Total results: 2293
Page 1 of 92
Filters
Services
Topics
- Cyber Security (453)
- Consulting (402)
- Research (402)
- Technology, general (395)
- Whitepapers (236)
- Computer security (231)
- Technical advisories (222)
- Vulnerability (170)
- Cryptography (122)
- Tool Release (113)
- Hardware & Embedded Systems (109)
- Public tools (106)
- Threat Intelligence (103)
- General Consulting (92)
- Technology (84)
- Insights & Viewpoints (64)
- Public Reports (59)
- Digital Forensics and Incident Response (DFIR) (56)
- Presentations (56)
- Increasing regulatory & legislative requirements (53)
- iSec Partners (52)
- Assessments (51)
- Reverse Engineering (50)
- Tutorial/Study Guide (50)
- Growing threat landscape (45)
- Conferences (39)
- Cloud Security (37)
- Machine Learning (36)
- Regulations & Legislation (36)
- Securing our connected future (36)
- Cloud & Containerization (35)
- Patch notifications (35)
- VSR (32)
- North American Research (28)
- Uncategorized (28)
- Working life (26)
- UK (24)
- Insight Space (22)
- Managed Detection & Response (22)
- Reducing Vulnerabilities at Scale (22)
- Offensive Security & Artificial Intelligence (21)
- Ransomware (21)
- Research Paper (21)
- Fox-IT (19)
- Sustainability (18)
- Transport (18)
- Books (16)
- Detection and Threat Hunting (16)
- Third-Party Risk Management (14)
- Standards (13)
- Emerging Technologies (12)
- Gender (12)
- Public interest technology (12)
- Managed Detection & Response (MDR) (11)
- 5G Security & Smart Environments (10)
- Gaming & Media (10)
- Inclusion and Diversity (10)
- NCC Conversations (10)
- Social issues (10)
- UK Research (10)
- Virtualization, Emulation, & Containerization (10)
- #eachforequal (9)
- Artificial Intelligence (9)
- Business Insights (9)
- Finance (9)
- Giving Back (9)
- Politics (9)
- Talent and Careers (9)
- Vulnerability Research (9)
- Operational Technology (8)
- Corporate (7)
- Fox-IT and European Research (7)
- General (7)
- Remediation (7)
- Risk Management & Governance (7)
- Supply Chain Management (7)
- Working Environment (7)
- Crises, Incident (6)
- Cyber as a Science (6)
- Data, Telecom, IT (6)
- Health, Health Care, Pharmaceuticals (6)
- Security (6)
- #People - making the world safer and more secure (5)
- Blockchain (5)
- Crime (5)
- Engineering (5)
- Government (5)
- Partnerships, cooperations (5)
- Telecom (5)
- Annual Research Report (4)
- Awards (4)
- Awards & Recognition (4)
- General data (4)
- Mental Health (4)
- Reports (4)
- Science, technology (4)
- Academic Partnership (3)
- Business enterprise (3)
- CYBERUK (3)
- Children, Youth (3)
- Corona (3)
- Data (3)
- Gender equality (3)
- IT Consulting (3)
- Law (3)
- Legacy Systems (3)
- MXDR (3)
- People (3)
- School (3)
- Software Resilience (3)
- Threat briefs (3)
- UK cyber security policy (3)
- USA (3)
- APAC (2)
- Cars and traffic (2)
- Crime, Law, Legal affairs (2)
- Crises (2)
- Crypto (2)
- DDoS Assured (2)
- Education (2)
- Expert Insights (2)
- Incident Response (2)
- Intern Projects (2)
- Legal affairs (2)
- Microsoft (2)
- Misinformation, Deepfakes, & Synthetic Media (2)
- PCI DSS (2)
- Politics, general (2)
- Public sector (2)
- Resources (2)
- Smart cities (2)
- Social issues, General (2)
- Sustainability/CSR (2)
- Teaching, Learning (2)
- Technology Policy (2)
- University, University College (2)
- Webinar (2)
- escrow (2)
- future of cyber (2)
- (1)
- ADD (1)
- ADHD (1)
- Adult education (1)
- Alumni Network (1)
- Annual and interim reports (1)
- Asia Pacific Research (1)
- Business enterprise, General (1)
- CTFs/Microcorruption (1)
- Communication (1)
- Current events (1)
- Cyber Advice (1)
- Cyber Talent Development (1)
- Defence issues (1)
- Disclosure Policy (1)
- Economy (1)
- Economy, Finance (1)
- Educational sciences (1)
- Elections (1)
- Energy (1)
- Energy issues (1)
- Finance and Professional Services (1)
- Fintech (1)
- Fraud (1)
- Industry, manufacturing (1)
- Infrastructure (1)
- Investor Relations (1)
- IoT (1)
- LGBTQIA+ (1)
- Law, Justice (1)
- MDR (1)
- MISA (1)
- MVSS (1)
- Managed Detection and Response (1)
- Mental Wellbeing (1)
- Parliament (1)
- Petroleum, Oil, Gas (1)
- Pride (1)
- Private savings (1)
- Radio, TV (1)
- Science, general (1)
- Secure Development Lifecycle (SDL) (1)
- Sentinel (1)
- Services, Consulting (1)
- Society (1)
- Solutions (1)
- Spa, fitness, well-being (1)
- Stocks (1)
- Supply Chain (1)
- Telecommunication, mobile telephony (1)
- Training (1)
- Web services (1)
- Youth (1)
- collaboration (1)
- computer misuse act (1)
- critical national infrastructure (1)
- cyber resilience (1)
- deepfake (1)
- healthcare (1)
- hospital (1)
- legal (1)
- next generation talent (1)
- protocol_name (1)
- recruitment (1)
- remediate (1)
- remediation (1)
- remote working (1)
- security consultant (1)
- smart tvs (1)
- threatintel (1)
Sectors
- Research (1291)
- News (408)
- Blog Posts (239)
- Press Release (86)
- Case Studies (45)
- Financial Services (21)
- Public Sector & Government Services (17)
- Transport (17)
- Tech, Media & Telecoms (14)
- Whitepapers (14)
- Cyber Advice & Insights (13)
- Events (8)
- Healthcare (8)
- Energy & Utilities (7)
- Videos (7)
- Guides & Datasheets (6)
- Retail & Consumer Markets (6)
- Education (5)
- Webinars (5)
- Aviation & Aerospace (4)
- Manufacturing (4)
- Software Vendors (3)
- Legal & Professional Services (2)
- Maritime (2)
- Commodities (1)
- Infographics (1)
- Software Resilience (1)
Uh oh
Heartbleed OpenSSL vulnerability
Research Vulnerability Threat Intelligence Previous current event – v1.8 of post This was a current event and as such the blog post was subject to change over the course of a couple of days as we performed further supplementary research and analysis. 1.8: Update to include Bro detection and further…
IODIDE
Research Cyber Security Public tools IODIDE – The IOS Debugger and Integrated Disassembler Environment Released as open source by NCC Group Plc Developed by Andy Davis, andy dot davis at nccgroup dot com To download visit: https://github.com/nccgroup/IODIDE Released under AGPL see LICENSE for more i…
Internet of Things Security
Research Hardware & Embedded Systems Whitepapers Abstract The Internet of Things (IoT) is an emerging phenomenon where different kinds of devices that were previously not networked are being connected to networks. Examples include network connected thermostats, light bulbs, and door locks. These new…
Heartbleed (CVE-2014
Research Research Technical advisories iSec Partners This research was originally performed by researchers from iSec Partners (now NCC Group), and has been migrated to research.nccgroup.com for posterity. Heartbleed (CVE-2014-0160) Advisory 10 Apr 2014 – Andy Grant, Justin Engler, Aaron Grattafiori…
Reviewing Verifiable Random Functions
Research Research Cryptography North American Research While Verifiable Random Functions (VRFs) were first described just over twenty years ago [1], they have recently seen a strong resurgence in popularity due to their usefulness in blockchain applications [2]. This blog post will introduce VRFs in…
Jenkins Plugins and Core Technical Summary Advisory
Research Cyber Security Technical advisories 15 Security Advisories, 128 Jenkins Plugin Vulnerabilities and 1 Core Vulnerability 118 CVEs, 1 CVE pending, 10 issues with no CVE requested About the Vulnerabilities NCC Group Security Consultant Viktor Gazdag has identified 128 security vulnerabilities…
McAfee Email and Web Security Appliance Password hashes can be recovered from a system backup and easily cracked
Research Cyber Security Patch notifications This patch notification details a medium risk vulnerability that has been discovered by Ben Williams in the McAfee Email and Web Security Appliance. Download patch notification NCC Group Publication Archive
Introduction to Anti
Research Research Tool Release Cyber as a Science tl;dr Anti-Fuzzing is a set of concepts and techniques that are designed to slowdown and frustrate threat actors looking to fuzz test software products by deliberately misbehaving, misdirecting, misinforming and otherwise hindering their efforts. The…
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs
Research Cyber Security Books Author: Fred Long, Dhruy Mohindra, Robert Seacord, Dean Sutherland, David Svoboda Robert Seacord, principal security consultant at NCC Group, has co-authored Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs. The book provides realistic guidanc…
Introducing Azucar
Research Research Cloud Security Tool Release Conducting a thorough Azure security build review or Azure security assessment can be difficult. Clicking through the Azure Ibiza [1] portal to review the details on many of its services, including, but not limited to, Azure Active Directory (Azure AD),…
RIFT: Analysing a Lazarus Shellcode Execution Method
Research Threat Intelligence Managed Detection & Response About the Research and Intelligence Fusion Team (RIFT): RIFT leverages our strategic analysis, data science, and threat hunting capabilities to create actionable threat intelligence, ranging from IOCs and detection capabilities to strategic r…
Reverse Engineering Coin Hunt World’s Binary Protocol
Research Research Gaming & Media Introduction We are going to walk through the process we took to reverse engineer parts of the Android game Coin Hunt World. Our goal was to identify methods and develop tooling to cheat at the game. Most of the post covers reverse engineering the game’s binary proto…
Inter
Research Cyber Security Whitepapers Inter-Protocol exploration is an attack vector which encapsulates malicious data within a particular protocol in such a way that the resultant data stream is capable of exploiting a different application which uses a different protocol entirely. This paper will ex…
Introducing idb
Research Whitepapers Authored by Daniel A. Mayer ShmooCon 2014, January 17-19th Washington, D.C. Download whitepaper NCC Group Publication Archive
Introspy for Android
Research Public tools Introspy for Android is a tool designed to help penetration testers understand what an Android application does at runtime, and to greatly facilitate the process of reviewing the application’s security mechanisms. Further details can be found here NCC Group Publication Archive
Java RMI Registry.bind() Unvalidated Deserialization
Research Cyber Security Technical advisories Title               Java RMI Registry.bind() Unvalidated Deserialization Reference          VT-87 Discoverer          Nick Bloor (@NickstaDB) Vendor             Oracle Vendor Reference   S0818584 Systems Affecte…
Interfaces.d to RCE
Research Research Vulnerability North American Research Several months ago, I was having a poke at the Mozilla WebThings IoT gateway. The gateway essentially allows a user to host their own IoT cloud from a device (such as a Raspberry Pi) on their local network. It creates a tunnel to a personal sub…
Reverse, Reveal, Recover: Windows Defender Quarantine Forensics
Research Uncategorized Max Groot and Erik Schamper TL;DR Windows Defender (the antivirus shipped with standard installations of Windows) places malicious files into quarantine upon detection. Reverse engineering mpengine.dll resulted in finding previously undocumented metadata in the Windows Defende…
Inter
Research Cyber Security Whitepapers Research into web browser security has acted as a catalyst for more depth research into Inter-Protocol Communication, an attack vector that potentially allows arbitrary protocols to meaningful interact with each other. In the past, it has been assumed that communi…
Deepfake attack threat during Covid
News Technology, general Consulting Crises, Incident Finance Security Business enterprise In these unprecedented times many companies are in business continuity mode so the unusual has become both prioritised and normalised. Many are making unusual purchases at short notice to facilitate their migra…
Public Report – AWS Nitro System API & Security Claims Italian
Research Public Reports In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs. The Public Report in Italian this review may b…
Appointment of Lynn Fordham to NCC Group plc Board
Press Release Technology, general Consulting Computer security NCC Group has announced the appointment of Lynn Fordham as an independent non-executive director. Lynn joins the Board with effect from 1 September 2022. Lynn will become a member of NCC Group’s Audit, Cyber Security, Nomination and Remu…
Introducing Chuckle and the Importance of SMB Signing
Research Tool Release Service Message Block (SMB) is a protocol used for accessing shared resources; most corporate Windows networks use SMB to access shared folders and printers. Digital signing is a feature of SMB designed to allow a recipient to confirm the authenticity of SMB packets and to prev…
Public Report – Aleo snarkVM Implementation Review
Research Cryptography Blockchain Public Reports During late summer 2023, Aleo Systems Inc. engaged NCC Group’s Cryptography Services team to conduct an implementation review of several components of snarkVM, a virtual machine for zero-knowledge proofs. The snarkVM platform allows users to write and…