Holidays, public holidays, any "extra" days off - this is an opportunity for attackers to try to launch an attack. The attackers' calculation is simple: the fewer "defending"…
In this article, we will examine which methods of transmitting a password over the internet are the safest. Hashing passwords or the TLS protocol - which one to choose…
Hello! This is Masha from AppSec at Alfa-Bank. Recently, we held the first cybersecurity hackathon, which took place with the joint efforts of the IT, AppSec, Intranet,…
Julia here again, a systems analyst at EvApps, and we continue exploring WebSocket technology. In the first part, we learned the basics of WebSocket, and now let's look…
Don’t let your thoughts become training material for AI — or leak in a data breach. It doesn’t matter which chatbot you choose: the more you share, the more useful it…
March 31 is a day meant to bring together those who make backups and those who don't yet. And to quickly reduce the number of the latter. At beeline cloud, we've decided…
Hello everyone! Time to refresh your memory on the key information security events from last month. The main one, undoubtedly, was Signalgate involving top U.S. officials,…
In the small company TechnoSoft, which specialized in business automation software, a Friday evening seemed ordinary. The sales manager—a young, attractive girl with…
Everyone should play one great joke at least once in their life. In this article, I will talk about mine. The story is true, only the names have been removed to protect…
Getting to OFFZONE as a speaker is not the easiest task. Every year we get questions: how does the CFP work? which topics are better to choose? how to submit an application…
Hello, today I will share with you another report. The vulnerability we will discuss is IDOR. Using it, I was able to expose personally identifiable information (PII…
A good interface should help the user. But what if I say that sometimes a good interface should hinder them?
Hello, tekkix! My name is Alexander Shcherbakov. I will tell you how Privileged Access Management systems help control the actions of privileged users with the help of…
Welcome to all CTF and ethical hacking enthusiasts on the Red Team! In this article, we will look at how to complete the easy task TETRIS, developed by pentesters from…
In 2024, we released a post We Hacked Google A.I. for 50,000, which described how our group consisting of Roni “Lupin” Carta, Joseph “rez0” Tacker, and Justin “Rhynorater”…
Ignoring vulnerabilities in operating systems or other software products is fundamentally an unimaginable situation. On the contrary, developers always strive to find…
Security Vision
