Have you ever heard that 1 + 1 does not always equal 2? That's the case with prompt injection. In this post, Jose Selvi describes the non-deterministic nature of prompt injection and how to avoid missdetecting such vulnerability. research.nccgroup.com/2024/04/12/non…

An update (1.5.1) has been released for Phoenix Contact CHARX SEC-3100 EV Charging Controllers which addresses vulnerabilities NCC Group EDG (Alex Plaskett McCaulay) exploited at Pwn2Own Automotive 2014.

cert.vde.com/en/advisories/…

phoenixcontact.com/en-gb/products…

Mark Tedman introduces a Telco Attack Testing Tool designed to enhance security testing methodologies within the telecommunications industry. research.nccgroup.com/2024/03/13/the… #CyberSecurity #Telecommunications #InfoSec #NetworkSecurity

Recent investigations by NCC Group’s Digital Forensics and Incident Response Team in APAC have uncovered significant deviations in Lorenz’s Tactics, Techniques, and Procedures, shedding light on the group’s evolving strategies
research.nccgroup.com/2024/02/22/unm…

A race in time to find a replacement bug for Pwn2Own Toronto 2022!

EDG (McCaulay Alex Plaskett Cedric Halbronn fidgeting bits) found and exploited another Netgear WAN command injection bug.

Blog: research.nccgroup.com/2024/02/09/puc…

Yes! EDG are too awesome - well done team! #Pwn2Own

Success! The folks from NCC Group EDG (@nccgroupinfosec, McCaulay, and Alex Plaskett) were able to exploit the Phoenix Contact CHARX SEC-3100 and provided a light show as confirmation. #Pwn2Own #P2OAuto

We're very proud of you EDG! Great work and looking forward to day 2's activities. We're 'rooting' for you 😀 #Pwn2Own

Thrilled to announce that NCC Group's EDG will be participating in Pwn2Own Automotive 2024 in Tokyo this week! Good luck Alex Plaskett and McCaulay. May the Gods of Pwn be with you...

Have you seen our Annual Research Report yet?

It summarises two years of our publicly-released research across wide range of Technologies, Threat Intelligence, Digital Forensics & Incident Response.

Check it out here:

research.nccgroup.com/2023/12/11/ncc…

Shooting Yourself in the .flags – Jailbreaking the Sonos Era 100

The Era 100 is Sonos’s flagship device, released on March 28th 2023. NCC found weaknesses within the bootloader which can lead to full compromise of the device.

research.nccgroup.com/2023/12/04/sho…

research.nccgroup.com/2023/12/04/tec…

In this post we delve into a recent incident response engagement handled by NCC Group's CIRT, which involved the Ransomware-as-a-Service known as NoEscape.

research.nccgroup.com/2023/11/20/is-…

Searching for malicious HTTP servers by identifying typos in HTTP responses.

research.nccgroup.com/2023/11/15/the…

From our series on TTPs deployed by four ransomware families, here's our writeup on Medusa.

research.nccgroup.com/2023/11/13/don…

Demystifying Cobalt Strike's 'make_token' command - a tutorial by Simone Salucci and Daniel Lopez Jimenez.
research.nccgroup.com/2023/11/10/dem…

Xavier Cervilla has documented the process of creating a Magisk module to automate the work required to intercept traffic on Android 14.
research.nccgroup.com/2023/11/08/too…

In this blog, Luis Toro Puig walks us through post-exploiting a compromised etcd (gaining full control over the cluster and its nodes).
research.nccgroup.com/2023/11/07/pos…

Our technical experts have written a blog series focused on TTPs deployed by four ransomware families recently observed during NCC Group's incident response engagements. Here's their deep dive into the D0nut extortion group.
research.nccgroup.com/2023/11/06/d0n…

Check out our overview of payloads dropped by the Blister loader, based on 137 unpacked samples from the past 1.5 years alongside a look at recent activity of Blister.

research.nccgroup.com/2023/11/01/pop…

Congratulations Ken (@yogehi) and Ilyes (@040xZx)! Amazing work...