START READING
09/01/17 |Research # , , , ,

Is Mirai Really as Black as It’s Being Painted?

Is Mirai Really as Black as It's Being Painted?

The Mirai botnet, which is made up of IoT devices and which was involved in DDoS attacks whose scale broke all possible records, causing denial of service across an entire region, has been extensively covered by the mass media. Given that the botnet’s source code has been made publicly available and that the Internet of Things trend is on the rise, no decline in IoT botnet activity should be expected in the near future.

Continue reading

0 likes no responses
27/12/16 |Research # , , , ,

Так ли страшен Mirai, как его малюют?

Так ли страшен Mirai, как его малюют?

Ботнет Mirai, состоящий из IoT-устройств и участвовавший в организации DDoS-атак, которые по своей мощности побили всевозможные рекорды и даже привели к отказу в обслуживании целого региона, наделал много шума в средствах массовой информации. Учитывая тот факт, что исходные коды данного ботнета оказались в открытом доступе, и укрепление тренда «интернета вещей», не стоит в ближайшее время ожидать спада активности IoT-ботнетов. Continue reading

0 likes no responses
30/11/16 |Blog # , , ,

0day vulnerability in Tor Browser

0 likes no responses
09/11/16 |Blog # , , , , ,

IT threat evolution Q3 2016. Statistics

0 likes no responses
15/09/16 |Blog

Fooling the “Smart City”: the full report based on Defcon 24 talk


The concept of a smart city involves bringing together various modern technologies and solutions that can ensure comfortable and convenient provision of services to people, public safety, efficient consumption of resources, etc. However, something that often goes under the radar of enthusiasts championing the smart city concept is the security of smart city components themselves. The truth is that a smart city’s infrastructure develops faster than security tools do, leaving ample room for the activities of both curious researchers and cybercriminals.

Continue reading

0 likes no responses
05/09/16 |Blog # , , ,

Talent Lab and Indicators of Compromise

The data obtained by Honeypot sensors requires manual analysis and interpretation, and in most cases cannot be used in automated tools to identify the threat in other segments of the network. It is necessary to create and demonstrate a set of data that can be used as indicators of compromise (IoC) and which is received in an automated mode. The use of this data by other automated tools should not lead to false positives.
Continue reading

0 likes no responses
11/08/16 Blog # , , ,

IT threat evolution in Q2 2016

0 likes no responses
17/07/16 |Research # , , , ,

Криптозащита FreeBSD. Часть 2: Тонкости повседневного использования.

В первой части статьи «Использование средств криптографической защиты в ОС FreeBSD» я описывал установку ОС на зашифрованный корневой раздел. Но время идет, и враг не стоит на местe: с каждым новым днем появляются все более изощренные методы атак на безопасность систем. В этой статье я расскажу, как защитить носитель и мастер-ключи для загрузки ОС от заинтересованной стороны, дам рекомендации по выбору и использованию стеганографических инструментов, а также попытаюсь объяснить на пальцах трудности использования этой системы. Continue reading

0 likes no responses
08/03/16 |Blog # , , ,

Point of view: Nullcon 2015

It’s been one full year since the end of the practical information security forum held in India. I realize that the country and the event will forever stay in my memory and some of the other participants will remember them, too. We’ve had it all: pursuits, quardocopters, motorbiking accidents, an Indian hospital, meditation and information security. Continue reading

0 likes no responses
01/03/16 |Blog # ,

Отчет о конференции Nullcon 2015

Прошел уже год с момента завершения форума по практической информационной безопасности, который проходил в Индии. Сегодня я понимаю, что эта страна и это мероприятие навсегда останутся в моей памяти и памяти некоторых его участников. Здесь было все: погони, квадрокоптеры, падения с мотоциклов, индийский госпиталь, медитация и информационная безопасность. Continue reading

0 likes no responses
1 2 3 4 12
Stay up to date

Twitter
This weekend I'll have a session at @BSides_NoVA related to #ioTsecurity. If you're participant feel free to ask me relevant questions here.
This weekend I will have a session at @BSides_NoVA related to #IoT security. If you participant feel free to ask me relevant questions here.
RT @kaspersky: Great #IoT presentation from @difezza at #RSAC
Few hours before my session at #RSAC2017. Good opportunity to hang out, guys! See ya there! :) https://t.co/DoTeDiSgTn
Recent Comments
- Denis Makrushin to The problems of heterogeneous means of protection
Of course!...
- K. Olbert to The problems of heterogeneous means of protection
Insightful diagram, Denis. Would you mind if I use it in a presentation, with credit, of course?...
- sock2013 to Cookies Sniffer – последний шаг на пути к эксплуатации XSS.
ilovesniffer...