TL;DR: Al Capwn goes international! We won the second prize hacking hardware with our 15$ (1000 INR) SDR and Logic Analyzer in Doha, Qatar! In October 2019, Members of Al Capwn flew from New Delhi, India to Doha, Qatar to attend Qatar International Cybersecurity…

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Backstory During a red teaming exercise […]

Mars Stealer is an improved copy of Oski Stealer.

Theori researchers have created a working PoC exploit for the recently patched CVE-2022-26717 vulnerability affecting Apple Safari product

After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s… (well, you can use your imagination).

In early February 2022, we witnessed an intrusion employing Gootloader (aka GootKit) as the initial access vector. The intrusion lasted two days and comprised discovery, persistence, lateral moveme…

CRC32 is a checksum first proposed in 1961, and now used in a wide variety of performance sensitive contexts, from file formats (zip, png, gzip) to filesystems (ext4, btrfs) and protocols (like eth…

Binary Abstract Inspector is a static analyzer for automated reverse engineering and scanning vulnerabilities in binaries

Bonita Web 2021.2 is affected by an authentication/authorization bypass vulnerability in the API authorization filters.

This is the follow-up to my research described in the article "Four Bytes of Power: Exploiting CVE-2021-26708 in the Linux kernel." My PoC exploit for CVE-2021-26708 had a very limited facility for privilege escalation, and I decided to continue my experiments…

Don’t let cyber threats get the best of you. Read our post, Tips for Automating IOC Extraction from GootLoader, a Changing JavaScript Malware, to learn more about cyber threats and cyber security.

Don’t let cyber threats get the best of you. Read our post, PDF Malware Is Not Yet Dead, to learn more about cyber threats and cyber security.

Web skimming campaigns now employ various obfuscation techniques to deliver and hide the skimming scripts. It’s a shift from earlier tactics where attackers conspicuously injected the malicious scripts into e-commerce platforms and content management systems…

Two days ago, Nao_sec identified an odd looking Word document in the wild, uploaded from an IP address in Belarus:

Dealing with Virtualization-Based Security (VBS), Hypervisor-Protected Code Integrity (HVCI), and Kernel Control Flow Guard (kCFG).

Unleash the Power of Wi-Fi Bustin' with the Pwnton Pack, a cutting-edge wireless assessment tool featuring integrated devices and a proprietary micro…