START READING
30/11/16 |Blog # , , ,

0day vulnerability in Tor Browser

0 likes no responses
09/11/16 |Blog # , , , , ,

IT threat evolution Q3 2016. Statistics

0 likes no responses
15/09/16 |Blog

Fooling the “Smart City”: the full report based on Defcon 24 talk


The concept of a smart city involves bringing together various modern technologies and solutions that can ensure comfortable and convenient provision of services to people, public safety, efficient consumption of resources, etc. However, something that often goes under the radar of enthusiasts championing the smart city concept is the security of smart city components themselves. The truth is that a smart city’s infrastructure develops faster than security tools do, leaving ample room for the activities of both curious researchers and cybercriminals.

Continue reading

0 likes no responses
05/09/16 |Blog # , , ,

Talent Lab and Indicators of Compromise

The data obtained by Honeypot sensors requires manual analysis and interpretation, and in most cases cannot be used in automated tools to identify the threat in other segments of the network. It is necessary to create and demonstrate a set of data that can be used as indicators of compromise (IoC) and which is received in an automated mode. The use of this data by other automated tools should not lead to false positives.
Continue reading

0 likes no responses
11/08/16 Blog # , , ,

IT threat evolution in Q2 2016

0 likes no responses
17/07/16 |Research # , , , ,

Криптозащита FreeBSD. Часть 2: Тонкости повседневного использования.

В первой части статьи «Использование средств криптографической защиты в ОС FreeBSD» я описывал установку ОС на зашифрованный корневой раздел. Но время идет, и враг не стоит на местe: с каждым новым днем появляются все более изощренные методы атак на безопасность систем. В этой статье я расскажу, как защитить носитель и мастер-ключи для загрузки ОС от заинтересованной стороны, дам рекомендации по выбору и использованию стеганографических инструментов, а также попытаюсь объяснить на пальцах трудности использования этой системы. Continue reading

0 likes no responses
08/03/16 |Blog # , , ,

Point of view: Nullcon 2015

It’s been one full year since the end of the practical information security forum held in India. I realize that the country and the event will forever stay in my memory and some of the other participants will remember them, too. We’ve had it all: pursuits, quardocopters, motorbiking accidents, an Indian hospital, meditation and information security. Continue reading

0 likes no responses
01/03/16 |Blog # ,

Отчет о конференции Nullcon 2015

Прошел уже год с момента завершения форума по практической информационной безопасности, который проходил в Индии. Сегодня я понимаю, что эта страна и это мероприятие навсегда останутся в моей памяти и памяти некоторых его участников. Здесь было все: погони, квадрокоптеры, падения с мотоциклов, индийский госпиталь, медитация и информационная безопасность. Continue reading

0 likes no responses
17/02/16 Blog # , ,

Applied Theory of Reliability course

0 likes no responses
06/02/16 Blog # , , ,

#TheSAS2016: The city never sleeps

Security Analyst Summit 2016

Security Analyst Summit 2016

TITLE: The city never sleeps
SPEAKERS: Yury Namestnikov, Denis Makrushin

Among other things, security professionals rely on strict security policies to limit the internet access for applications and to deter cyber-criminals roaming through a corporate infrastructure. However, then employees go to sleep, many dangers lurk within corporate networks.

In this presentation, we will discuss what happens late at night when the dark side of applications wake up and run. We will show you how a malicious hacker doesn’t even need to knock on the corporate network’s from door, all because the city never sleeps. We will tell you stories about innocent Notepad, AutoCAD, Messenger and SAP modules doing dangerous things late at night when everyone is asleep.

06/02/16 Blog 0 likes no responses # , , ,
1 2 3 4 12
Stay up to date

Twitter
0day #vulnerability in Tor Browser, that allows to deanonymize #Tor users https://t.co/V4kw60XhBO
Tesla cars can be stolen by hacking the app https://t.co/ZU4ee2YsYi
VMware Workstation/Fusion out-of-bounds memory access vulnerability. As a result: escape straight outta guest OS. https://t.co/7bErBcZgBn
I've got invitation to be a keynote speaker for a big industrial event - it's a chance to make our life safer. Anyway, I will try. Cover me!
@weirdnik thank you for the info! As far as I know, it still allows you to modify some boot-data or remove it. DoS is a critical issue.
Recent Comments
- Denis Makrushin to The problems of heterogeneous means of protection
Of course!...
- K. Olbert to The problems of heterogeneous means of protection
Insightful diagram, Denis. Would you mind if I use it in a presentation, with credit, of course?...
- sock2013 to Cookies Sniffer – последний шаг на пути к эксплуатации XSS.
ilovesniffer...