Information Security *

Yesterday I wrote about the graphical shell Launcher for GoodbyeDPI, which allows you to intuitively use the GoodbyeDPI solution from ValdikSS to solve the problem of YouTube throttling and the unavailability of a number of sites in Russia. Everything was fine, but these were solutions only for Windows. In the comments, the main questions were about what to do with Android, Linux, and Mac, and why not in the source code. Alas, the repressions of the RKN (Roskomnadzor) force the Habr administration to censor articles, I am forbidden from making changes to yesterday's article, and the link itself is only available outside of Russia, so I am explaining about Android, Linux, and Mac here, with links to the source code.

So, for Android there are a lot of projects, I liked Release ByeDPI 1.0.0 · dovecoteescapee/ByeDPIAndroid · GitHub. For Mac and Linux I would install https://github.com/xvzc/SpoofDPI/releases. All in source code.

ByeDPI for Android is an application that runs a local VPN service to bypass DPI (Deep Packet Inspection) and censorship. A SOCKS5 proxy ByeDPI is launched locally on your device and all traffic is redirected through it.

In this guide, we will install the v2rayA package on OpenWRT using the stable 23.05.0. A router with at least 128 MB of RAM (256 is preferable) and more than 16 MB of storage is recommended (the installation takes about 30 MB of storage)

v2rayA is a simple-to-use and powerful client focused on Linux. Despite its name, the current version uses xray-core, although it's also possible to use v2ray-core. It has a web interface for managing settings and importing configurations and subscriptions. It supports everything that xray-core supports:

Shadowsocks (incl. 2022), ShadowsocksR, Trojan, Vless (including XTLS-Reality, XHTTP), Vmess, Juicity, Tuic

The guide will include:

1. Installation from the repository

2. Configuring v2rayA and bypassing blocks using Re:filter, Antifilter GeoIP, Geosite

Wireshark is a widely used tool for capturing and analyzing network traffic, actively used for both educational purposes and for troubleshooting computer or network issues. Wireshark works with almost all OSI model protocols, has a user-friendly interface, and a convenient data filtering system. In addition, the program is cross-platform and supports the following operating systems: Windows, Linux, Mac OS X, Solaris, FreeBSD, NetBSD, OpenBSD.

With the rise of privacy threats and constant internet restrictions, using a VPN has become the norm for many users. However, behind the simplicity of connecting lie technical features that can significantly impact

the user experience. One of the key factors is the choice of VPN protocol, which determines the speed, stability, and security level of the connection.

This article will provide a detailed breakdown of the most popular VPN protocols, their features, advantages, and disadvantages, and will also offer examples of how to use each of them.

By the way, I took all the pictures from those, you know, the internets, but I analyzed and explained them myself, just for you :)

It's been two years since I posted a video and a post about how I recovered my friend's Telegram account using JavaScript. Since then, I've helped over a hundred people regain access to their accounts. Then the method stopped working

I decided to gather the important security aspects of your Telegram account in one place.

My second article—an analysis of MAX's network requests and why this analysis is my biggest disappointment! I certainly didn't expect this, but I described everything as it is.

This weekend was all about 'Connection Reset.' While news channels vaguely reported that 'users are complaining about outages,' we were in chats and on test servers trying to understand the physics of the process.

Friends, today I want to share a story that made me believe in miracles for half an hour. And at the same time, I'll break down a new scam scheme that showed me that criminals are evolving too.

Welcome back, dear readers! We are continuing our 'SHKH' series of articles, and today our main course is Telegram. In earlier articles, we looked at ways to find a target user's accounts by their nickname, after which we conducted reconnaissance on their account on the VKontakte social network. At this stage, our important goal is to find out the user's phone number, as the number can be a good starting point for reconnaissance and can reveal even more details about its owner. In the last article we tried to find out the number using a VKontakte page, and in this one, as you might have guessed from the title, we will try to find out as much information as possible about a Telegram account. This material has been edited and republished due to the blocking of the previous material by the RKN (Roskomnadzor) in the Russian Federation.

Disclaimer: All data provided in this article is taken from open sources. It does not call for action and is published solely for familiarization and study of the mechanisms of the technologies used.

We were asked to talk about the protocol technology XHTTP in the context of XRay, VLESS, and others. You asked for it, so here it is!

First, a bit of history. The classic use of VLESS and similar proxy protocols (including with XTLS-Reality) involves the client connecting directly to a proxy server running on some VPS. However, in many countries (including Russia), entire subnets of popular hosting providers have started to be blocked (or throttled), and in other countries, censors have begun to monitor connections to 'single' addresses with high traffic volumes. Therefore, for a long time, ideas of connecting to proxy servers through CDNs (Content Delivery Networks) have been considered and tested. Most often, the websocket transport was used for this, but this option has two major drawbacks: it has one characteristic feature (I won't specify it here to not make the RKN's job easier), and secondly, the number of CDNs that support websocket proxying is not that large, and it would be desirable to be able to proxy through those that do not.

Therefore, first in the well-known Tor project for bridges, the meek transport was invented, which allowed data to be transmitted using numerous HTTP request-response pairs, thus allowing connections to bridges (proxies) through any CDN. A little later, the same transport was implemented in the briefly resurrected V2Ray. But meek has two very significant drawbacks that stem from its operating principle: the speed is very low (in fact, we have half-duplex transmission and huge overhead from constant requests-responses), and due to the huge number of GET/POST requests every second, free CDNs can quickly kick us out, and paid ones can present a hefty bill.

Hello everyone, in this article I will explain how many people manage to bypass whitelists, and what the root of the problem is. If you are a 'newbie' and don't want to bother with all the setup, at the <a href="#services"> end of the article</a> I've listed services that are mentioned in discussions.

Direct connect VLESS + Reality to Europe (Amsterdam, Germany, Finland) is being shaped for almost everyone. TSPU has mastered a new tactic: they don't terminate the session via RST, but simply 'freeze' it. As soon as the data volume in a single TCP session exceeds 15-20 KB, packets stop arriving. The connection hangs until the client times out.

Lately, there has been a flood of comments that goodbyedpi is not working again, so I decided to make instructions for you on 4 working ways to restore goodbyedpi's functionality. It works differently for everyone, so test them out to see which one suits you. Write in the comments what helped you, maybe some of your own values!

Greetings, dear readers! Continuing the SH article series, in this article we decided to focus in more detail on bots in Telegram, as in many cases they are no worse and more effective than common OSINT tools. The bots discussed in this article will mainly concern reconnaissance on Telegram users.

Disclaimer: All data provided in this article is taken from open sources. It does not call for action and is provided for informational purposes only, and for studying the mechanisms of the technologies used.

In a changing network infrastructure, mobile internet users face questions: what resources remain available, and what does this look like on a technical level? This material is the result of a practical study using standard network analysis tools.

No speculation—only measurements, numbers, and technical facts.

Hello everyone!

I, at my own risk, decided to install MAX and see what happens after installation. My research will result in at least 2 articles.

This is the first article. In it, I will compare the permissions requested by the MAX app for Android with the permissions requested by Telegram and WhatsApp.

Today, the major release v2rayN v7.0 was released, and along with it, my series of commits that add support for the "Russia" preset.

For it to work, a Russian source of geo files for v2ray/sing-box/etc. was also created.

This year, like many Habr visitors, I read with great interest the articles by the respected MiraclePtr, learned to apply his ideas and recommendations, and got practical experience with protocols, clients, and graphical panels. For many protocols, there are detailed installation and configuration instructions available to even the most inexperienced users who are just starting to explore the world of Linux.

I finally got around to the protocol briefly described in the article "Modern Anti-Censorship Technologies: V2Ray, XRay, XTLS, Hysteria, Cloak, and Everything Else" — the Hysteria protocol, which has already reached its second version. And I couldn't find a comprehensive Russian-language guide for it, which prompted me to gather all the information in one place once I figured out the main issues of installing and configuring the server and clients for using this protocol to bypass blocking.

The vast majority of the OSINT community is interested in analyzing individuals. Well, so be it. I've prepared a selection of various bots and services for you (GB and others are not included in the list, as even the lazy know about them, and it's not really OSINT anyway).

In the RU segment, VK is the pioneer of social media analysis. Although Telegram has started to move away from being just a messenger, transforming into a social network and gaining more and more popularity, it still doesn't come close to the volume of potentially important information about a target.

— It's worth noting that VKontakte is already starting to die out, and in my opinion, in two or three years, analysis of it will no longer be as relevant as it once was. People are using it noticeably less often. Still, VK remains a key tool for analyzing a person's biography, interests, social circle, origin, etc.

1. 220vk — An old, good, and rather worn-out service that allows you to identify hidden friends, find out who the target has followed/unfollowed, and their interests based on subscriptions to communities and people (with a timeline), as well as what changes have been made to their profile, etc.

2. VKHistoryRobot — A Telegram bot that gives you an idea of what a profile looked like in the past(very useful if the profile is private). It provides information in the form of a brief dump: Full Name; URL; photo.

3. FindClone, search4faces — reverse image search services for VK that allow you to search for a profile using an uploaded photo. Of these two, search4faces is free.

4. Social Graph Bot — a Telegram bot that allows you to build relationship graphs among a list of friends. With this tool, you will understand how diverse the social circle is, who among the friends is a relative, etc.; whether the account is legitimate and if it has connections to any group of people. (There are many applications, here is a guide from habr for you)

You can find even more interesting and educational content on my Telegram channel — @secur_researcher

There are several similar articles on this topic, but while I was trying to recover my account, I never saw this solution, so I decided to post it. I hope it will help someone.

I'll say right away that this situation happened before the 'boom' in the news about Telegram hacks, so it wasn't as well-known.

The whole story began when an acquaintance of mine wrote to me and asked for help in restoring access to her Telegram account. I was immediately surprised because I didn't think Telegram accounts were hacked at all, as login is usually by phone number, and without having the phone, you can only log in with a QR code or a code from the messenger itself.

Well, what could I do? I started trying to log into the account. Naturally, the app made it clear that I wouldn't be able to do so anytime soon.