NCC Group's 2022/2023 Research Report

Over the past two years, our global cyber security research has been characterized by unparalleled depth, diversity, and dedication to safeguarding the digital realm. The highlights of our work not only signify our commitment to pushing the boundaries of cyber security research but also underscore the tangible impacts and positive change we bring to the technological landscape.

This report is a summary of our public-facing security research findings from researchers at NCC Group between January 2022 and December 2023.

With the release of 18 public reports and the presentation of our work at over 32 international conferences and seminars encompassing a variety of technology and cryptographic implementations, we have demonstrated our capacity to scrutinize and enhance critical security functions. Notably, our collaborations with tech giants such as Google, Amazon Web Services (AWS), and Kubernetes demonstrate our pivotal role in fortifying the digital ecosystems of industry leaders.

Commercially, 2022 and 2023 saw us deliver over $3,000,000 in revenue in collaborative research engagement across various technologies and many sectors, increasingly across Artificial Intelligence (AI) and AI-based systems.

In our bid to democratize cyber security knowledge, we have released 21 open-source security tools and repositories. These invaluable tools have catalyzed efficiency gains across multiple domains of cyber security.

Our research has positioned us at the forefront of evolving cryptographic paradigms. With significant work in post-quantum cryptography, elliptic curve cryptography, and blockchain security, we remain key players in shaping the future of digital privacy and security.

We have matched the meteoric rise of AI/ML applications with an intense focus on understanding their security dynamics. Our research in this arena has grown exponentially since 2022, providing critical insights into the strengths and vulnerabilities of these transformative technologies.

Modern cloud environments, coupled with rapid shifts in software development and deployment, have necessitated deep dives into their security mechanisms. Our outputs in this domain have been instrumental in pioneering robust cyber defense tactics for contemporary digital infrastructures. Our exhaustive studies into hardware vulnerabilities and Operating System security have set benchmarks in comprehending and countering potential threats.

The external presentation of our research, particularly by our Exploit Development Group (EDG), has won us accolades- most notably a third-place finish at the 2022 Pwn2Own Toronto competition. EDG’s work on exploiting consumer routers and enterprise printers has been ground-breaking. Ken Gannon and Ilyes Beghdadi successfully exploited the Xiaomi 13 Pro smartphone at the 2023 Pwn2Own Toronto competition, demonstrating our continued excellence in mobile security.

Our research has spanned several other pivotal areas, including Vulnerability Detection and Management, Reverse Engineering, Modern Networking and Security, and Secure Programming and Development. Unearthing over 69 security vulnerabilities across third-party products, we’ve reinforced our commitment to digital safety through responsible and coordinated vulnerability disclosure. While highlighting potential threats, each discovery also underscores our unwavering dedication to proactively fortifying global digital infrastructures.

Our journey through 2022 and 2023 has been marked by rigorous research, collaboration, and an unwavering commitment to excellence. As we continue to gain intelligence, deliver insight, and innovate, our role in shaping a secure digital future remains paramount.