Pull to refresh
1070.53

Information Security *

Data protection

Show first
Rating limit
Level of difficulty

Карманный Ansible и защита от брутфорс-атак

Level of difficultyEasy
Reading time12 min
Views956

Карманный Ansible и защита от брутфорс-атак

Разворачиваем мобильный сервер Ansible и создаем роли для защиты хостов от брутфорс-атак, используем смартфон для мобильности.

Читать далее
Total votes 5: ↑3 and ↓2+1
Comments0

How to bypass CAPTCHA: Breaking Down a Complex Process in the Simplest Terms

Level of difficultyEasy
Reading time7 min
Views631

CAPTCHA is not just a single word that can be defined; it's an acronym consisting of nine words (and two prepositions): Completely Automated Public Turing Test To Tell Computers and Humans Apart. This mouthful was shortened to the concise CAPTCHA to avoid creating yet another hard-to-pronounce term. Translated into Russian, this abbreviation sounds like "Полностью автоматизированный публичный тест Тьюринга для различения компьютеров и людей" (Fully Automated Public Turing Test to Differentiate Computers and Humans).

Read more
Total votes 1: ↑1 and ↓0+3
Comments1

Formal verification of smart contracts in the ConCert framework

Level of difficultyMedium
Reading time11 min
Views513

Hey! My name's Kirill Ziborov and I'm a member of the Distributed System Security team at Positive Technologies. In this article, I'll be continuing the discussion of methods and tools for the formal verification of smart contracts and their practical application to prevent vulnerabilities. The main focus will be on the deductive verification method, or more precisely, the ConCert framework for testing and verifying smart contracts.

Read more
Total votes 3: ↑3 and ↓0+5
Comments0

CacheBrowser experiment: bypassing the Chinese firewall without a proxy by caching content

Level of difficultyMedium
Reading time7 min
Views863

Today, a significant portion of all content on the Internet is distributed with the use of CDNs (Content Delivery Networks). At the same time, there is no research on how various censors extend their influence on such networks. Scientists from the University of Massachusetts analyzed possible methods of blocking CDN content using the example of the practices of the Chinese authorities, and also developed a tool to bypass such blocks.

We (specialists from proxy service) have prepared an overview material with the main conclusions and results of this experiment (translate of this material).

Read more
Total votes 1: ↑1 and ↓0+3
Comments0

The Salmon Project: how to counter Internet censorship effectively using proxies with user trust levels

Level of difficultyMedium
Reading time5 min
Views482

Governments in many countries restrict citizens' access to information and services on the Internet in one way or another. Combating such censorship is an important and difficult task. Usually simple solutions cannot boast about high reliability or long-term efficiency. More complex methods of overcoming blocks have disadvantages in terms of usability, low performance, or they do not allow you to maintain the quality of Internet use at the proper level.

A group of American scientists from the University of Illinois has developed a new method of overcoming blocks, which is based on the use of proxy technology, as well as segmenting users by trust level to effectively identify agents working for censors. We present you with the main theses of this work.

Description of the approach

Scientists have developed the Salmon tool, a system of proxy servers operated by volunteers from countries without restrictions on Internet use. In order to protect these servers from blocking by censors, the system uses a special algorithm for assigning a level of trust to users.

The method involves exposing potential censor agents that pose as ordinary users in order to find out the IP address of the proxy server and block it. In addition, countering Sybil attacks is carried out through the requirements to provide a link to a valid social network account when registering in the system or to receive a recommendation from a user with a high level of trust.

How it works

It is assumed that the censor is a state–controlled body that has the ability to take control of any router within the country. It is also assumed that the task of the censor is to block access to certain resources, and not to identify users for further arrests. The system cannot prevent such a course of events in any way – the state has plenty of opportunities to find out what services citizens use. One of them is the use of honeypot servers to intercept communications.

It is also assumed that the state has significant resources, including human ones. The censor can solve tasks that require hundreds and thousands of full-time employees.

A few more basic theses:

Read more
Total votes 1: ↑1 and ↓0+3
Comments0

How blocking on the Internet works: an overview of modern methods using a real example

Level of difficultyEasy
Reading time4 min
Views1.2K

A group of Indian scientists has published an overview of modern methods of Internet blocking introduced by government agencies, using the example of their own country. They studied the mechanisms used by Internet service providers restricting access to prohibited information, assessed their accuracy, and the ability to bypass such blocks. We would like to bring to your attention the main theses of this work.

Read more
Total votes 4: ↑4 and ↓0+5
Comments0

Implementing hypervisor-level behavioral analysis in Linux

Level of difficultyMedium
Reading time7 min
Views783

Hey there, Habr! My name is Alexey Kolesnikov. I am a Malware Detection Specialist at the Positive Technologies Expert Security Center (PT ESC). I recently spoke at the AVAR 2023 international conference in Dubai, where I covered new plugins developed by PT ESC for an open-source dynamic malware analysis system named DRAKVUF and demonstrated how they can be used to detect current Linux threats in sandbox for protection against targeted and mass attacks PT Sandbox.

Read on for a brief overview of popular malware monitoring tools for Linux, a description of how our plugins work in DRAKVUF, and a malware analysis that relies on these plugins.

Read more
Total votes 2: ↑1 and ↓10
Comments0

Anonymous identification for groups

Level of difficultyHard
Reading time13 min
Views615

The identification protocol based on the pairing function, resistant to impersonation and compatible with the instant digital signature (IDS) mode, was studied in this article. This protocol uses prover's and verifier's public keys. As a result, there is no anonymity, since certificates including personal data of their owners are issued for the mentioned keys. This article contains a description and analysis of new anonymous identification protocols for groups.

Read more
Rating0
Comments0

Detection of meterpreter sessions in Windows OS

Level of difficultyEasy
Reading time4 min
Views1.3K

Introduction

Hello Habr! This is a translation of my first article, which was born due to the fact that I once played with the types of meterpreter payload from the Metasploit Framework and decided to find a way to detect it in the Windows OS family.

Analysis

I will try to present everything in an accessible and compact way without delving into all the work. To begin with, I decided to create the nth number of useful loads (windows/meterpreter/reverse_tcp, shell/bind_tcp, shell_hidden_bind_tcp, vncinject/reverse_tcp, cmd/windows/reverse_powershell) to analyze what will happen in the system after their injection.

Read more
Rating0
Comments0

ATM security analysis 3.0: PHDays 12 in review

Reading time8 min
Views836

 Python, Java, C++, Delphi, PHP—these programming languages were used create a virtual crypto ATM machine to be tested by the participants of the $NATCH contest at Positive Hack Days 12. The entire code was written by ChatGPT and proved to be exceptionally good. This time, we had reviewed the contest concept and decided to use a report system. In addition to standard tasks (kiosk bypass, privilege escalation, and AppLocker bypass), this year's participants faced new unusual tasks. Read on below to find out which ones.

Read more
Rating0
Comments1

Harnessing the Power of Machine Learning in Fraud Prevention

Level of difficultyMedium
Reading time6 min
Views7.6K

Picture this: A thriving e-commerce platform faces a constant battle against fake reviews that skew product ratings and mislead customers. In response, the company employs cutting-edge algorithms to detect and prevent fraudulent activities. Solutions like these are crucial in the modern digital landscape, safeguarding businesses from financial losses and ensuring a seamless consumer experience.

The industry has relied on rules-based systems to detect fraud for decades. They remain a vital tool in scenarios where continuous collecting of a training sample is challenging, as retraining methods and metrics can be difficult. However, machine learning outperforms rules-based systems in detecting and identifying attacks when an ongoing training sample is available.

With advancements in machine learning, fraud detection systems have become more efficient, accurate, and adaptable. In this article, I will review several ML methods for preventing fraudulent activities and discuss their weaknesses and advantages.

Read more
Total votes 11: ↑11 and ↓0+11
Comments1

On Schnorr identification protocol compatibility with instant digital signature mode

Reading time6 min
Views569

The article describes the interactive Schnorr identification protocol (hereinafter referred to as the Schnorr protocol) and formulates the problem of compatibility of this protocol with the instant digital signature (IDS) mode. This post shows how to modify the Schnorr protocol to provide such compatibility.

Read more
Rating0
Comments0

Business Continuity and Operation Resilience on paper vs. for real

Level of difficultyEasy
Reading time7 min
Views596

Hello, my reading friends!

My previous post (rus) on Habr was about how the Business Continuity Management function started, as well as about its relations with other corporate functions. In fact, it was quite theoretical.

This time, I’d like to tell you about some practical vectors of procedures and tools implementation as regards to Business Continuity Management, or BCM, along with Operational Resilience, or OpRes. Plus some real initiatives that can follow the BCM & OpRes implementation in a company and the associated with it investigation of the corporate landscape and procedures.

More about initiatives for integration
Rating0
Comments1

BCM & Operational resilience: yesterday, today, and tomorrow. Where has it come from and what comes next?

Level of difficultyEasy
Reading time11 min
Views626

Recently, The BCI, one of the leading institutes working in the field of organizational resilience and business continuity, issued its regular report BCI Operational Resilience Report 2023 in collaboration with Riskonnect, who work with risk management solutions.

One of the questions they asked the respondents was if there was a difference between organizational resilience and operational resilience. As the answers demonstrated, for most respondents (and in most companies) these terms were used as synonyms. Having studied the report, the colleagues brought up another matter – The BCI introduced the new term of "organizational resilience" in addition to "business continuity" and "operational resilience".

If we search Habr for "Business Continuity", "DRP", "BCP", or "BIA", we’ll find quite enough posts by my colleagues (I’ve met some of them face to face and worked with the others) about data system recovery, data system testing, fault-tolerant infrastructure, and some other things. Yet, hardly any of them explain where all of it has come from, how it is changing, where it is heading – and why.

I thought the time has come to change the situation for the better and answer some of the questions like where business continuity provisions and operational resilience has come from, how they are changing, and where this trend is heading and why. To share my thoughts about development of the industry and its current de-facto state in case of a mature (or not too mature) introduction level – some things I’ve stated for my own use.

Intersections BCM & corporate functions
Rating0
Comments0

How to Set Up a Custom Domain and Get a Free SSL Certificate on Firebase

Level of difficultyEasy
Reading time2 min
Views1.7K

In my previous article, I showed you how to deploy your project to Firebase and use it for free. Now, let’s explore additional benefits of Firebase. In the upcoming article, I will show you how to set up a custom domain name for your project and utilize a free SSL certificate from Firebase.

Read more
Rating0
Comments1

How we built a Cyber Immune product using an open source library: stages, pitfalls, solutions

Reading time11 min
Views751
Do you remember how, even before the pandemic set in, companies were striving to provide secure perimeter access for their telecommuters? Especially if super sensitive data was involved such as accounting information or corporate documents. The solutions were complex, bulky and expensive. Can you imagine just how critical it has become now?!

image

My name is Sergey Yakovlev, and I'm the head of the Kaspersky Thin Client project based on our proprietary operating system, KasperskyOS. A thin client is one of the main components of a virtual desktop infrastructure, which is a remote desktop access system. In this article, I will use such a client as an example of how you can build a secure (yet commercially viable!) product. I will cover the stages, the stumbling blocks, the problems and solutions. Let's go!
Read more →
Total votes 1: ↑1 and ↓0+1
Comments0

Q4 2022 DDoS Attacks and BGP Incidents

Reading time7 min
Views1.8K

Now that 2022 has come to an end, we would like to share the DDoS attack mitigation and BGP incident statistics for the fourth quarter of the year, which overall saw unprecedented levels of DDoS attack activity across all business sectors.

In 2022, DDoS attacks increased by 73.09% compared to 2021. 

Let's take a closer look at the Q4 2022 data.

Read more
Total votes 7: ↑7 and ↓0+7
Comments0
1
23 ...

Authors' contribution