Encrypt this, encrypt that, or LLM under lock and key
Hello, dear readers of tekkix. The more I delve into LLM, the more I am convinced that they have now taken, if not the most important, then certainly one of the very…
Security - Articles for the year 2024
Read interesting articles and reviews for the year 2024. Analysis of key events in the "Security" sector
To the collection of BGP vulnerabilities — how the Kirin attack works
Over the years of the protocol's existence, many vulnerabilities have been identified in it. And recently, a group of researchers found a new one. We explain what this…
SCA in the language of a security specialist
Recently, within the company, we have had several enthusiasts interested in DevSecOps for completely different reasons. Someone was asked an uncomfortable question by…
"Sand" technologies: about the architecture and techniques for bypassing sandboxes
Hello! My name is Alexey Kolesnikov, I work in the malware detection department of the Positive Technologies security expert center, in the PT Sandbox team.
Case study of code analysis
Greetings to all tekkix readers. If you throw out administrative work, then my main activity at work is finding various vulnerabilities. Most often, my toolkit consists…
Analysis of vulnerability CVE-2024-7965
On August 21, the Chrome browser received an update that fixed 37 security-related bugs. The attention of researchers around the world was drawn to the vulnerability…
Searching for malicious activity in Windows using command line logging and process trees
This publication is a translation of the article - HUNTING FOR MALWARE WITH COMMAND LINE LOGGING AND PROCESS TREES by Vanja Svajcer. The article is about how to use command…
Social engineering or how the efforts of security professionals are shattered by the human factor
Information security specialists create systems that resist cyberattacks. They implement firewalls, configure monitoring, write security policies, and train employees.…
Is "Vasya" always to blame: debunking myths about the human factor in information security
High-profile cybersecurity scandals in which employees of large companies and government agencies were found guilty have become one of the main topics of the past three…
Training at Stanford Online: Advanced Cybersecurity
Hello! My name is Nikolai, I have been working in the field since 2010. This is my first article on tekkix. Based on my experience of passing the Stanford Online certification…
In pursuit of shadows: image geolocation using the Shadow Finder Tool
GEOINT often takes a lot of time, researchers spend hours viewing photos, studying satellite images, and viewing street views.
Do we allow our applications too much?
Many people have photos of their passport, driver's license, and child's birth certificate on their phone. But not everyone realizes how easy it is to access them. One…
Arbitrary File Write
The world of vulnerabilities is quite diverse. Usually, hackers try to achieve their goals using arbitrary code execution vulnerabilities, the very abbreviation RCE.…
Security for Non-Security Experts
Anastasia Vazhinskaya is an information security engineer, not a front-end developer, but her presentation became the most important for the main hall of the FrontendConf…
Top dangerous vulnerabilities of August: Microsoft Windows and WordPress sites are at risk
tekkix, hello! I am Alexander Leonov, leading expert of the PT Expert Security Center laboratory. Every month, my team of analysts at Positive Technologies researches…
Kubernetes Secrets Management with Sealed Secrets and Helm: GitOps way
In this article, we will look at how to organize simple secrets management for applications in Kubernetes using the GitOps approach. We store secrets in git securely…
Password Security Practices
This article is a translation of the Password Security Guidance from the National Cyber Security Centre of Canada. There is a lot of information about passwords available…
How to check for phone surveillance. Myths and reality
In this article, we have collected the main "symptoms" of mobile surveillance that we found on the Internet. Each of them is commented on by a specialist in the field…
