• Qrator Labs' Value Partnership Programs

      Why is it valuable to get into the Qrator Labs partnership program?

      In Qrator Labs, we firmly believe that working together brings a better result. Which is the reason why, for years, we were trying to find meaningful partnerships with all kinds of companies. They either seek to provide their existing customers with the top-notch DDoS mitigation technology developed at Qrator Labs with many additional ecosystem solutions or want to succeed the other way around. By getting their product available for Qrator Labs' customers by integrating into the Qrator anycast filtering network.

      Read more
    • GDB Tutorial for Reverse Engineers: Breakpoints, Modifying Memory and Printing its Contents

      • Tutorial

      GDB is THE debugger for Linux programs. It’s super powerful. But its user-friendliness or lack thereof can actually make you throw your PC out of the window. But what’s important to understand about GDB is that GDB is not simply a tool, it’s a debugging framework for you to build upon. In this article, I’m gonna walk you through GDB setup for reverse engineering and show you all of the necessary commands and shortcuts for your debugging workflow.

      Читать далее
    • Paper-based TOTP tokens

        Enterprise policies are different, and in some cases weird. In this article, we will describe a very unusual problem raised by one of our customers. In a nutshell, the organization does not allow bringing any devices onsite, no smartphones, no mobile phones, and even no hardware tokens are allowed on-premises. At the same time, the organization is using Office 365 services from Microsoft and has enforced multi-factor authentication for all users to be activated.

        To address this issue, our research and development team has spent some time and found a solution, which is a paper-based TOTP token. We are hereby presenting the solution, which is available for free (well, if you don't count the paper and ink cost).

        Our solution is a web-based tool that generates the list of one-time passwords (OTPs) for an arbitrary seed. The list can be printed out and handed over to the end-users to serve as their second factor for authenticating in Azure AD with multi-factor authentication enabled. To associate this paper TOTP token with a user, you can follow the same procedure as with the regular TOTP tokens.

        The procedure is simple, you enter the seed and click on submit to get the list generated. You will get a printable list similar to the one shown below for the next few days. By changing the number of future OTPs you can make the list longer or shorter.

        Read more
      • How to Start Reverse Engineering in 2021

          Reverse engineering might seem so complex, that not everyone has the bravery required to tackle it. But is it really that hard? Today we are gonna dive into the process of learning how to reverse engineer.

          First of all, try to answer yourself, what are you hoping to achieve with reverse engineering? Because reverse engineering is a tool. And you should choose the right tool for your task. So when reverse engineering might be useful?

          Read more
        • 2020 Network Security and Availability Report

            By the beginning of 2021, Qrator Labs filtering network expands to 14 scrubbing centers and a total of 3 Tbps filtering bandwidth capacity, with the San Paolo scrubbing facility fully operational in early 2021;

            New partner services fully integrated into Qrator Labs infrastructure and customer dashboard throughout 2020: SolidWall WAF and RuGeeks CDN;

            Upgraded filtering logic allows Qrator Labs to serve even bigger infrastructures with full-scale cybersecurity protection and DDoS attacks mitigation;

            The newest AMD processors are now widely used by Qrator Labs in packet processing.

            DDoS attacks were on the rise during 2020, with the most relentless attacks described as short and overwhelmingly intensive.

            However, BGP incidents were an area where it was evident that some change was and still is needed, as there was a significant amount of devastating hijacks and route leaks.

            In 2020, we began providing our services in Singapore under a new partnership and opened a new scrubbing center in Dubai, where our fully functioning branch is staffed by the best professionals to serve local customers.

            Read more
          • Example of How New Diagnostics Appear in PVS-Studio

              PVS-Studio new C++ rule


              Users sometimes ask how new diagnostics appear in the PVS-Studio static analyzer. We answer that we draw inspiration from a variety of sources: books, coding standards, our own mistakes, our users' emails, and others. Recently we came up with an interesting idea of a new diagnostic. Today we decided to tell the story of how it happened.

              Read more →
            • PVS-Studio 7.12 New Features for Finding Safety and Security Threats

                Security. What does this word mean to you? Nowadays, companies spare no effort to ensure that their product is secured from hacking and all sorts of information leaks. PVS-Studio decided to help its users and expand the functionality in this area. Therefore, one of the main innovations of the upcoming release will be the introduction of analyzer new features which will ensure code safety and security. This article aims to present these features.

                Read More
              • Ads
                AdBlock has stolen the banner, but banners are not teeth — they will be back

                More
              • PVS-Studio, Blender: Series of Notes on Advantages of Regular Static Analysis of Code

                  PVS-Studio and Blender


                  In our articles, we regularly repeat an important idea: a static analyzer should be used regularly. This helps detect and cheaply fix many errors at the earliest stage. It looks nice in theory. As we know, actions still speak louder than words. Let's look at some recent bugs in new code of the Blender project.

                  Read more →
                • Top 7 Technology Trends to Look out for in 2021

                  Technology is as adaptable and compatible as mankind; it finds its way through problems and situations. 2020 was one such package of uncertain events that forced businesses to adapt to digital transformation, even to an extent where many companies started to consider the remote work culture to be a beneficiary long-term model. Technological advancements like Hyper automation, AI Security, and Distributed cloud showed how any people-centric idea could rule the digital era. The past year clearly showed the boundless possibilities through which technology can survive or reinvent itself. With all those learnings let's deep-dive and focus on some of the top technology trends to watch out for in 2021.

                  Read more
                • Date Processing Attracts Bugs or 77 Defects in Qt 6

                    PVS-Studio & Qt 6


                    The recent Qt 6 release compelled us to recheck the framework with PVS-Studio. In this article, we reviewed various interesting errors we found, for example, those related to processing dates. The errors we discovered prove that developers can greatly benefit from regularly checking their projects with tools like PVS-Studio.

                    Read more →
                  • Enrolling and using Token2 USB Security keys with UserLock MFA

                      UserLock provides two-factor authentication & access management for Windows Active Directory. By adding two-factor authentication, contextual restrictions and real-time insight around logons, UserLock helps administrators to secure, monitor and respond to all users' access, UserLock reduces the risk of external attacks and internal security breaches while helping to address regulatory compliance.

                      Read more
                    • Architectural approaches to authorization in server applications: Activity-Based Access Control Framework

                      • Translation

                      This article is about security. I’ll focus on this in the context of web applications, but I’ll also touch on other types of applications. Before I describe approaches and frameworks, I want to tell you a story.


                      Background


                      Throughout my years working in the IT sphere, I’ve had the opportunity to work on projects in a variety of fields. Even though the process of authenticating requirements remained relatively consistent, methods of implementing the authorization mechanism tended to be quite different from project to project. Authorization had to be written practically from scratch for the specific goals of each project; we had to develop an architectural solution, then modify it with changing requirements, test it, etc. All this was considered a common process that developers could not avoid. Every time someone implemented a new architectural approach, we felt more and more that we should come up with a general approach that would cover the main authorization tasks and (most importantly) could be reused on other applications. This article takes a look at a generalized architectural approach to authorization based on an example of a developed framework.


                      Approaches to Creating a Framework


                      As usual, before developing something new, we need to decide what problems we’re trying to solve, how the framework will help us solve them, and whether or not there is already a solution to these issues. I’ll walk you through each step, starting with identifying issues and describing our desired solution.


                      We’re focusing on two styles of coding: imperative and declarative. Imperative style is about how to get a result; declarative is about what you want to get as a result.

                      Read more →
                    • Espressif IoT Development Framework: 71 Shots in the Foot

                        0790_Espressif_IoT_Development_Framework/image1.png
                        One of our readers recommended paying heed to the Espressif IoT Development Framework. He found an error in the project code and asked if the PVS-Studio static analyzer could find it. The analyzer can't detect this specific error so far, but it managed to spot many others. Based on this story and the errors found, we decided to write a classic article about checking an open source project. Enjoy exploring what IoT devices can do to shoot you in the foot.

                        Read more →
                      • ONLYOFFICE Community Server: how bugs contribute to the emergence of security problems

                          image1.png

                          Server-side network applications rarely get the chance to join the ranks of our reviews of errors found in open source software. This is probably due to their popularity. After all, we try to pay attention to the projects that readers themselves offer us. At the same time, servers often perform very important functions, but their performance and benefits remain invisible to most users. So, by chance, the code of ONLYOFFICE Community Server was checked. It turned out to be a very fun review.
                          Read more →
                        • Russian microcontroller K1986BK025 based on the RISC-V processor core for smart electricity meters

                          • Translation
                          Welcome to RISC-V era!

                          Solutions based on the open standard instruction set architecture RISC-V are currently increasing their presence on the market. Microcontrollers from Chinese colleagues are already in serial production; Microchip is offering interesting solutions with FPGA on board. The ecosystem of software and design tools for this architecture are also growing. Seeming previously unshaken leaders have more often found themselves in resale ads, while young startups attract multi-million investments. Milandr also got involved in this race and today began supplying interested companies with samples of its new K1986BK025 microcontroller based on the RISC-V processor core for electricity meters. Well here we go, pictures, characteristics and other information, as well as a little bit of hype under the cut.


                          Read more →
                        • SIEM Solutions Overview (Security Information and Event Management)


                          Modern corporate IT infrastructure consists of many systems and components. And monitoring their work individually can be quite difficult — the larger the enterprise is, the more burdensome these tasks are. But there are the tools, which collect reports on the work of the entire corporate infrastructure — SIEM (Security Information and Event Management) system in one place. Read the best of such products according to Gartner experts in our review, and learn about the main features from our comparison table.
                          Read more →
                        • Checking Clang 11 with PVS-Studio

                            PVS-Studio: I'm still worthy

                            Every now and then, we have to write articles about how we've checked another fresh version of some compiler. That's not really much fun. However, as practice shows, if we stop doing that for a while, folks start doubting whether PVS-Studio is worth its title of a good catcher of bugs and vulnerabilities. What if the new compiler can do that too? Sure, compilers evolve, but so does PVS-Studio – and it proves, again and again, its ability to catch bugs even in high-quality projects such as compilers.
                            Read more →
                          • Why code reviews are good, but not enough

                              image1.png

                              Code reviews are definitely necessary and useful. It's a way to impart knowledge, educate, control a task, improve code quality and formatting, fix bugs. Moreover, you can notice high-level errors related to the architecture and algorithms used. So it's a must-have practice, except that people get tired quickly. Therefore, static analysis perfectly complements reviews and helps to detect a variety of inconspicuous errors and typos. Let's look at a decent example on this topic.
                              Read more →