Popular on PrZen

Similar on PrZen

NCC Group to Offer Exclusive Research and Analysis at World's Largest Annual Gathering of Security Industry Leaders and White Hat Hackers

https://www.nccgroup.trust/us/ NCC Group
14 Technical Presentations to be delivered at Black Hat USA 2019, DEF CON 27 & BSidesLV at Las Vegas Conferences



NCC Group, one of the largest and most respected cybersecurity consultancies in the world, is a dynamic force in a dynamic field: As a global business with 1,800 colleagues in 12 countries, it has significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore. It aims to protect organizations' brand value and reputation from a threat landscape that's always growing in sophistication and scope. The NCC Group Research Team regularly presents at major security conferences worldwide.

News summary:

Next month in Las Vegas, NCC Group researchers will deliver 14 technical presentations throughout Black Hat USA 2019, BSidesLV, and DEF CON 27. The latest findings include:
  • The release of a tool that enables up to a 10x speedup in DNS rebinding exploitation, includes RCE and exfiltration payloads for common developer tools and software, and can bypass a number of services designed to protect against DNS rebinding
  • An exploit development-oriented talk on all evils enabled by eBPF in the Linux kernel, from various forms of hidden IPC channels to fully fledged rootkits
  • Understanding what security flaws inside MacOS installer packages are actually doing, and learning how to audit them for security issues that can be exploited to elevate privileges and gain code/command execution; additionally, a primer on finding and exploiting bugs in real installer packages
  • Discovery of privacy-violating data collection and security practices in privacy-oriented iOS robocall-blocking apps
  • Using open source tools to better understand your organization's cloud security posture
  • Studies on mouse and keyboard tracking to analyze user behavior during phishing attacks
  • New ways to compromise Azure: From admin account takeover and backdooring Azure AD with service account to complete remote bypass of multi-factor authentication and the cloud instance.

NCC Group researchers will also present remote vulnerabilities found in printers from six major enterprise vendors, including a large number (over 35) of responsibly-disclosed 0-day vulnerabilities that were discovered through three months of dedicated research. Proof-of-concept exploits showing how it's possible to gain full control of printers—and all the data they manage—will be presented. The clear takeaway: Most enterprise printers offer an attack vector for exploitation and compromise by threat actors seeking to support C2 persistence, or to exfiltrate sensitive data from otherwise-secure corporate networks.

NCC Group's Director of Bug Bounty Services will also speak at Black Hat USA on how to architect and operationalize a successful vulnerability disclosure or bug bounty program.

NCC Group also has a rich history of developing innovative technologies. The company will present and/or release several new tools, including:
  • Phantap: An "invisible" network tap aimed at red teams
  • Azucar: A plugin-based tool to assess an Azure environment's security risks
  • chocoProxy: A tool to aid in reverse engineering Windows applications' network traffic to expedite development of memory corruption exploits
  • Singularity: An open source DNS rebinding attack framework
  • Scout Suite: A multi-cloud security auditing tool for AWS, GCP, and Azure


Additional Resources:

Media Contact
Paula Dunne

Source: NCC Group
Show All News | Report Violation

1000 characters max.

Latest on PrZen