Analysis of vulnerability CVE-2024-38227 in Microsoft SharePoint
On September 10, Microsoft released another set of updates, fixing 79 vulnerabilities in various products. Our attention was drawn to patches for Microsoft SharePoint…
Security - Articles for the year 2024
Read interesting articles and reviews for the year 2024. Analysis of key events in the "Security" sector
How SPAM appeared — the main booster of cybercrime
Do you like canned food? Or Viagra? You can buy them from us!
Attacks on web caching. Cache poisoning: theory and practice
Caching is an efficient architectural solution that is used at all levels of computing systems today, from processor and hard disk cache to web server cache and reverse…
25,000 spectators, 6,000 solo participants, and 138 teams in cyber exercises — how CyberCamp 2024 went
A few days ago, we held the main online camp on practical cybersecurity for the third time — CyberCamp 2024. It took place from October 3 to 5 online. Over the course…
Anonymous network in 100 lines of Go code
It has been more than a year since I wrote the article - Anonymous network in 200 lines of Go code. Reviewing it one autumn evening, I realized how terrible everything…
Methodology of Bug Bounty: A Guide for Bug Hunters
Irish full-time bug hunter Monke shares tips on conscious hacking and a selection of tools that simplify vulnerability hunting. As a bonus, a list of useful resources…
The most dangerous vulnerabilities of September: Microsoft, VMware, Veeam and others are under threat
Trentechix, hello! I am Alexander Leonov, a leading expert at the PT Expert Security Center laboratory. Every month, my team of analysts at Positive Technologies researches…
Hacking a robot vacuum cleaner and spying on the owner in real time
A major home robotics manufacturer failed to address the security issues of their robot vacuum cleaners, even though they were warned about the risks last year. Without…
Inspection of the WebSocket protocol using the Solar webProxy proxy server
The WebSocket protocol allows for the establishment of a permanent two-way connection between the client and the server, which significantly reduces latency and decreases…
Experience in implementing AppSec/DevSecOps practices
Development processes must be built to ensure a predictable level of product security at the output. It was with this idea that we began to modernize our internal processes…
Keeping up with deepfakes: application of technology and ethical aspects
The "deepfake" technology carries deep ethical implications, raising concerns about misinformation and manipulation. By seamlessly blending fabricated content with reality,…
Not only Flipper Zero: a hacker multitool from an old smartphone
They say that laziness is the engine of progress. As for me, competition works better. The ability to freely choose devices, applications, and information is now the…
What does the security of modern applications consist of?
You can find various interpretations of the concept of AppSec on the web. In this article, we will try to understand what should be included in AppSec, what skills are…
AWS Cloud Configuration Security Overview using Nuclei Templates
In the new version v9.8.5, Nuclei Templates have added templates for checking AWS Cloud configuration. In this post, we will discuss automating the verification of incorrect…
Machine Learning and Cryptography: Getting to Know CipherGAN
Machine learning is now used to a greater or lesser extent in various industries. Cryptographic analysis is no exception. In this article, we will look at the CipherGAN…
Ladybug in action. How to find vulnerabilities in Android and get into the top white hackers of Google
It is no secret that bug hunting is gaining popularity every year, attracting the attention of both companies seeking to improve the security of their products and white…
IDOR: A Complete Guide to Advanced Exploitation of IDOR Vulnerabilities
IDOR vulnerabilities are among the most common security vulnerabilities in modern web applications and APIs. It is not surprising that they are often recommended to novice…
Methodology and tools for identifying and tracking vessels
In this material, we will talk about the methodology and set of tools for determining the location, routes, owner, and inspections of a merchant vessel in four simple…
