Incident response XXII века: как PAM-система помогла выявить атаку в прямом эфире
In the article "Reign of king: tactics and tools of the Obstinate Mogwai group" from the Solar 4Rays Cyber Threat Research Center, there is an interesting case of an…
Security - Articles for the year 2024
Read interesting articles and reviews for the year 2024. Analysis of key events in the "Security" sector
Cryptography of the Middle Ages: from alchemical ciphers to magic squares
Among the bright symbols of the Middle Ages are sorcerers, witches, and alchemists who "enchant and turn mercury into gold." Cryptography at this time also went hand…
Safe Digest New Year Edition: "bot" among "friends", bushido against fraud, TB of leaked "snowflakes"
Throughout 2024, we have witnessed a lot of high-profile hacks, leaks, failures, and just funny news from the world of information security. For the New Year, we traditionally…
Secrets in Java services on Spring: where to get and how to update
Hello, tekkix! My name is Andrey Chernov, I am a Java architect at SberTech, where I develop the architecture of microservices. Now I will talk about the nuances of working…
Mix, but do not shake. How we added Sec between Dev and Ops
Hello, tekkix! My name is Natali Dubotolkova, I am a senior secure software development engineer at Basis. I want to talk about how we thought about integrating the work…
How OSINT reunited two long-lost soldiers
Faces and names mentioned in this blog are real and used with their permission. Some details have been edited or hidden to protect the privacy of others.
Basic SAST and DAST setup for django in gitlab cicd: how to quickly implement security solutions
Hello, my name is Egor and I am a Tech Lead at IdaProject :) I am engaged in strategy, processes, and teams in the direction of backend development.
Development of Security Proxy. Dynamic Rights
Hello everyone! The classic approach to authorization is when its control is placed inside a specific service in the form of static rules. That is, the role and rights…
Worse than a flood, scarier than a fire: how to prepare your backups for a ransomware virus visit
For decades, backups have primarily protected us from physical equipment failure and accidental data corruption. A good backup system should survive a fire, a flood,…
Evolution of NGFW in Russia on the example of UserGate. Interview with UserGate NGFW Development Manager Kirill Pryamov
There was already an interview on tekkix about Next Generation Firewall from Solar, which touched on the technical aspects of developing such solutions. There was also…
OSINT. Now what is the buzz about?
We at IDX, a company engaged in legal personal data verification, are naturally interested in everything related to PD, even if it goes beyond our operational activities.…
Database Hardening
Nowadays, any serious application needs a database to store information. DBMS allows you to save data, quickly find and retrieve what you need using queries. But in order…
Attacks on GitHub developer in 2024
The "Platform Engineering" trend proposed by analytical agencies has become interesting not only to companies that transform their processes, teams, and tools according…
Hiding VMware from malware
Methods for detecting malicious code are improving, as is the malicious code itself. In the past, antivirus systems used signature analysis to detect viruses, but now…
Inventing IAM for the MWS cloud: introduction and resource model
My team and I decided to create a cloud. Not the kind of cloud that says "move your files to the cloud," and not even the kind that says "deploy your site on our CMS,…
How to promote IT solutions to a bored audience?
My name is Damir Gibadullin, product manager of the "Digital Headquarters" system. My experience in selling IT solutions and broad outlook have combined and crystallized…
What determines the security of a quantum network? Part 1
Quantum key distribution [1] is one of the most rapidly developing areas in modern science. The most important advantage of QKD is the security of personal data transmission…
Positive Technologies: «We invented it ourselves, paid for it ourselves, produce it ourselves, and suffer ourselves». How PT NGFW was created
I have already done material on domestic NGFW from one of the cyber security companies, so I decided to continue the practice and talk about other NGFWs. And in May 2024…
