This post is about exploiting CVE-2022-24834 against a Rediscontainer running on AlpineLinux. CVE-2022-24834 is a vulnerability affecting the Lua cjsonmodule in Redis servers <=7.0.11. The bug is an integer overflow thatleads to a large copy of data, approximately 350MiB.

A colleague from NCC Group wanted to exploit this bug but found thatthe public exploits didn’t work.…

Read More
Why AI Will Not Fully Replace Humans in Web Penetration Testing Contextual Understanding: AI handles large data volumes and identifies patterns. Human testers understand the business context, industry specifics, user behavior, and regulatory requirements. They prioritize findings based on potential impact on organizational objectives. Adaptability to Novel Threats: AI detects known vulnerabilities but may struggle with novel attack vectors or zero-day exploits.…
Read More

Let’s kick this off with some examples. Here’s a seamless loop illustrating CBC-mode encryption:

Here’s a clip showing a code block being rewritten to avoid leaking padding information in error messages:

Here’s an illustration of a block cipher operating in CTS mode:

You may be surprised to learn that each of these illustrations was generated from ≤30 lines of code (30, 9, and 23 lines, respectively), without any golfing.…

Read More
Introduction

In late 2023 and early 2024, the NCC Group Hardware and Embedded Systems practice undertook an engagement to reverse engineer baseband firmware on several smartphones. This included MediaTek 5G baseband firmware based on the nanoMIPS architecture. While we were aware of some nanoMIPS modules for Ghidra having been developed in private, there was no publicly available reliable option for us to use at the time, which led us to develop our own nanoMIPS disassembler and decompiler module for Ghidra.…

Read More

Authored by Willem Zeeman and Yun Zheng Hu

This blog is part of a series written by various Dutch cyber security firms that have collaborated on the Cactus ransomware group, which exploits Qlik Sense servers for initial access. To view all of them please check the central blog by Dutch special interest group Cyberveilig Nederland [1]

The effectiveness of the public-private partnership called Melissa [2] is increasingly evident.…

Read More

During the spring of 2024, Google engaged NCC Group to conduct a design review of Confidential Mode for Hyperdisk (CHD) architecture in order to analyze how the Data Encryption Key (DEK) that encrypts data-at-rest is protected. The project was 10 person days and the goal is to validate that the following two properties are enforced:

The DEK is not available in an unencrypted form in CHD infrastructure.…
Read More
Vendor: Ollama Vendor URL: https://ollama.com/ Versions affected: Versions prior to v0.1.29 Systems Affected: All Ollama supported platforms Author: Gérald Doussot Advisory URL / CVE Identifier: CVE-2024-28224 Risk: High, Data Exfiltration Summary:

Ollama is an open-source system for running and managing large language models (LLMs).

NCC Group identified a DNS rebinding vulnerability in Ollama that permits attackers to access its API without authorization, and perform various malicious activities, such as exfiltrating sensitive file data from vulnerable systems.…

Read More
Executive summary

The authors behind Android banking malware Vultur have been spotted adding new technical features, which allow the malware operator to further remotely interact with the victim’s mobile device. Vultur has also started masquerading more of its malicious activity by encrypting its C2 communication, using multiple encrypted payloads that are decrypted on the fly, and using the guise of legitimate applications to carry out its malicious actions.…

Read More

During the winter of 2022, Google engaged NCC Group to conduct an in-depth security review of the Aggregation Service, part of Google’s Privacy Sandbox initiative. Google describes the Aggregation Service as follows:

The Privacy Sandbox initiative aims to create technologies that both protect people’s privacy online and give companies and developers tools to build thriving digital businesses.…

Read More

In the last calendar quarter of 2022, Amazon Web Services (AWS) engaged NCC Group to conduct an architecture review of the AWS Nitro System design, with focus on specific claims AWS made for the security of the Nitro System APIs.

The Public Report in Italian this review may be downloaded below:

NCC_Group_AWS_Nitro_System_A_adobe_express-Italian

The original Public Report can be found here in English:https://research.nccgroup.com/2023/05/03/public-report-aws-nitro-system-api-security-claims…

Read More