How the call for papers at OFFZONE works: from submission to presentation
Getting to OFFZONE as a speaker is not the easiest task. Every year we get questions: how does the CFP work? which topics are better to choose? how to submit an application…
Security
Discover the latest news, reviews, and best practices in information security. Stay updated on cybersecurity threats, protection strategies, and innovations in safeguarding data
IDOR & UUIDs for PII Leakage
Hello, today I will share with you another report. The vulnerability we will discuss is IDOR. Using it, I was able to expose personally identifiable information (PII…
How to Protect Wealth Using IT and "Hostile" Interfaces?
A good interface should help the user. But what if I say that sometimes a good interface should hinder them?
Anomaly detection and leak prevention — how signature-based analysis helps detect internal threats
Hello, tekkix! My name is Alexander Shcherbakov. I will tell you how Privileged Access Management systems help control the actions of privileged users with the help of…
Codeby.Games. CTF TASK «ТЕТРИС»/«TETRIS»
Welcome to all CTF and ethical hacking enthusiasts on the Red Team! In this article, we will look at how to complete the easy task TETRIS, developed by pentesters from…
We hacked Google Gemini and downloaded its source code
In 2024, we released a post We Hacked Google A.I. for 50,000, which described how our group consisting of Roni “Lupin” Carta, Joseph “rez0” Tacker, and Justin “Rhynorater”…
In Windows, an 8-year security flaw has been discovered that Microsoft does not want to fix
Ignoring vulnerabilities in operating systems or other software products is fundamentally an unimaginable situation. On the contrary, developers always strive to find…
Overview and market map of ML protection platforms
Security Vision
Exploring the "malicious" RJ45 flash drive
Reverse engineering hardware can be very challenging — but sometimes all it takes is a cozy chair and Google Translate.
"The point is not in the muse and inspiration. The point is in labor." An honest interview with Alexey Lukatsky about the pros and cons of book writing
Hello! Today we decided to remind tekkix readers that Positive Technologies not only research vulnerabilities, write research papers, and develop software for protection…
Prepare your applications, this is a security audit
Hello, tekkix! My name is Yura Petrov, I am the head of development at Friflex and the author of the channel "Mobile Developer".
Detection is easy. Installing OPNSense and configuring NetFlow
Continuing the series of articles. - Detection is easy, dedicated to Detection engineering, which I write about in the Telegram channel of the same name. Today we will…
My first Standoff, or How I looked over the shoulder of a cyber attack investigator
Hello everyone! My name is Sasha Korobko, I have been working at Positive Technologies for more than a year and I am already actively involved in the processes of various…
Debugging the server for the little ones. Introduction
There are people who start thinking about privacy/confidentiality on the vast Internet or already practice it. There are those who do not want to pay for services and…
Making macOS safer
This is a guide about security, not privacy.
Audit of smart contract security in TON: key mistakes and tips
Hello everyone! Sergey Sobolev is here, a specialist in distributed systems security at Positive Technologies, our team is engaged in auditing smart contracts. Today…
Magic links now in Spring Security
The concept of magic links is not new, but for a long time developers did not have a reliable solution with a full-fledged community that would allow them to quickly…
