How to hunt security professionals
In the life of every HR, sooner or later, HE appears... Security professional! And how to approach hunting people for this position is usually unclear.
Information Security
Understanding the Importance of Information Security
How incorrect API development can lead to user deletion
Continuing the story about vulnerabilities discovered by UCSB pentesters and formed the basis of cases at the Pentest Award, we publish an analysis of the following real…
The dark side of IT: sinister stories about passwords, stinginess, and DDoS
When spirits come into our world and magic becomes not just a myth, but something real, anything can happen. For example, all servers suddenly overheat, smoke, and users…
Catch the vulnerability with your own hands: custom annotations of C# code
I think it is no secret to many that vulnerabilities in a project can have an extremely negative impact on it. There are a number of ways to deal with vulnerabilities,…
Built-in security mechanisms of Python frameworks
When conducting software development process audits, we often hear that functionality is implemented in the framework, and this may raise questions from security personnel.
Analysis of vulnerability CVE-2024-38227 in Microsoft SharePoint
On September 10, Microsoft released another set of updates, fixing 79 vulnerabilities in various products. Our attention was drawn to patches for Microsoft SharePoint…
How SPAM appeared — the main booster of cybercrime
Do you like canned food? Or Viagra? You can buy them from us!
25,000 spectators, 6,000 solo participants, and 138 teams in cyber exercises — how CyberCamp 2024 went
A few days ago, we held the main online camp on practical cybersecurity for the third time — CyberCamp 2024. It took place from October 3 to 5 online. Over the course…
Anonymous network in 100 lines of Go code
It has been more than a year since I wrote the article - Anonymous network in 200 lines of Go code. Reviewing it one autumn evening, I realized how terrible everything…
Hacking a robot vacuum cleaner and spying on the owner in real time
A major home robotics manufacturer failed to address the security issues of their robot vacuum cleaners, even though they were warned about the risks last year. Without…
Not only Flipper Zero: a hacker multitool from an old smartphone
They say that laziness is the engine of progress. As for me, competition works better. The ability to freely choose devices, applications, and information is now the…
What does the security of modern applications consist of?
You can find various interpretations of the concept of AppSec on the web. In this article, we will try to understand what should be included in AppSec, what skills are…
AWS Cloud Configuration Security Overview using Nuclei Templates
In the new version v9.8.5, Nuclei Templates have added templates for checking AWS Cloud configuration. In this post, we will discuss automating the verification of incorrect…
Navigation through the challenges of fintech development: from compliance to security
Fintech has truly revolutionized the field of financial services. The accelerated development of technology and the growing interest in digital financial solutions have…
Automation of routine work in forensics: extracting file time attributes by list
Imagine: you have several thousand files, and for each one you need to extract metadata - creation dates, modification dates, and last access. Of course, you can sit…
Dorks in a new way – looking for what is open
When conducting any pentest of a corporate network, one of the actions of white hackers is to search for information that is practically in the public domain: on file…
Evolution of attacks on web resources: what has changed since 2011
BI.ZONE WAF Cyber Threat Analytics and Research Department studied the statistics of attacks on web applications protected by BI.ZONE WAF. We compared this information…