1)
- collaboration (1)
- computer misuse act (1)
- critical national infrastructure (1)
- cyber resilience (1)
- deepfake (1)
- healthcare (1)
- hospital (1)
- legal (1)
- next generation talent (1)
- protocol_name (1)
- recruitment (1)
- remediate (1)
- remediation (1)
- remote working (1)
- security consultant (1)
- smart tvs (1)
- threatintel (1)
Sectors
- Financial Services (21)
- Public Sector & Government Services (13)
- Tech, Media & Telecoms (13)
- Transport (11)
- Energy & Utilities (7)
- Education (5)
- Healthcare (5)
- Manufacturing (4)
- Retail & Consumer Markets (4)
- Software Vendors (3)
- Aviation & Aerospace (2)
- Commodities (1)
- Legal & Professional Services (1)
- Maritime (1)
- Software Resilience (1)
Resources
Erlang Security 101
Research Cyber Security Whitepapers This whitepaper is about Erlang Security. NCC Group’s Security Technical Assurance team performs code reviews for clients on numerous different programming languages. Some are well understood from a security perspective (e.g. C, C++, C#, PHP and Python etc.) and s…
Embedded Device Security Certifications
Research Hardware & Embedded Systems For those who have not attended previously, Hardwear.io is a technical conference focused on hardware security. While the conference is only in their 4th year, both the training and speakers have been world-class since its inception, and its success is obvious; i…
Creating a Safer OAuth User Experience
Research Whitepapers Authored by: Paul Youn Download whitepaper NCC Group Publication Archive
Freddy: An extension for automatically identifying deserialisation issues in Java and .NET applications
Research Cyber Security Public tools It has been known for a while that deserialisation of untrusted data can often lead to serious security issues such as code execution. However, finding such issues might not be a trivial task during time-limited penetration testing. As a result, NCC Group has dev…
Fix Bounty
Research Reducing Vulnerabilities at Scale Research Because finding bugs is 1337, but fixing them is 31337… Background to Fix Bounty The concept of “Fix Bounty” came about from conversations with colleagues on how there’s often little to no reward for providing security fixes to vulnerabilities foun…
Flubot: the evolution of a notorious Android Banking Malware
Research Research Threat Intelligence Originally published June 29, 2022 on the Fox-IT blog Authored by Alberto Segura (main author) and Rolf Govers (co-author) Summary Flubot is an Android based malware that has been distributed in the past 1.5 years in Europe, Asia and Oceania affecting thousands…
Forensic Fuzzing Tools
Research Public tools This is a collection of scripts that can be used to generate fuzzed files, fuzzed file systems, and file systems containing fuzzed files. These can be used to test the robustness of forensics tools and examination systems. Prerequisites: Linux/Python Download Tool NCC Group Pub…
FPGAs: Security Through Obscurity?
Research Research Hardware & Embedded Systems Background For the uninitiated, an FPGA is a field-programmable array of logic that is typically used to perform or accelerate some specific function (or functions) within a computer system. They are typically paired with a separate traditional microproc…
Critical Risk Vulnerability in SAP DB Web Server (Stack Overflow)
Research Cyber Security Technical advisories ======= Summary ======= Name: SAP DB Web Server Stack Overflow Release Date: 5 July 2007 Reference: NGS00486 Discover: Mark Litchfield lt;mark@ngssoftware.com Vendor: SAP Vendor Reference: SECRES-291 Systems Affected: All Versions Risk: Critical Status: F…
Domestic IoT Nightmares: Smart Doorbells
Research Research 5G Security & Smart Environments Tutorial/Study Guide Reverse Engineering Vulnerability Public interest technology Preface Half way through 2020, UK independent consumer champion Which? magazine reached out to us and asked if we could assist investigating the security of a series o…
Database Security: A Christmas Carol
Research Cyber Security Presentations The Past, Present and Future of Database Security In 2006 there were 335 publicized data breaches in the U.S. So far in 2007 there have been 276. With the 5th anniversary of the SQL Slammer worm drawing near, now is a good a time as any to look back on the past…
Detection Engineering for Kubernetes clusters
Research Cloud & Containerization Research Cloud Security Virtualization, Emulation, & Containerization Written by Ben Lister and Kane Ryans This blog post details the collaboration between NCC Group’s Detection Engineering team and our Containerisation team in tackling detection engineering for Kub…
D
Research Cyber Security Hardware & Embedded Systems Technical advisories Title D-Link routers vulnerable to Remote Code Execution (RCE) Release Date 11 Aug 2016 Reference VT-30 Discoverer Daniel Romero Ve…
Decoder Improved Burp Suite Plugin
Research Public tools Burp Suite’s built-in decoder component, while useful, is missing important features and cannot be extended. To remedy this, Justin Moore developed Decoder Improved, a drop-in replacement Burp Suite plugin. It includes all of decoder’s functionality while fixing bugs, adding ta…
Extracting the Payload from a CVE-2014
Research Tutorial/Study Guide Reverse Engineering Vulnerability Background In March Microsoft published security advisory 2953095, detailing a remote code execution vulnerability in multiple versions of Microsoft Office (CVE-2014-1761). A Technet blog was released at the same time which contained e…
Dynamic Linq Injection Remote Code Execution Vulnerability (CVE-2023
Research Technical advisories Product Details Name System.Linq.Dynamic.Core Affected versions 1.0.7.10 to 1.2.25 Fixed versions >= 1.3.0 URL https://www.dynamic-linq.net/ Vulnerability Summary CVE CVE-2023-32571 CWE CWE-184: Incomplete List of Disallowed Inputs CVSSv3.1 vector AV:N/AC:L/PR:N/UI:N/S:…
Detecting and Hunting for the Malicious NetFilter Driver
Research Detection and Threat Hunting Digital Forensics and Incident Response (DFIR) Category: Detection and Threat Hunting Overview During the week of June 21st, 2021, information security researchers from G Data discovered that a driver for Microsoft Windows named “netfilter.sys” had a backdoor a…
Dancing Offbit: The Story of a Single Character Typo that Broke a ChaCha
Research Cryptography Random number generators are the backbone of most cryptographic protocols, the crucial cornerstone upon which the security of all systems rely, yet they remain often overlooked. This blog post presents a real-world vulnerability discovered in the implementation of a Pseudo-Rand…
Drupal Vulnerability
Research Vulnerability Threat Intelligence Current event – 1.1 of post This is a current event and as such the blog post is subject to change over the course of a couple of days as we performed further supplementary research and analysis by NCC Group’s Cyber Defence Operations and Security Consultin…
ISM RAT
Research Vulnerability Threat Intelligence In this blog post we will take a brief look at the remote access Trojan (RAT) used by a group called Greenbug[1]. According to Symantec, an APT group used this RAT – along with other tools – to collect user information which was later used when executing th…
RtspFuzzer
Research Public tools RtspFuzzer, an open-source fuzzer for the real-time streaming protocol (RTSP) is now available on our Github page here. NCC Group Publication Archive
McAfee Email and Web Security Appliance v5.6 – Any logged
Research Cyber Security Technical advisories Summary Name: McAfee Email and Web Security Appliance v5.6 – Any logged-in user can bypass controls to reset passwords of other administrators Release Date: 30 November 2012 Reference: NGS00155 Discoverer: Ben Williams Vendor: McAfee Vendor Reference: Sys…
The Importance of a Cryptographic Review
Research Cryptography Whitepapers Cryptography is an underpinning of every organisation’s data security. It is as simple as the correct deployment of TLS and as complicated as bespoke protocols for software updates. This technology is an integral part of an organisation’s security infrastructure. Wi…
There’s Another Hole In Your SoC: Unisoc ROM Vulnerabilities
Research Vulnerability Hardware & Embedded Systems Technical advisories UNISOC (formerly Spreadtrum) is a rapidly growing semiconductor company that is nowadays focused on the Android entry-level smartphone market. While still a rare sight in the west, the company has nevertheless achieved impressiv…
SOC maturity & capability
Research Cyber Security Whitepapers Security is a high priority for most organisations. A string of high priority breaches in big multinational companies has brought home the threat that all organisations face in the modern world. Therefore, a growing number of companies are considering how to best…