Pull to refresh

Admin

Show first
Rating limit

IDS Bypass at Positive Hack Days 11: writeup and solutions

Positive Technologies corporate blog Information Security *Network technologies *CTF *

The IDS Bypass contest was held at the Positive Hack Days conference for the third time (for retrospective, here's . This year we created six game hosts, each with a flag. To get the flag, participants had either to exploit a vulnerability on the server or to fulfill another condition, for example, to enumerate lists of domain users.

The tasks and vulnerabilities themselves were quite straightforward. The difficulty laid in bypassing the IDS: the system inspected network traffic from participants using special rules that look for attacks. If such a rule was triggered, the participant's network request was blocked, and the bot sent them the text of the triggered rule in Telegram.

And yes, this year we tried to move away from the usual CTFd and IDS logs towards a more convenient Telegram bot. All that was needed to take part was to message the bot and pick a username. The bot then sent an OVPN file to connect to the game network, after which all interaction (viewing tasks and the game dashboard, delivering flags) took place solely through the bot. This approach paid off 100%!

Подробнее
Total votes 3: ↑3 and ↓0 +3
Views 338
Comments 0

An Antidote to Absent-Mindedness, or How I Gained Access to an OpenShift Node without an SSH Key

Иннотех corporate blog System administration **nix *DevOps *Openshift *
Translation

Typically when a Node falls out of the OpenShift cluster, this is resolved by simply restarting the offending element. What should you do, however, if you’ve forgotten the SSH key or left it in the office? You can attempt to restore access by using your wit and knowledge of Linux commands. Renat Garaev, lead developer at Innotech, described how he found the solution for this riddle and what was the outcome.

Read more
Rating 0
Views 4.2K
Comments 0

Wi-Fi and CWMP (TR-069) / USP (TR-369) protocols: frequecy optimization attempt

Wireless technologies *Popular science

I guess, it's not a big deal to say that Wi-Fi (IEEE 802.11 standards) is the one of the most popular and most spread communication technology of the current day. Especially indoors. The growing number of Wi-Fi devices still remains that leads to the overcrowded spectrums: both 2.4 GHz and 5 GHz.


This fact means increasing of demand for some optimization routines for utilization of resources. And therefore some RRM (Radio Resource Management) systems become required.



Read more →
Total votes 1: ↑1 and ↓0 +1
Views 3.4K
Comments 0

Utilitarian blockchain. 1. Assets

Decentralized networks Research and forecasts in IT Finance in IT Cryptocurrencies
image

In the modern world, the term " **blockchain** " is steadily associated with cryptocurrencies, NFTs, mining, trading and financial pyramids. However, even among programmers and IT people there is not always a clear understanding of what it is and what it is for.

This article attempts to look at this still relatively new element of the information and human space in practical and slightly philosophical aspects.

> **Disclaimer**: The article will use simple language to explain non-trivial concepts, so non-critical distortion of technical details is possible.
Read more →
Rating 0
Views 657
Comments 0

Information is changed by entropy

Data recovery *
Recovery mode

According to the no-cloning theorem it is impossible to create an independent and identical copy of an arbitrary unknown quantum state. We cannot delete any quantum information as well. All changes in time of the state vector in quantum mechanics are described by the action of unitary operators. Accordingly, there must be an operator performing a deleting operation. The operator must be a zero matrix in order to nullify quantum information totally in all cases. But a zero matrix is not a uninaty or hermitian matrix. Therefore there is no such unitary operator that can delete information.

   This might be proven in another way. Let us imagine the double-slit thought experiment where interference exists when we do not know about the system and interference does not when we know about the system. Assume we have a storage where the data is stored and the experiment is being conducted with knowing about the system. Suppose we destroy the storage. What does the screen in the experiment show us? Quantum mechanics tells us that there must not be interference. Should it appear after the data is destroyed? Since the wave function has collapsed it cannot be restored. If there is a chance to delete the information in the experiment, it means that the wave function must go back to the initial state and show us interference, which is a contradiction.

   Based on the foregoing, we will consider the quantum eraser experiment. In that experiment information is neither erased nor disappeared. It is being changed. That is the key point. We increase entropy. If there is a 50 per cent chance to get interference then the entropy = 1 (max value). The same with a spin. If we change spins of elementary particles, for example in the Stern–Gerlach experiment with different axes measurements, we do not delete the information about the states of particles, we increase the entropy. Changing does not equal deleting. 

Read more
Total votes 3: ↑3 and ↓0 +3
Views 747
Comments 1

PHDays 11: bootkit infection, sanitizers for the Linux kernel, the new face of OSINT, and phishing on official websites

Positive Technologies corporate blog Configuring Linux *Information Security *Programming *Conferences

Positive Hack Days 11 will begin in a matter of weeks. This international forum on practical security will be held on May 18–19 in Moscow.

As per tradition, PHDays will have three big tracks dedicated to countering attacks (defensive), protection through attack (offensive), and the impact of cybersecurity on business. It is our pleasure to present the first talks.

Read more
Total votes 1: ↑0 and ↓1 -1
Views 598
Comments 0

The journey of scaling up a production Elasticsearch cluster

High performance *NoSQL *Database Administration *Amazon Web Services *Distributed systems *

In this article, I will tell you about a-few-years journey of scaling the Elasticsearch cluster in production environment, which is one of the vital elements of the iPrice technology stack. 
I will describe challenges we encountered and how we approached them.

Read more
Total votes 1: ↑1 and ↓0 +1
Views 853
Comments 0

Introducing into calamares bootloader

Configuring Linux *Open source **nix *Development for Linux *Software
Tutorial


Overview


Sometimes all of us need to make a graphical installer for one's own linux distro. It goes without saying that you are able to use a distro-specific installer like Anaconda for RedHat-based or DebianInstaller for debian-based. On the other hand Calamares is a graphical installer which is not aligned with only one package manager.


I want to share my experience how to make a universal install solution with GUI. I did not find any complete article about it, hence, I reinvented the wheel.

Read more →
Total votes 2: ↑2 and ↓0 +2
Views 1.2K
Comments 0

The Cryptocurrency Bandwagon

Decentralized networks Cryptography *Cryptocurrencies

The spread of cryptocurrencies contributed to the development of many solutions based on a distributed ledger technology (blockchain). Although the scope of these solutions varies, most of them have the same basic set of security services, i.e. confidentiality, authenticity, and integrity. These features are granted by the practical applications of public key cryptography, in particular,  digital signature (DS). But unlike many other applications of public key cryptography, cryptocurrency networks do not use public key certificates. This is the aspect that we would like to talk about.

Read more
Rating 0
Views 1.1K
Comments 2

Introduction to Engineering

Programming *System Analysis and Design *Studying in IT IT career Systems engineering

This is a set of chapters for young engineers. We give practical advice and discuss goals, challenges and approaches used in modern software engineering.

Along with classical foundations this article contains original ideas of conceptualizing engineer's work with emphasis on bringing order to the situation and finding an insight. Engineering is approached as work in uncertainty with other people which requires special skills. Non-obvious complications regarding modern production in big companies are discussed.

This article is based on 15 years of experience in engineering and management in high-tech industries.

Read more
Rating 0
Views 978
Comments 3

Q4 2021 DDoS attacks and BGP incidents

Qrator Labs corporate blog Information Security *IT Infrastructure *Network technologies *

2021 was an action-packed year for Qrator Labs.

It started with the official celebration of our tenth year anniversary, continued with massive routing incidents, and ended with the infamous Meris botnet we reported back in September.

Now it is time to look at the events of the last quarter of 2021. There are interesting details in the BGP section, like the new records in route leaks and hijacking ASes, but first things first, as we start with the DDoS attacks statistics.

Read more
Total votes 13: ↑13 and ↓0 +13
Views 510
Comments 0

Enhancing security of containers in Linux

Huawei corporate blog Configuring Linux *Open source *Cloud services Kubernetes *

In any history textbooks, the modern time has already been called the time of the next change of the industrial structure or the fourth industrial revolution (Industry 4.0). The main role, in this case, is given to information and IT systems. In an attempt to reduce the cost of IT infrastructure, unify and accelerate the process of developing IT solutions, humanity first invented "clouds" in order to replace traditional data centers, and then containers to replace virtual machines.

Clearly, containers appear more vulnerable from a security point of view. What are the advantages of containerization over virtualization? In fact, there are quite a lot of them:

the possibility of more flexible use of available resources (no need to backup them as in the case of virtual machines);

the ability to save resources (no need to spend them on many copies of the OS for each virtual machine);

no delays at startup (just start of the process is almost instantaneous compared to the time needed to load the virtual machine);

 the interaction between processes, even if isolated, is much easier to implement when needed than between virtual machines. That is how, by the way, came the concept of microservices, which has recently become very popular.

All of the above led to the very rapid development of container technologies, despite the recurring problems with the security of already deployed container cloud systems, their hacks, and data leaks. Accordingly, the work on strengthening container security is also continuing. This is what will be discussed further in this article.

Read more
Total votes 3: ↑3 and ↓0 +3
Views 931
Comments 0

New botnet with lots of cameras and some routers

Qrator Labs corporate blog Information Security *IT Infrastructure *Network technologies *

DDoS attacks send ripples on the ocean of the Internet, produced by creations of various sizes - botnets. Some of them feed at the top of the ocean, but there also exists a category of huge, deep water monstrosities that are rare and dangerous enough they could be seen only once in a very long time.

November 2021 we encountered, and mitigated, several attacks from a botnet, that seems to be unrelated to one described and/or well-known, like variants of Mirai, Bashlite, Hajime or Brickerbot.

Although our findings are reminiscent of Mirai, we suppose this botnet is not based purely on propagating Linux malware, but a combination of brute forcing and exploiting already patched CVEs in unpatched devices to grow the size of it. Either way, to confirm how exactly this botnet operates, we need to have a sample device to analyze, which isn’t our area of expertise.

This time, we won’t give it a name. It is not 100% clear what we are looking at, what are the exact characteristics of it, and how big this thing actually is. But there are some numbers, and where possible, we have made additional reconnaissance in order to better understand what we’re dealing with.

But let us first show you the data we’ve gathered, and leave conclusions closer to the end of this post.

Read more
Total votes 12: ↑12 and ↓0 +12
Views 907
Comments 0

LVM Thinpool Restore

Configuring Linux **nix *
Sandbox

Hi everyone, today I will tell how I restored a defunct LVM thinpool. Unfortunately I could not find any howtos or manuals on the internet, so maybe this one will help someone in a similar situation.

Read more
Total votes 2: ↑2 and ↓0 +2
Views 1K
Comments 0