Immersion in Kubernetes Network Policies
Hello, tekkix! My name is Suleiman, and I am a Senior Software Engineer with over 10 years of programming experience. I develop complex web services that can scale and…
Security
Discover the latest news, reviews, and best practices in information security. Stay updated on cybersecurity threats, protection strategies, and innovations in safeguarding data
GEOINT Challenge: geolocation of street art in Dominica
In September, UnShelledSec posted an interesting post on X, the goal of which was to find the exact location based on just one picture, a task that is not easy, but Ron…
"Thinking about how to leak and not get caught": IB analyst on how to learn to see an incident
Hello, tekkix! We continue to share interviews with our colleagues, whose stories especially captivate us - and we hope they will seem interesting to you too. In honor…
IaC and DevSecOps: choosing the best tools for infrastructure code analysis and protection
Hello, readers! Anastasia Berezovskaya, an application development security engineer at Swordfish Security, is with you. Today we will once again talk about the features…
Enhancing Linux Server Protection from Threats and Attacks
Linux as a server OS is considered a guarantee of reliability and security, it is popular with companies and ordinary users. However, no system is completely impervious…
Key to all doors: how a backdoor was found in the most secure* access cards
You apply the key card to the reader, and the office door opens. But what if such a pass can be hacked and copied by anyone?
How to hunt security professionals
In the life of every HR, sooner or later, HE appears... Security professional! And how to approach hunting people for this position is usually unclear.
Encryption of backups using age and the value of simplicity
I will briefly introduce the age encryption tool. We will learn to encrypt both personal and corporate backups with one simple command, and then argue about why openssl…
How incorrect API development can lead to user deletion
Continuing the story about vulnerabilities discovered by UCSB pentesters and formed the basis of cases at the Pentest Award, we publish an analysis of the following real…
Improving the security of your CI/CD through Shared Docker executor and OPA plugin
Hello, tekkix! The security team of the Platform, led by its team leader Vladimir Bukin, is in touch. The main task of our team is to protect CI/CD and, in particular,…
Fraud Based on Trusted Data
The profession of a fraudster is highly competitive: to stay afloat and be economically efficient, poor fellows must keep up with trends and respond quickly to changes.…
Bypassing Github access restriction to the Trivy vulnerability database. Quick fix to help you
Recently, developers using the Trivy image scanner encountered the TOOMANYREQUESTS error. It occurred due to the maximum number of tool users and the download rate limit…
Revealing Privileges: How PAM Helps Identify Hidden Risks
In the article, we will talk about the PAM class solution, as well as consider who privileged users are and what key role they play in managing access to critical systems…
Artificial Intelligence in Information Security: Increasing Business Efficiency and Profitability
Artificial intelligence has already firmly entered the arsenal of modern business tools. Its application is now the norm, not the exception. AI effectively solves the…
Application of SIEM for incident investigation
Identifying incidents is one of the main tasks of information security specialists. Incidents can be detected in various ways. For example, you can manually analyze event…
The dark side of IT: sinister stories about passwords, stinginess, and DDoS
When spirits come into our world and magic becomes not just a myth, but something real, anything can happen. For example, all servers suddenly overheat, smoke, and users…
To bind or not to bind: how we manage the identity of corporate "Macs"
Hello! My name is Pavel, and I am the head of office IT infrastructure at Yandex. For more than a year of my work, to one degree or another, I have dedicated myself to…
