Dorks in a new way – looking for what is open
When conducting any pentest of a corporate network, one of the actions of white hackers is to search for information that is practically in the public domain: on file…
Security - Articles for September 2024 year
Read interesting articles and reviews for September 2024 year. Analysis of key events in the "Security" sector
History of the creation of ASoar: from idea to implementation of the cybersecurity system
My career in information security began, like many others, with work in IT infrastructure. Initially, my company was engaged in maintaining the stability of networks…
Evolution of attacks on web resources: what has changed since 2011
BI.ZONE WAF Cyber Threat Analytics and Research Department studied the statistics of attacks on web applications protected by BI.ZONE WAF. We compared this information…
1C flies south — our experience of migration to K2 Cloud
Imagine: you have a large company with offices from Moscow to the Far East, hundreds of facilities, thousands of shift workers, and an ancient 1C server that barely copes…
Can GPT-4o be trusted with confidential data?
We delve into Open AI's privacy policy and find out why experts have dubbed GPT-4o the "data turbo vacuum cleaner".
Incident Response in Linux Systems: Basics
In a world where cyberattacks are becoming more frequent, it is important to understand the process of incident response in information security.
Adapting fuzzing to find vulnerabilities
Fuzzing is a very popular software testing technique using random input data. There are a huge number of materials on the web about how to find software defects using…
How to improve the security risk assessment process in 4 steps
Hello, tekkix! My name is Irina, I am an information security analyst at Avito. In this article, I share our experience and my personal impressions of building the information…
Encrypt this, encrypt that, or LLM under lock and key
Hello, dear readers of tekkix. The more I delve into LLM, the more I am convinced that they have now taken, if not the most important, then certainly one of the very…
To the collection of BGP vulnerabilities — how the Kirin attack works
Over the years of the protocol's existence, many vulnerabilities have been identified in it. And recently, a group of researchers found a new one. We explain what this…
SCA in the language of a security specialist
Recently, within the company, we have had several enthusiasts interested in DevSecOps for completely different reasons. Someone was asked an uncomfortable question by…
"Sand" technologies: about the architecture and techniques for bypassing sandboxes
Hello! My name is Alexey Kolesnikov, I work in the malware detection department of the Positive Technologies security expert center, in the PT Sandbox team.
Case study of code analysis
Greetings to all tekkix readers. If you throw out administrative work, then my main activity at work is finding various vulnerabilities. Most often, my toolkit consists…
Analysis of vulnerability CVE-2024-7965
On August 21, the Chrome browser received an update that fixed 37 security-related bugs. The attention of researchers around the world was drawn to the vulnerability…
Searching for malicious activity in Windows using command line logging and process trees
This publication is a translation of the article - HUNTING FOR MALWARE WITH COMMAND LINE LOGGING AND PROCESS TREES by Vanja Svajcer. The article is about how to use command…
Social engineering or how the efforts of security professionals are shattered by the human factor
Information security specialists create systems that resist cyberattacks. They implement firewalls, configure monitoring, write security policies, and train employees.…
Is "Vasya" always to blame: debunking myths about the human factor in information security
High-profile cybersecurity scandals in which employees of large companies and government agencies were found guilty have become one of the main topics of the past three…
Training at Stanford Online: Advanced Cybersecurity
Hello! My name is Nikolai, I have been working in the field since 2010. This is my first article on tekkix. Based on my experience of passing the Stanford Online certification…
