unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)
Current Vendor: GigasetVendor URL: https://www.gigaset.com/es_es/gigaset-...
2021-03-01 07:37:00 | 阅读: 208 |
收藏
|
research.nccgroup.com
gigaset
dx600a
175
overflow
v41
Cryptopals: Exploiting CBC Padding Oracles
This is a write-up of the classic padding oracle attack on CBC-mode block ciphers. If you’ve don...
2021-02-18 01:16:07 | 阅读: 258 |
收藏
|
research.nccgroup.com
ciphertext
ct
zeroing
pad
encryption
Investigating Potential Security Vulnerability Manifestation through Various Analyses & Inferences Regarding Internet RFCs (and how RFC Security might be Improved)
OverviewRFCs have played a pivotal role in helping to formalise ideas...
2021-02-02 17:41:13 | 阅读: 246 |
收藏
|
research.nccgroup.com
security
rfcs
analysis
github
Conference Talks – February/March 2021
Throughout February and March, members of NCC Group will be presenting the...
2021-01-31 23:00:00 | 阅读: 271 |
收藏
|
research.nccgroup.com
software
security
development
frontiers
fernick
NCC Group’s 2020 Annual Research Report
In this post, we summarize our security research findings from across the nearly 200 conference...
2021-01-31 10:00:00 | 阅读: 444 |
收藏
|
research.nccgroup.com
security
cloud
network
remote
Software Verification and Analysis Using Z3
This post provides a technical introduction on how to leverage the Z3 Theorem Prover to reason a...
2021-01-29 21:00:00 | 阅读: 258 |
收藏
|
research.nccgroup.com
bitvec
z3
264
candidate
gf
Technical Advisory – Linksys WRT160NL – Authenticated Command Injection (CVE-2021-25310)
Current Vendor: Belkin (Linksys)Vendor URL: https://www.linksys.com/sg/p/...
2021-01-29 01:55:30 | 阅读: 278 |
收藏
|
research.nccgroup.com
belkin
wrt160nl
puvar7
linksys
manuel
Real World Cryptography Conference 2021: A Virtual Experience
Earlier this month, our Cryptography Services team got together and attended (virtually) the IAC...
2021-01-27 21:00:00 | 阅读: 298 |
收藏
|
research.nccgroup.com
attacker
security
aided
rwc
joppe
RIFT: Analysing a Lazarus Shellcode Execution Method
About the Research and Intelligence Fusion Team (RIFT):RIFT leverages our...
2021-01-23 17:43:14 | 阅读: 294 |
收藏
|
research.nccgroup.com
windows
shellcode
programlogs
rift
fusion
MSSQL Lateral Movement
Using discovered credentials to move laterally in an environment is a common goal for the NCC Gr...
2021-01-21 23:30:23 | 阅读: 291 |
收藏
|
research.nccgroup.com
database
security
microsoft
shellcode
trustworthy
Public Report – BLST Cryptographic Implementation Review
In October 2020, Supranational, Protocol Labs and the Ethereum Foundation...
2021-01-21 03:45:02 | 阅读: 325 |
收藏
|
research.nccgroup.com
library
stake
ietf
hashing
Sign over Your Hashes – Stealing NetNTLM Hashes via Outlook Signatures
In your emails, getting your hashes Capturing NetNTLM hashes from network communications is...
2021-01-16 02:54:59 | 阅读: 308 |
收藏
|
research.nccgroup.com
microsoft
network
software
intranet
Abusing cloud services to fly under the radar
tl;drNCC Group and Fox-IT have been tracking a threat group with a wide set of interests, fr...
2021-01-12 17:00:00 | 阅读: 343 |
收藏
|
research.nccgroup.com
network
cobalt
windows
victim
c2
Building an RDP Credential Catcher for Threat Intelligence
tl;drWe wanted to build a mechanism to capture all the passwords used...
2021-01-10 23:01:31 | 阅读: 303 |
收藏
|
research.nccgroup.com
pgina
nla
remote
microsoft
Double-odd Elliptic Curves
This post is about some new (or sort of new) elliptic curves for use in cryptographic protocols....
2021-01-06 21:00:00 | 阅读: 294 |
收藏
|
research.nccgroup.com
curves
odd
elliptic
cofactor
cycles
Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs
tl;drLiam Stevenson, Associate Director of Technical Services within NCC Group’s Managed Det...
2021-01-04 20:28:03 | 阅读: 296 |
收藏
|
research.nccgroup.com
nifi
microsoft
eps
reduced
github
Domestic IoT Nightmares: Smart Doorbells
PrefaceHalf way through 2020, UK independent consumer champion Which? magazine reached out t...
2020-12-18 23:00:00 | 阅读: 599 |
收藏
|
research.nccgroup.com
firmware
doorbell
network
qr
eventid
Technical Advisory: OS Command Injection in Silver Peak EdgeConnect Appliances (CVE-2020-12148, CVE-2020-12149)
Vendor: Silver PeakVendor URL: https://www.silver-peak.comVersions affec...
2020-12-17 23:12:14 | 阅读: 314 |
收藏
|
research.nccgroup.com
edgeconnect
peak
silver
software
Helping Engineering Teams Tackle Security Debt in Embedded Systems: U-Boot Configuration Auditing Introduced in Depthcharge v0.2.0
Depthcharge v0.2.0 is now available on GitHub and PyPi. This release introduces new “configurati...
2020-12-16 21:00:00 | 阅读: 277 |
收藏
|
research.nccgroup.com
depthcharge
security
checker
software
dummy
An Adventure in Contingency Debugging: Ruby IO#read/IO#write Considered Harmful
Recently, I was working on weaponizing a particular bug with a colleague. For reasons unfathomab...
2020-12-15 21:00:00 | 阅读: 289 |
收藏
|
research.nccgroup.com
tpex
tracepoint
tcpsocket
errno
econnreset
Previous
18
19
20
21
22
23
24
25
Next