Welcome to the NCC Group Alumni Network

Keep existing connections and make new ones, receive exclusive member benefits, become a part of the community.

Connect

Stay in touch with the company, your colleagues and our community.

Explore

Discover global employment and career opportunities.

Manage

Control, oversee and manage your employment information.

Recent Research

Technical Advisory: Dell SupportAssist Local Privilege Escalation (CVE-2021-21518)

Summary When running PC-Doctor modules, the Dell SupportAssist service attempted to load DLLs from a world-writable directory. Furthermore, it did not validate the signature of libraries loaded from this directory, leading to a “DLL Hijacking” vulnerability. Impact Successful exploitation of this issue would allow a low privileged user to execute arbitrary code with SYSTEM privileges.…

Technical Advisory – Multiple Vulnerabilities in Netgear ProSAFE Plus JGS516PE / GS116Ev2 Switches

Multiple vulnerabilities were found in Netgear ProSafe Plus JGS516PE switches that may pose a serious risk to their users. The most critical vulnerability could allow unauthenticated users to gain arbitrary code execution. The following vulnerabilities were the most relevant identified during the internal research: Unauthenticated Remote Code Execution (CVE-2020-26919) NSDP Authentication Bypass (CVE-2020-35231) Unauthenticated Firmware…

Deception Engineering: exploring the use of Windows Service Canaries against ransomware

We prototyped a Windows Service Canary to help detect and respond to certain pre-ransomware trade craft. The ultimate goal being to alert and minimize the impact of ransomware deployments.

Technical Advisory: Administrative Passcode Recovery and Authenticated Remote Buffer Overflow Vulnerabilities in Gigaset DX600A Handset (CVE-2021-25309, CVE-2021-25306)

Current Vendor: Gigaset Vendor URL: https://www.gigaset.com/es_es/gigaset-dx600a-isdn/ Versions affected: V41.00-175.00.00-SATURN-175.00 Systems Affected: DX600A Authors: Manuel Ginés – manuel.gines[at]nccgroup[dot]com Admin Service Weak Authentication CVE Identifier: CVE-2021-25309 Risk: 8.8 (High) – AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H AT Command Buffer Overflow CVE Identifier: CVE-2021-25306 Risk: 4.5 (Medium) – AV:A/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Summary According to the oficial documentation, the Gigaset DX600A is a high-end ISDN desktop…

Wubes: Leveraging the Windows 10 Sandbox for Arbitrary Processes

Wubes is like Qubes but for Microsoft Windows. The idea is to leverage the Windows Sandbox technology to spawn applications in isolation. We currently support spawning a Windows Sandbox for the Firefox browser, with other applications easily added.