Several rules for organizing a cybersecurity hackathon
Hello! This is Masha from AppSec at Alfa-Bank. Recently, we held the first cybersecurity hackathon, which took place with the joint efforts of the IT, AppSec, Intranet,…
Security
Discover the latest news, reviews, and best practices in information security. Stay updated on cybersecurity threats, protection strategies, and innovations in safeguarding data
WebSocket: simple about the complex. Part 2 — practical application and nuances
Julia here again, a systems analyst at EvApps, and we continue exploring WebSocket technology. In the first part, we learned the basics of WebSocket, and now let's look…
Five things you shouldn’t tell ChatGPT
Don’t let your thoughts become training material for AI — or leak in a data breach. It doesn’t matter which chatbot you choose: the more you share, the more useful it…
The history of "World Backup Day" [and a compact solutions digest] is a good reason to make a backup
March 31 is a day meant to bring together those who make backups and those who don't yet. And to quickly reduce the number of the latter. At beeline cloud, we've decided…
Top infosec news for March 2025
Hello everyone! Time to refresh your memory on the key information security events from last month. The main one, undoubtedly, was Signalgate involving top U.S. officials,…
How a Former Employee Transferred Data to Competitors
In the small company TechnoSoft, which specialized in business automation software, a Friday evening seemed ordinary. The sales manager—a young, attractive girl with…
April Fools' joke that almost got me fired
Everyone should play one great joke at least once in their life. In this article, I will talk about mine. The story is true, only the names have been removed to protect…
How the call for papers at OFFZONE works: from submission to presentation
Getting to OFFZONE as a speaker is not the easiest task. Every year we get questions: how does the CFP work? which topics are better to choose? how to submit an application…
IDOR & UUIDs for PII Leakage
Hello, today I will share with you another report. The vulnerability we will discuss is IDOR. Using it, I was able to expose personally identifiable information (PII…
How to Protect Wealth Using IT and "Hostile" Interfaces?
A good interface should help the user. But what if I say that sometimes a good interface should hinder them?
Anomaly detection and leak prevention — how signature-based analysis helps detect internal threats
Hello, tekkix! My name is Alexander Shcherbakov. I will tell you how Privileged Access Management systems help control the actions of privileged users with the help of…
Codeby.Games. CTF TASK «ТЕТРИС»/«TETRIS»
Welcome to all CTF and ethical hacking enthusiasts on the Red Team! In this article, we will look at how to complete the easy task TETRIS, developed by pentesters from…
We hacked Google Gemini and downloaded its source code
In 2024, we released a post We Hacked Google A.I. for 50,000, which described how our group consisting of Roni “Lupin” Carta, Joseph “rez0” Tacker, and Justin “Rhynorater”…
In Windows, an 8-year security flaw has been discovered that Microsoft does not want to fix
Ignoring vulnerabilities in operating systems or other software products is fundamentally an unimaginable situation. On the contrary, developers always strive to find…
Overview and market map of ML protection platforms
Security Vision
Exploring the "malicious" RJ45 flash drive
Reverse engineering hardware can be very challenging — but sometimes all it takes is a cozy chair and Google Translate.
"The point is not in the muse and inspiration. The point is in labor." An honest interview with Alexey Lukatsky about the pros and cons of book writing
Hello! Today we decided to remind tekkix readers that Positive Technologies not only research vulnerabilities, write research papers, and develop software for protection…
