My name is Ilya and I’m a Core Developer at Bright Security. In Bright we work on a DAST (Dynamic Application Security Testing) solution that helps development teams find and fix vulnerabilities early, straight from CI/CD. My own path began in full-stack engineering, but almost a decade of shipping production code drew me ever deeper into application security. In this article I’m explaining key approaches on what SAML actually is and how we detect it in Bright using DAST.
For people familiar with the term DPI (Deep Packet Inspection), it often carries an unpleasant association: blocking, regulators, censorship, tightening controls. In reality, DPI is simply the name of a technology whose essence lies in the deep analysis of network traffic. Deep traffic analysis involves identifying protocols, extracting the most significant fields and metadata, classifying internet services, and analyzing the nature of network flows. I will explain how such solutions work in this article.
Hi to everyone!
I'm new here. Someone told me that Habr is like russian reddit for developers (and maybe not). And I'm here today to share my story and get opinions from you, part of this community.
In August 2024 I visited Moscow, and got Russian starter pack, even if foregneir :-)
Will be useful later because I'm moving here, Русский язык coming soon, извините!
So let's start with getting a new bank account, make a new mobile number and start to register to some essential service platforms like Metro, Gorod, ВВ, Perekrostak and Yandex for delivery and taxis. And in every service I found something strange. A certain "Ivan" (I've changed the name for privacy) is present in all my accounts where I try to register.
That's it! The phone number that my bank gave me was just.... recyled! So I could start to get personal data through all these existing account on this new phone number of mine but the most shocking thing occured today!
Alarm on 9:00, I woke up and I got a message by Yandex:
The Cisco IOS/IOS-XE operating system is a source of inspiration for many other vendors. The internet is full of guides on how to configure a typical Cisco router for SOHO scenarios. However, unlike consumer-grade routers, configuring something like Cisco IOS requires caution. If you don’t think things through, the router may start "living its own life" and end up, for instance, as a DDoS amplification tool.
Setting up a v3 user on the server-side agent for the default Linux snmpd (net-snmp package). Out of scope: SNMP traps and read-write (rw) users.
SNMP version 3 allows packet transmission in encrypted form, making it safe to transfer telemetry over public networks without the risk of exposing either authentication information (analogous to a community string) or the data stream itself, which is encrypted using a symmetric algorithm with a shared key.
Often at work, I encounter services that provide offerings such as resident proxies. Yet, I have never delved deeply into the topic. I have always simply consumed the product “as is,” as some lazy authors like to say.
I have a general understanding of how this type of service works at a layman’s level, and I became interested in exploring the topic more deeply and attempting to share the conclusions I reached through a deeper understanding of what resident proxies are. Let’s see what comes out of it. No recommendations here—just the subjective, evaluative opinion of yet another “specialist.”
Proxy servers are intermediaries between your device and the internet, allowing you to hide your real IP address and alter the appearance of your connection. Think of it as a white camouflage coat in snowy weather, if we speak in very simplistic terms. Let’s start from that—options for camouflage. However, comparing with camouflage coats would be rather dull; instead, let’s recall animals and insects that use camouflage and try to draw a parallel. In fact, I’ve already done so.
Proxy servers have long become an integral part of the modern network. They are used to enhance anonymity, bypass blocks, balance loads, and control traffic. However, not everyone understands that there is a fundamental difference between HTTP(S) proxies and SOCKS proxies. In this article, I will attempt to examine in detail the technical aspects of both types, review their advantages and limitations, and provide examples of configuration and usage – though this part is more of an elective (optional, if you will, but I really feel like including it).
The topic of proxies has always been approached (at least, that’s how the publications I encountered did) from the standpoint of complex terminology, which often remains unclear to the layman—someone not particularly versed in these internet matters. I decided to delve into the issue, and here is what I came up with:
Automation can be an exhilarating, albeit exhausting, journey‑especially for those just dipping their toes into it. The tasks are often labeled as “interesting” or “non‑standard,” which, let”s be honest, often translates to “challenging” or even “impossible.” Among these challenges, one question halts around 50% of novice automators in their tracks: How to bypass CAPTCHA!
In my previous article, Puppeteer CAPTCHA bypass: Tokens or Clicks? Let’s Break It Down (which I also published on Dev.to), I compared two CAPTCHA bypass methods (clicks and tokens) using Puppeteer. I also announced that in the next article (this one), I would conduct a practical comparison of the same methods using Selenium. This will complete the CAPTCHA bypass picture, so to speak. Well, let’s not waste time and get straight to the point.
In my work, I often encounter various services designed to simplify tasks across different areas. I’m not talking about tools like GSA or A-Parser but about Zennoposter or BAS. I am no professor in automation, so I’ll explain in layman's terms: these services are essentially complex, multi-layered platforms that allow the creation of bots and scripts to perform almost any task without human intervention—a sort of “basic neural network.” By the way, such services existed long before neural networks became mainstream for everyday use.
While exploring BAS, I encountered a situation where many developers creating BAS scripts (ironically, developers developing) idealize CAPTCHA solving using clicks.
In today's interconnected development world, secure authentication is not just a luxury—it's a necessity. Whether you're a seasoned DevOps engineer or a junior developer just starting your journey, understanding SSH key pairs is crucial for your daily workflow. They're the unsung heroes that keep our git pushes secure, our server access protected, and our deployments safe from prying eyes.
But let's be honest: SSH keys canbe confusing. With terms like “public key infrastructure,” “cryptographic algorithms,” and “key fingerprints” floating around, it's easy to feel overwhelmed. This guide aims to demystify SSH key pairs, breaking down complex concepts into digestible pieces that will help you make informed decisions about your security setup.
CAPTCHA is not just a single word that can be defined; it's an acronym consisting of nine words (and two prepositions): Completely Automated Public Turing Test To Tell Computers and Humans Apart. This mouthful was shortened to the concise CAPTCHA to avoid creating yet another hard-to-pronounce term. Translated into Russian, this abbreviation sounds like "Полностью автоматизированный публичный тест Тьюринга для различения компьютеров и людей" (Fully Automated Public Turing Test to Differentiate Computers and Humans).
Hey! My name's Kirill Ziborov and I'm a member of the Distributed System Security team at Positive Technologies. In this article, I'll be continuing the discussion of methods and tools for the formal verification of smart contracts and their practical application to prevent vulnerabilities. The main focus will be on the deductive verification method, or more precisely, the ConCert framework for testing and verifying smart contracts.
Today, a significant portion of all content on the Internet is distributed with the use of CDNs (Content Delivery Networks). At the same time, there is no research on how various censors extend their influence on such networks. Scientists from the University of Massachusetts analyzed possible methods of blocking CDN content using the example of the practices of the Chinese authorities, and also developed a tool to bypass such blocks.
We (specialists from proxy service) have prepared an overview material with the main conclusions and results of this experiment (translate of this material).
Governments in many countries restrict citizens' access to information and services on the Internet in one way or another. Combating such censorship is an important and difficult task. Usually simple solutions cannot boast about high reliability or long-term efficiency. More complex methods of overcoming blocks have disadvantages in terms of usability, low performance, or they do not allow you to maintain the quality of Internet use at the proper level.
A group of American scientists from the University of Illinois has developed a new method of overcoming blocks, which is based on the use of proxy technology, as well as segmenting users by trust level to effectively identify agents working for censors. We present you with the main theses of this work.
Description of the approach
Scientists have developed the Salmon tool, a system of proxy servers operated by volunteers from countries without restrictions on Internet use. In order to protect these servers from blocking by censors, the system uses a special algorithm for assigning a level of trust to users.
The method involves exposing potential censor agents that pose as ordinary users in order to find out the IP address of the proxy server and block it. In addition, countering Sybil attacks is carried out through the requirements to provide a link to a valid social network account when registering in the system or to receive a recommendation from a user with a high level of trust.
How it works
It is assumed that the censor is a state–controlled body that has the ability to take control of any router within the country. It is also assumed that the task of the censor is to block access to certain resources, and not to identify users for further arrests. The system cannot prevent such a course of events in any way – the state has plenty of opportunities to find out what services citizens use. One of them is the use of honeypot servers to intercept communications.
It is also assumed that the state has significant resources, including human ones. The censor can solve tasks that require hundreds and thousands of full-time employees.
A few more basic theses:
A group of Indian scientists has published an overview of modern methods of Internet blocking introduced by government agencies, using the example of their own country. They studied the mechanisms used by Internet service providers restricting access to prohibited information, assessed their accuracy, and the ability to bypass such blocks. We would like to bring to your attention the main theses of this work.
Hey there, Habr! My name is Alexey Kolesnikov. I am a Malware Detection Specialist at the Positive Technologies Expert Security Center (PT ESC). I recently spoke at the AVAR 2023 international conference in Dubai, where I covered new plugins developed by PT ESC for an open-source dynamic malware analysis system named DRAKVUF and demonstrated how they can be used to detect current Linux threats in sandbox for protection against targeted and mass attacks PT Sandbox.
Read on for a brief overview of popular malware monitoring tools for Linux, a description of how our plugins work in DRAKVUF, and a malware analysis that relies on these plugins.
The identification protocol based on the pairing function, resistant to impersonation and compatible with the instant digital signature (IDS) mode, was studied in this article. This protocol uses prover's and verifier's public keys. As a result, there is no anonymity, since certificates including personal data of their owners are issued for the mentioned keys. This article contains a description and analysis of new anonymous identification protocols for groups.
Introduction
Hello Habr! This is a translation of my first article, which was born due to the fact that I once played with the types of meterpreter payload from the Metasploit Framework and decided to find a way to detect it in the Windows OS family.
Analysis
I will try to present everything in an accessible and compact way without delving into all the work. To begin with, I decided to create the nth number of useful loads (windows/meterpreter/reverse_tcp, shell/bind_tcp, shell_hidden_bind_tcp, vncinject/reverse_tcp, cmd/windows/reverse_powershell) to analyze what will happen in the system after their injection.
