NCC Group to Offer Exclusive Research and Analysis at World's Largest Annual Gathering of Security Industry Leaders and White Hat Hackers

14 Technical Presentations to be delivered at Black Hat USA 2019, DEF CON 27 & BSidesLV at Las Vegas Conferences
LAS VEGAS - Aug. 1, 2019 - PRLog -- MEDIA ADVISORY


NCC Group, one of the largest and most respected cybersecurity consultancies in the world, is a dynamic force in a dynamic field: As a global business with 1,800 colleagues in 12 countries, it has significant market presence in North America, continental Europe and the UK, and a rapidly growing footprint in Asia Pacific with offices in Australia and Singapore. It aims to protect organizations' brand value and reputation from a threat landscape that's always growing in sophistication and scope. The NCC Group Research Team regularly presents at major security conferences worldwide.

News summary:

Next month in Las Vegas, NCC Group researchers will deliver 14 technical presentations throughout Black Hat USA 2019, BSidesLV, and DEF CON 27. The latest findings include:
  • The release of a tool that enables up to a 10x speedup in DNS rebinding exploitation, includes RCE and exfiltration payloads for common developer tools and software, and can bypass a number of services designed to protect against DNS rebinding
  • An exploit development-oriented talk on all evils enabled by eBPF in the Linux kernel, from various forms of hidden IPC channels to fully fledged rootkits
  • Understanding what security flaws inside MacOS installer packages are actually doing, and learning how to audit them for security issues that can be exploited to elevate privileges and gain code/command execution; additionally, a primer on finding and exploiting bugs in real installer packages
  • Discovery of privacy-violating data collection and security practices in privacy-oriented iOS robocall-blocking apps
  • Using open source tools to better understand your organization's cloud security posture
  • Studies on mouse and keyboard tracking to analyze user behavior during phishing attacks
  • New ways to compromise Azure: From admin account takeover and backdooring Azure AD with service account to complete remote bypass of multi-factor authentication and the cloud instance.

NCC Group researchers will also present remote vulnerabilities found in printers from six major enterprise vendors, including a large number (over 35) of responsibly-disclosed 0-day vulnerabilities that were discovered through three months of dedicated research. Proof-of-concept exploits showing how it's possible to gain full control of printers—and all the data they manage—will be presented. The clear takeaway: Most enterprise printers offer an attack vector for exploitation and compromise by threat actors seeking to support C2 persistence, or to exfiltrate sensitive data from otherwise-secure corporate networks.

NCC Group's Director of Bug Bounty Services will also speak at Black Hat USA on how to architect and operationalize a successful vulnerability disclosure or bug bounty program.

NCC Group also has a rich history of developing innovative technologies. The company will present and/or release several new tools, including:
  • Phantap: An "invisible" network tap aimed at red teams
  • Azucar: A plugin-based tool to assess an Azure environment's security risks
  • chocoProxy: A tool to aid in reverse engineering Windows applications' network traffic to expedite development of memory corruption exploits
  • Singularity: An open source DNS rebinding attack framework
  • Scout Suite: A multi-cloud security auditing tool for AWS, GCP, and Azure


Additional Resources:

Media Contact
Paula Dunne

Posted By:*** Email Verified
Tags:Security, Black Hat, DEF CON, BSlides Las Vegas
Industry:Security, Software, Technology
Location:Las Vegas - Nevada - United States
Account Email Address Verified     Account Phone Number Verified     Disclaimer     Report Abuse

Like PRLog?
Click to Share