NCC Group's blog is the central area to share ideas, discuss research and offer insights into the industry's most challenging subjects.
We aim to offer you a trusted and valued place to engage with passionate and experienced experts across the field of information assurance.
Violating the Virtual Channel – RDP Testing
Introduction As security consultants we often come across situations where we have access to an RDP server that has been locked down fairly ...Read full post
Digital Strategy in the boardroom
Business Insights Introduction Digital is here and here to stay but research  suggests that the boardroom is far too slow to implement co ...Read full post
Truecrypt Phase Two Audit Announced
iSEC Partners, part of NCC Group, completed the first phase of the Truecrypt audit almost a year ago, focusing on the Windows kernel code, b ...Read full post
Technology doping: Competitive advantage by abusing security flaws in smart sports equipment
Introduction The term “Technology doping” has recently been used  to mean the practice of gaining a competitive advantage through using s ...Read full post
Secure Software: So you have a threat model, now what?
Introduction Let us assume your organisation had understood the importance of threat modelling and run the exercise. Now you have a report: ...Read full post
How we helped a major CDN identify and fix a faulty node
The value of synthetic monitoringRead full post
Cyber criminals “love” Valentine’s Day
As Valentine’s Day fast approaches security experts have urged people to keep their wits about them when online as cyber criminals often use ...Read full post
DARPA OnStar Vulnerability Analysis
Introduction In a report  by US TV show “60 Minutes” about DARPA  and the Internet of Things, the Department of Defence has shown that ...Read full post
A cynic’s view of 2015 security predictions – Part three
Introduction A number of security predictions have been doing the rounds over the last few weeks, so I decided to put pen to paper and writ ...Read full post