unSafe.sh - 不安全
我的收藏
今日热榜
公众号文章
导航
Github CVE
Github Tools
编码/解码
文件传输
Twitter Bot
Telegram Bot
Rss
黑夜模式
Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
By Nicolas Bidron, and Nicolas Guigo.U-boot is a popular boot loader for embedded systems wi...
2022-6-4 02:50:1 | 阅读: 56 |
收藏
|
research.nccgroup.com
hole
payload
thisfrag
offset8
fragment
NCC Group’s Jeremy Boone recognized for Highest Quality and Most Eligible Reports through the Intel Circuit Breaker program
Congratulations to NCC Group researcher Jeremy Boone, who was recently rec...
2022-6-2 21:33:25 | 阅读: 18 |
收藏
|
research.nccgroup.com
jennifer
fernick
invited
firmware
vpro
Conference Talks – June 2022
This month, members of NCC Group will be presenting their technical work &...
2022-6-1 07:59:0 | 阅读: 15 |
收藏
|
research.nccgroup.com
security
cloud
gcp
fernick
software
Hardware Security By Design: ESP32 Guidance
Within the Hardware and Embedded Systems practice at NCC Group, some engagements with clients are ea...
2022-6-1 04:51:41 | 阅读: 41 |
收藏
|
research.nccgroup.com
encryption
security
firmware
efuse
uart
Public Report – Lantern and Replica Security Assessment
Editor's Note: This security assessment was conducted by a team of our con...
2022-6-1 02:45:0 | 阅读: 16 |
收藏
|
research.nccgroup.com
lantern
security
client
fernick
jennifer
NCC Group’s Juan Garrido named to Microsoft’s MSRC Office Security Researcher Leaderboard
Congratulations to NCC Group researcher Juan Garrido, who was recently...
2022-5-31 23:0:0 | 阅读: 16 |
收藏
|
research.nccgroup.com
security
juan
microsoft
fernick
garrido
Technical Advisory – FUJITSU CentricStor Control Center
SummaryOn the 6th of April 2022, NCC Group’s Fox-IT discovered two sep...
2022-5-28 03:20:0 | 阅读: 13 |
收藏
|
research.nccgroup.com
php
attacker
fox
grel
appliance
Public Report – go-cose Security Assessment
In April and May 2022, NCC Group Cryptography Services engaged in a security a...
2022-5-27 01:15:7 | 阅读: 20 |
收藏
|
research.nccgroup.com
cose
library
fernick
jennifer
security
Technical Advisory – SerComm h500s – Authenticated Remote Command Execution (CVE-2021-44080)
Current Vendor: SerCommVendor URL: https://www.sercomm.comSystems Affect...
2022-5-25 02:48:3 | 阅读: 55 |
收藏
|
research.nccgroup.com
sercomm
h500s
gómez
network
diego
Metastealer – filling the Racoon void
Author: Peter GurneyMetaStealer is a new information stealer varia...
2022-5-20 23:47:24 | 阅读: 60 |
收藏
|
research.nccgroup.com
metastealer
hexintxor
hexbytes
hexintkey
defender
earlyremoval, in the Conservatory, with the Wrench: Exploring Ghidra’s decompiler internals to make automatic P-Code analysis scripts
(The version of Ghidra used in this article is 10.1.2. For the Go string recovery tool release,...
2022-5-20 17:0:0 | 阅读: 147 |
收藏
|
research.nccgroup.com
0x0048e7ea
0x0048e7cb
analysis
i0x0048e7ea
0x0048e7d0
Tool Release – Ghostrings
IntroductionGhostrings is a collection of Ghidra scripts for recoverin...
2022-5-20 16:59:0 | 阅读: 20 |
收藏
|
research.nccgroup.com
analysis
ghostrings
decompiler
memory
recovering
Technical Advisory – Kwikset/Weiser BLE Proximity Authentication in Kevo Smart Locks Vulnerable to Relay Attacks
Vendor: Kwikset/Weiser (Spectrum Brands)Vendor URLs: https://www.kwikset.com/kevo/smart-lock, h...
2022-5-16 07:58:0 | 阅读: 19 |
收藏
|
research.nccgroup.com
kevo
spectrum
brands
gatt
fob
Technical Advisory – Tesla BLE Phone-as-a-Key Passive Entry Vulnerable to Relay Attacks
Vendor: Tesla, Inc.Vendor URL: https://www.tesla.comVersions affected: Attack tested with vehi...
2022-5-16 07:54:0 | 阅读: 47 |
收藏
|
research.nccgroup.com
vehicle
tesla
fob
relaying
vehicles
Technical Advisory – BLE Proximity Authentication Vulnerable to Relay Attacks
Vendor: Bluetooth SIG, Inc.Vendor URL: https://www.bluetooth.comVersions Affected: Specificati...
2022-5-16 06:52:0 | 阅读: 25 |
收藏
|
research.nccgroup.com
proximity
sig
encryption
gatt
Technical Advisory: Ruby on Rails – Possible XSS Vulnerability in ActionView tag helpers (CVE-2022-27777)
Vendor: Ruby on RailsVendor URL: https://rubyonrails.orgVersions affected: versions prior to 7...
2022-5-7 01:27:22 | 阅读: 37 |
收藏
|
research.nccgroup.com
rails
malicious
helpers
payload
thename
North Korea’s Lazarus: their initial access trade-craft using social media and social engineering
Authored by: Michael Matthews and Nikolaos Pantazopoulos This blog post documents some o...
2022-5-5 16:20:43 | 阅读: 77 |
收藏
|
research.nccgroup.com
network
malicious
payload
analysis
security
Adventures in the land of BumbleBee – a new malicious loader
Authored by: Mike Stokkel, Nikolaos Totosis and Nikolaos Pantazopoulos...
2022-4-29 18:54:58 | 阅读: 23 |
收藏
|
research.nccgroup.com
bumblebee
network
loader
analysis
windows
LAPSUS$: Recent techniques, tactics and procedures
Authored by: David Brown, Michael Matthews and Rob Smallridgetl;dr...
2022-4-28 17:55:15 | 阅读: 24 |
收藏
|
research.nccgroup.com
lapsus
victim
cloud
remote
network
Real World Cryptography Conference 2022
The IACR’s annual Real World Cryptography (RWC) conference took place in Amsterdam a few weeks a...
2022-4-26 21:0:0 | 阅读: 26 |
收藏
|
research.nccgroup.com
security
encryption
pq
client
ecdsa
Previous
10
11
12
13
14
15
16
17
Next