This blog post describes a vulnerability found and exploited in November 2022 by NCC Group. The target was the TP-Link AX1800 WiFi 6 Router (Archer AX21).

When there isn't a Steampipe plugin to meet your need, the Net plugin's net_http_request table can save the day.

Cymulate researchers have discovered a new vulnerability and created a proof of concept. The technique based on it allows attackers to circumvent many EDR vendors.

Learn how Legit Security discovered a vulnerable GitHub actions workflow that affected Google, Apache and potentially many more. Get details on the vulnerability and what you can do to mitigate it.

By Sergi Martinez Overview It’s been a while since our last technical blogpost, so here’s one right on time for the Christmas holidays. We describe a method to exploit a use-after-free in the Linux kernel when objects are allocated in a specific slab cache…

Extracting firmware via UART and UBoot

We examined the password management solution Passwordstate of Click Studios and identified multiple high severity vulnerabilities (CVE-2022-3875, CVE-2022-3876, CVE-2022-3877).

Vulnerability scanner written in Go which uses the data provided by https://osv.dev - GitHub - google/osv-scanner: Vulnerability scanner written in Go which uses the data provided by https://osv.dev

Intro Normally, when a users backup their iOS device, the backup is saved into ~/Library/Application Support/MobileSync/Backup directory. The MobileSync directory is properly protected by TCC, as the backup can contain photos, contact information, everything…

A technical analysis where we use sentinel value to bypass the Latest Chrome v8 HardenProtect

Every week, almost without fail, I come across one thing that confuses, entertains, or most commonly infuriates me. I’ve decided to keep a…

TL;DR Istio is an open-source service mash that can layer over applications. Studying CVE-2021-34824 in Istio will allow us to dive into some concepts of Istio and service meshes in general. We...

CVE-2022-20958: Cisco BroadWorks CommPilot Application allows authenticated users to upload configuration files on the platform. The lack of file validation and a broken access control on the vulnerable upload serverlet allows any authenticated user to upload…

CVE-2022-20951: Cisco BroadWorks CommPilot Application exposes a servlet that allows the application to be used as an HTTP proxy server. The lack of validation of the the target URL and the lack of authentication protection allows an unauthenticated attacker…

DirtyCred Remastered: how to turn an UAF into Privilege Escalation

Disclaimer: as many other security researchers […]

As part of my internship at STAR Labs, I conducted n-day analysis of CVE-2020-6418. This vulnerability lies in the V8 engine of Google Chrome, namely its optimizing compiler Turbofan. Specifically, the vulnerable version is in Google Chrome’s V8 prior to…

Cutting-edge cyber security research from NCC Group. Find public reports, technical advisories, analyses, & other novel insights from our global experts.

Taking a look at the timeline leading up to exploitation of CVE-2022-35914 and the current state of attacks in the wild.