Pull to refresh
Show first

IDS Bypass at Positive Hack Days 11: writeup and solutions

Positive Technologies corporate blog Information Security *Network technologies *CTF *

The IDS Bypass contest was held at the Positive Hack Days conference for the third time (for retrospective, here's . This year we created six game hosts, each with a flag. To get the flag, participants had either to exploit a vulnerability on the server or to fulfill another condition, for example, to enumerate lists of domain users.

The tasks and vulnerabilities themselves were quite straightforward. The difficulty laid in bypassing the IDS: the system inspected network traffic from participants using special rules that look for attacks. If such a rule was triggered, the participant's network request was blocked, and the bot sent them the text of the triggered rule in Telegram.

And yes, this year we tried to move away from the usual CTFd and IDS logs towards a more convenient Telegram bot. All that was needed to take part was to message the bot and pick a username. The bot then sent an OVPN file to connect to the game network, after which all interaction (viewing tasks and the game dashboard, delivering flags) took place solely through the bot. This approach paid off 100%!

Подробнее
Total votes 3: ↑3 and ↓0 +3
Views 775
Comments 0

PHDays 11: bootkit infection, sanitizers for the Linux kernel, the new face of OSINT, and phishing on official websites

Positive Technologies corporate blog Configuring Linux *Information Security *Programming *Conferences

Positive Hack Days 11 will begin in a matter of weeks. This international forum on practical security will be held on May 18–19 in Moscow.

As per tradition, PHDays will have three big tracks dedicated to countering attacks (defensive), protection through attack (offensive), and the impact of cybersecurity on business. It is our pleasure to present the first talks.

Read more
Total votes 1: ↑0 and ↓1 -1
Views 721
Comments 0

On the recent vulnerability in Diebold Nixdorf ATMs

Positive Technologies corporate blog Information Security *Cryptography *Reverse engineering *Programming microcontrollers *

Hi there! A while ago, Positive Technologies published the news that ATMs manufactured by Diebold Nixdorf (previously known as Wincor), or more specifically, the RM3 and CMDv5 cash dispensers, contained a vulnerability which allowed attackers to withdraw cash and upload modified (vulnerable) firmware. And since my former colleague Alexei Stennikov and I were directly involved in finding this vulnerability, I would like to share some details.

Read more
Total votes 5: ↑5 and ↓0 +5
Views 2.7K
Comments 2

How to detect a cyberattack and prevent money theft

Positive Technologies corporate blog Information Security *Programming *Research and forecasts in IT *

Money theft is one of the most important risks for any organization, regardless of its scope of activity. According to our data, 42% of cyberattacks on companies are committed to obtain direct financial benefits.  You can detect an attack at various stages—from network penetration to the moment when attackers start withdrawing money.  In this article, we will show how to detect an attack at each of its stages and minimize the risk, as well as analyze two common scenarios of such attacks: money theft manually using remote control programs and using special malware—a banking trojan.

Read more
Rating 0
Views 1.4K
Comments 0

Positive Technologies Brings ‘Hackable City’ to Life in The Standoff Cyberbattle at HITB+ CyberWeek

Positive Technologies corporate blog Information Security *Sport programming *
Attackers and defenders to face off in digital metropolis security challenge featuring real-world critical infrastructure and technologies.



Cybersecurity experts at Positive Technologies and Hack In The Box are inviting red and blue team security specialists to test their skills attacking and defending a full-scale modern city at The Standoff Cyberbattle held during HITB+ CyberWeek. This mock digital metropolis with full IT and OT infrastructure including traffic systems, electrical plants, and transportation networks will feature all the latest technologies used in actual critical infrastructure installations, allowing players to expose security issues and the impact they might have on the real world.
Read more →
Total votes 15: ↑14 and ↓1 +13
Views 927
Comments 0

Detecting Web Attacks with a Seq2Seq Autoencoder

Positive Technologies corporate blog Information Security *Machine learning *
image

Attack detection has been a part of information security for decades. The first known intrusion detection system (IDS) implementations date back to the early 1980s.

Nowadays, an entire attack detection industry exists. There are a number of kinds of products—such as IDS, IPS, WAF, and firewall solutions—most of which offer rule-based attack detection. The idea of using some kind of statistical anomaly detection to identify attacks in production doesn’t seem as realistic as it used to. But is that assumption justified?
Read more →
Total votes 23: ↑22 and ↓1 +21
Views 4.8K
Comments 0

Information

Founded
2002
Location
Россия
Website
www.ptsecurity.com
Employees
1,001–5,000 employees
Registered
Representative