Not only Flipper Zero: a hacker multitool from an old smartphone
They say that laziness is the engine of progress. As for me, competition works better. The ability to freely choose devices, applications, and information is now the…
Information Security
Understanding the Importance of Information Security
What does the security of modern applications consist of?
You can find various interpretations of the concept of AppSec on the web. In this article, we will try to understand what should be included in AppSec, what skills are…
AWS Cloud Configuration Security Overview using Nuclei Templates
In the new version v9.8.5, Nuclei Templates have added templates for checking AWS Cloud configuration. In this post, we will discuss automating the verification of incorrect…
Navigation through the challenges of fintech development: from compliance to security
Fintech has truly revolutionized the field of financial services. The accelerated development of technology and the growing interest in digital financial solutions have…
Automation of routine work in forensics: extracting file time attributes by list
Imagine: you have several thousand files, and for each one you need to extract metadata - creation dates, modification dates, and last access. Of course, you can sit…
Dorks in a new way – looking for what is open
When conducting any pentest of a corporate network, one of the actions of white hackers is to search for information that is practically in the public domain: on file…
Evolution of attacks on web resources: what has changed since 2011
BI.ZONE WAF Cyber Threat Analytics and Research Department studied the statistics of attacks on web applications protected by BI.ZONE WAF. We compared this information…
Detection of DGA domains or a test task for the position of intern ML-engineer
In this article, we will consider a simple task that is used by one company as a test task for interns for the position of ML-engineer.
To the collection of BGP vulnerabilities — how the Kirin attack works
Over the years of the protocol's existence, many vulnerabilities have been identified in it. And recently, a group of researchers found a new one. We explain what this…
SCA in the language of a security specialist
Recently, within the company, we have had several enthusiasts interested in DevSecOps for completely different reasons. Someone was asked an uncomfortable question by…
Analysis of vulnerability CVE-2024-7965
On August 21, the Chrome browser received an update that fixed 37 security-related bugs. The attention of researchers around the world was drawn to the vulnerability…
Social engineering or how the efforts of security professionals are shattered by the human factor
Information security specialists create systems that resist cyberattacks. They implement firewalls, configure monitoring, write security policies, and train employees.…
Do we allow our applications too much?
Many people have photos of their passport, driver's license, and child's birth certificate on their phone. But not everyone realizes how easy it is to access them. One…
Arbitrary File Write
The world of vulnerabilities is quite diverse. Usually, hackers try to achieve their goals using arbitrary code execution vulnerabilities, the very abbreviation RCE.…
How to check for phone surveillance. Myths and reality
In this article, we have collected the main "symptoms" of mobile surveillance that we found on the Internet. Each of them is commented on by a specialist in the field…