All streams

Welcome back, dear readers! We are continuing our 'SHKH' series of articles, and today our main course is Telegram. In earlier articles, we looked at ways to find a target user's accounts by their nickname, after which we conducted reconnaissance on their account on the VKontakte social network. At this stage, our important goal is to find out the user's phone number, as the number can be a good starting point for reconnaissance and can reveal even more details about its owner. In the last article we tried to find out the number using a VKontakte page, and in this one, as you might have guessed from the title, we will try to find out as much information as possible about a Telegram account. This material has been edited and republished due to the blocking of the previous material by the RKN (Roskomnadzor) in the Russian Federation.

Disclaimer: All data provided in this article is taken from open sources. It does not call for action and is published solely for familiarization and study of the mechanisms of the technologies used.

The most interesting finance and tech news from Russia and the world for the week: RKN blocked FaceTime, Snapchat, and Roblox, visa-free travel with China and Saudi Arabia, Russia was added to the EU's money laundering blacklist, home surveillance cameras were hacked in South Korea, Musk's Twitter was fined in Europe, and rumors of a 'garlic' model from OpenAI.

For the past couple of months, the real estate market has been in an uproar: everyone is afraid of demonic granny-owners who seize apartments through the courts from unsuspecting buyers. In this comprehensive guide, we will break down all aspects of this problem with a professional litigation lawyer: from chilling court stories to the most reliable ways to protect yourself from such risks. In short, it's going to be fun!

We were asked to talk about the protocol technology XHTTP in the context of XRay, VLESS, and others. You asked for it, so here it is!

First, a bit of history. The classic use of VLESS and similar proxy protocols (including with XTLS-Reality) involves the client connecting directly to a proxy server running on some VPS. However, in many countries (including Russia), entire subnets of popular hosting providers have started to be blocked (or throttled), and in other countries, censors have begun to monitor connections to 'single' addresses with high traffic volumes. Therefore, for a long time, ideas of connecting to proxy servers through CDNs (Content Delivery Networks) have been considered and tested. Most often, the websocket transport was used for this, but this option has two major drawbacks: it has one characteristic feature (I won't specify it here to not make the RKN's job easier), and secondly, the number of CDNs that support websocket proxying is not that large, and it would be desirable to be able to proxy through those that do not.

Therefore, first in the well-known Tor project for bridges, the meek transport was invented, which allowed data to be transmitted using numerous HTTP request-response pairs, thus allowing connections to bridges (proxies) through any CDN. A little later, the same transport was implemented in the briefly resurrected V2Ray. But meek has two very significant drawbacks that stem from its operating principle: the speed is very low (in fact, we have half-duplex transmission and huge overhead from constant requests-responses), and due to the huge number of GET/POST requests every second, free CDNs can quickly kick us out, and paid ones can present a hefty bill.

Hello everyone, in this article I will explain how many people manage to bypass whitelists, and what the root of the problem is. If you are a 'newbie' and don't want to bother with all the setup, at the <a href="#services"> end of the article</a> I've listed services that are mentioned in discussions.

Direct connect VLESS + Reality to Europe (Amsterdam, Germany, Finland) is being shaped for almost everyone. TSPU has mastered a new tactic: they don't terminate the session via RST, but simply 'freeze' it. As soon as the data volume in a single TCP session exceeds 15-20 KB, packets stop arriving. The connection hangs until the client times out.

In 2025, sexting has become a real trend thanks to sexting neural networks and convenient platforms that make online intimate messaging safe and exciting. With the development of artificial intelligence, online sexting has turned into an art where everyone can enjoy virtual flirting without risk. I tested dozens of services and selected the TOP 10 bots and apps for sexting in Russian, evaluating them based on convenience, anonymity, and the quality of sexual correspondence. These sexting services offer everything: from anonymous sexting to virtual sex chat with self-destructing photos. Let's figure out which sexting chatbots and platforms are worthy of your attention and how they work.

Lately, there has been a flood of comments that goodbyedpi is not working again, so I decided to make instructions for you on 4 working ways to restore goodbyedpi's functionality. It works differently for everyone, so test them out to see which one suits you. Write in the comments what helped you, maybe some of your own values!

Ten years ago, I wrote a couple of articles - How to download the latest Office from the Microsoft website without any App-V / Habr (habr.com) and How to download Microsoft Office 16 from the Microsoft website / Habr (habr.com), using the then little-known Office Deployment Tool.

Time flies. After Office 2016 came Office 2019, Office 2021, and now it's time for Office 2024. Well, let's see what has changed in terms of downloading, installing, and activating the product over the past ten years.

First, let's talk about the versions and editions of Microsoft Office. To avoid being too meticulous in the description, I'll briefly state the most important thing: over the years, the Office lineup has evolved. There are different subscriptions and update plans, new features appear in new versions, and bug fixes and patches for found vulnerabilities are released for older versions.

Microsoft has long since switched to a system of distributing Office family products through various so-called "channels," depending on how often you want to receive new features and updates.

The key difference in the current download and installation of Office from what was relevant in the days of Office 2016 is that you must determine which distribution channel you are going to use - that is, from which channel you are going to install the product itself. For those who would like to study the different distribution channels in detail, I suggest reading the original source - Office updates - Office release notes | Microsoft Learn. For the rest, I'll summarize briefly - Microsoft now prefers to sell everyone a subscription to Microsoft 365 (what was previously called Office 365), with regularly updated features under the so-called Modern Lifecycle Policy. The consumer (boxed, retail) versions of Office 2021 are also distributed under this modern policy. Office 2021, for example, is only supported until October 13, 2026. And older versions follow the so-called Fixed Lifecycle Policy, under which Office 2016 and Office 2019 are only supported until October 14, 2025. In general, they will not stop working after that date, but they will stop receiving updates. And for those of you who use email services based on Microsoft Outlook.com or Office365, and possibly Microsoft Exchange users, with updates released after October 14, 2025, it's time to think about upgrading.

Greetings, dear readers! Continuing the SH article series, in this article we decided to focus in more detail on bots in Telegram, as in many cases they are no worse and more effective than common OSINT tools. The bots discussed in this article will mainly concern reconnaissance on Telegram users.

Disclaimer: All data provided in this article is taken from open sources. It does not call for action and is provided for informational purposes only, and for studying the mechanisms of the technologies used.

In a changing network infrastructure, mobile internet users face questions: what resources remain available, and what does this look like on a technical level? This material is the result of a practical study using standard network analysis tools.

No speculation—only measurements, numbers, and technical facts.

Hello everyone!

I, at my own risk, decided to install MAX and see what happens after installation. My research will result in at least 2 articles.

This is the first article. In it, I will compare the permissions requested by the MAX app for Android with the permissions requested by Telegram and WhatsApp.

Yes, this is an article about how to install Windows 11 correctly. This process is now accompanied by so much voodoo that, I swear, it's easier to install Arch. So I decided to get all my knowledge on this subject out of my head and into an article.

Today, the major release v2rayN v7.0 was released, and along with it, my series of commits that add support for the "Russia" preset.

For it to work, a Russian source of geo files for v2ray/sing-box/etc. was also created.

This year, like many Habr visitors, I read with great interest the articles by the respected MiraclePtr, learned to apply his ideas and recommendations, and got practical experience with protocols, clients, and graphical panels. For many protocols, there are detailed installation and configuration instructions available to even the most inexperienced users who are just starting to explore the world of Linux.

I finally got around to the protocol briefly described in the article "Modern Anti-Censorship Technologies: V2Ray, XRay, XTLS, Hysteria, Cloak, and Everything Else" — the Hysteria protocol, which has already reached its second version. And I couldn't find a comprehensive Russian-language guide for it, which prompted me to gather all the information in one place once I figured out the main issues of installing and configuring the server and clients for using this protocol to bypass blocking.

Telegram is a messenger with a powerful API that allows you to create the most complex bots. Here you can find an assistant for any purpose: to recommend a movie, write a to-do list for the day, and even chat in English. But the problem is that there is no search for bots in TG, so even the coolest tools often go unnoticed.

My team and I have tested dozens of services and selected the most useful bots in Telegram that make life easier. At the time of this article's publication, they are all functional, and almost all of them are free.

I write a lot about OpenWrt and often get questions about which router to get for this OS. Last year I already did a review of routers best suited for OpenWrt. Back then, the selection wasn't very large, but now things have changed for the better. That's why I've made a new, up-to-date breakdown for those who don't know which router to choose.

A router, like any other device, should be bought to fit your needs. For example, Linux users are used to buying laptops specifically for Linux, not just the first one they see. It's the same here: if you need OpenWrt, you should also choose a router wisely, and not hope that custom firmware will turn a 700-ruble router into a gem.

In 2023 and 2024, interesting routers have appeared that are already supported by the OpenWrt project. These routers are based on ARM processors. Such routers have been released by several companies, and their number will only increase going forward.

I'm sure many Habr readers are familiar with this method, as it's not new. To save you time, I'll just say two words: comss DNS.

Everyone else - welcome under the cut :-)

The vast majority of the OSINT community is interested in analyzing individuals. Well, so be it. I've prepared a selection of various bots and services for you (GB and others are not included in the list, as even the lazy know about them, and it's not really OSINT anyway).

In the RU segment, VK is the pioneer of social media analysis. Although Telegram has started to move away from being just a messenger, transforming into a social network and gaining more and more popularity, it still doesn't come close to the volume of potentially important information about a target.

— It's worth noting that VKontakte is already starting to die out, and in my opinion, in two or three years, analysis of it will no longer be as relevant as it once was. People are using it noticeably less often. Still, VK remains a key tool for analyzing a person's biography, interests, social circle, origin, etc.

1. 220vk — An old, good, and rather worn-out service that allows you to identify hidden friends, find out who the target has followed/unfollowed, and their interests based on subscriptions to communities and people (with a timeline), as well as what changes have been made to their profile, etc.

2. VKHistoryRobot — A Telegram bot that gives you an idea of what a profile looked like in the past(very useful if the profile is private). It provides information in the form of a brief dump: Full Name; URL; photo.

3. FindClone, search4faces — reverse image search services for VK that allow you to search for a profile using an uploaded photo. Of these two, search4faces is free.

4. Social Graph Bot — a Telegram bot that allows you to build relationship graphs among a list of friends. With this tool, you will understand how diverse the social circle is, who among the friends is a relative, etc.; whether the account is legitimate and if it has connections to any group of people. (There are many applications, here is a guide from habr for you)

You can find even more interesting and educational content on my Telegram channel — @secur_researcher