NCC Group Research & Technology

NCC Group EDG @alexjplaskett and @_mccaulay will present Pioneering Zero Days at Pwn2Own Automotive 2024 where they will describe their Pioneer Pwn2Own chain and demonstrate a proof-of-concept vehicle spyware implant

This Saturday Alex Plaskett (@alexjplaskett) and McCaulay Hudson (@_mccaulay) from NCC EDG will present Revving Up: The Journey to Pwn2Own Automotive 2024 at @cybersaiyanIT in Rome, Italy.

Don't forget tomorrow at 17:00GMT @alexjplaskett and @_mccaulay will present at @44con on Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 2024! #Pwn2Own #CyberSecurity #infosec #EVSecurity #VulnerabilityResearch

Our latest research findings and articles are now live on the NCC Group website! Dive into cutting-edge cybersecurity insights here: nccgroup.com/us/research-bl… 🔍 Stay updated by subscribing to our RSS feed: nccgroup.com/us/research-bl… 📡 #Cybersecurity #Research

Today at 11:20am @alexjplaskett and @robHerrera_ will demonstrate remote compromise of a Sonos device and audio capture implant at @BlackHatEvents. #BHUSA

Don't forget! Tomorrow, on the 8th at 11:20am PST @alexjplaskett and @robHerrera_ present Listen Up: Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap at @BlackHatEvents #BHUSA

Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 2024 will be presented at 44CON 44con.com/44con-2024-tal… in September by Alex Plaskett (@alexjplaskett) & McCaulay Hudson (@_mccaulay) #44CON #CyberSecurity #InfoSec #EVSecurity #SecurityResearch

Alex Plaskett (@alexjplaskett) & McCaulay Hudson (@_mccaulay) will be presenting "Revving up: the journey to pwn2own automotive 2024" at RomHack in September romhack.io/romhack-confer… #RomHack #CyberSecurity #AutomotiveSecurity #TechTalks #InfoSec #CarHacking #SecurityResearch

Check out this trick that allows you to run binaries on embedded Linux without crosscompiling research.nccgroup.com/2024/06/05/cro… #security #cybersecurity #infosec #linux

Cryptopals Guided Tour Episode 17 just went live (!!) youtube.com/watch?v=6yHM19… #infosec #cybersecurity #cryptopals #learning #cyrptography #ohhnoithasmath

Do you want to learn more about Windows Exploit Engineering? @saidelike will be performing in-person training in Paris at @hexacon_fr on the 30th Sept-3rd of Oct hexacon.fr/trainer/halbro…

Listen up! @alexjplaskett and @robHerrera_ will present Sonos Over-The-Air Remote Kernel Exploitation and Covert Wiretap at BlackHat USA 2024 @BlackHatEvents They will demonstrate remote compromise and microphone capture! #BHUSA blackhat.com/us-24/briefing…

Checkout the new NanoMIPS plugin/blog post that aided in reverse engineering a Mediatek-based 5G modem image! research.nccgroup.com/2024/05/07/ghi… #cybersecurity #infosec #tech

Have you ever heard that 1 + 1 does not always equal 2? That's the case with prompt injection. In this post, @JoseSelvi describes the non-deterministic nature of prompt injection and how to avoid missdetecting such vulnerability. research.nccgroup.com/2024/04/12/non…

An update (1.5.1) has been released for Phoenix Contact CHARX SEC-3100 EV Charging Controllers which addresses vulnerabilities NCC Group EDG (@alexjplaskett @_mccaulay) exploited at Pwn2Own Automotive 2014. cert.vde.com/en/advisories/… phoenixcontact.com/en-gb/products…

Mark Tedman introduces a Telco Attack Testing Tool designed to enhance security testing methodologies within the telecommunications industry. research.nccgroup.com/2024/03/13/the… #CyberSecurity #Telecommunications #InfoSec #NetworkSecurity

Recent investigations by NCC Group’s Digital Forensics and Incident Response Team in APAC have uncovered significant deviations in Lorenz’s Tactics, Techniques, and Procedures, shedding light on the group’s evolving strategies research.nccgroup.com/2024/02/22/unm…

A race in time to find a replacement bug for Pwn2Own Toronto 2022! EDG (@_mccaulay @alexjplaskett @saidelike @FidgetingBits) found and exploited another Netgear WAN command injection bug. Blog: research.nccgroup.com/2024/02/09/puc…

Yes! EDG are too awesome - well done team! #Pwn2Own

Success! The folks from NCC Group EDG (@nccgroupinfosec, @_mccaulay, and @alexjplaskett) were able to exploit the Phoenix Contact CHARX SEC-3100 and provided a light show as confirmation. #Pwn2Own #P2OAuto