Implementing hypervisor-level behavioral analysis in Linux

Level of difficulty Medium
Reading time 7 min
Views 521

Hey there, Habr! My name is Alexey Kolesnikov. I am a Malware Detection Specialist at the Positive Technologies Expert Security Center (PT ESC). I recently spoke at the AVAR 2023 international conference in Dubai, where I covered new plugins developed by PT ESC for an open-source dynamic malware analysis system named DRAKVUF and demonstrated how they can be used to detect current Linux threats in sandbox for protection against targeted and mass attacks PT Sandbox.

Read on for a brief overview of popular malware monitoring tools for Linux, a description of how our plugins work in DRAKVUF, and a malware analysis that relies on these plugins.

Import chat history to Telegram (приглашение)

Level of difficulty Medium
Reading time 3 min
Views 1.2K

I'm seeking anyone who is skilled enough to develop a simple Python script using TDLib, Telegram API, and JSON manipulation to make it possible to perform simple tasks listed below:

1. Import Telegram chat JSON backup back to Telegram similar to what these scripts are doing github.com/alexlyzhov/telegram-import
but for any chat (not only to «saved messages») including group chats (not only 1 to 1 chats) and improve the code to make it work faster, more reliable, write log file, allow continuing from the stop point in case of errors and keep all the original chat data including formatting and everything that telegram can handle.
Some kinda combine all the script in one universal, flexible, high quality tool.
The most important aspect of the whole task is that the imported messages have to keep not only the formatting, but its original date and time when they were actually sent. Like it is done in the original telegram tool for importing history from some other apps — telegram.org/blog/move-history

2. Make it very simple to use. Perfect solution will be: Download, put the script next to JSON backup and run it in the interactive mode or with some specific options. Let the script ask for all the credentials and briefly explain where to get them. If possible, keep all the job on one device with no need of transferring the WA format zip file to the phone for importing. If not possible, make it an android app which will get the JSON, process it and feed the result to the Telegram app for import.

This is the basic I'm going to pay for.
Trace Compass and GZip

Reading time 4 min
Views 751

Trace Compass with GZip

Trace Compass is an open-source application performance analysis framework. It is designed to visualize and analyze traces, which are recordings of events that occur in a software system during its execution. Trace Compass is particularly useful for understanding the behavior, performance, and interactions within complex software systems.

Key features of Trace Compass include:

Trace Visualization: It provides a graphical representation of traces, allowing users to visualize the sequence and timing of events in a system.

Analysis Tools: Trace Compass offers various analysis tools and modules for different types of traces, helping users identify performance bottlenecks, errors, and other issues.

Support for Multiple Trace Formats: It supports a wide range of trace formats from different sources, making it versatile for analyzing traces generated by various software components.

Customizable Views: Users can customize the views and analyses based on their specific needs, allowing for a more tailored and effective analysis process.

Integration with Eclipse: Trace Compass is often integrated with the Eclipse IDE, providing developers with a seamless environment for analyzing and debugging their applications.

Overall, Trace Compass is a valuable tool for developers, system administrators, and performance analysts to gain insights into the runtime behavior of software systems and optimize their performance.

How to send messages over sockets and create your own messanging protocols in C++

Level of difficulty Medium
Reading time 28 min
Views 2.7K

Network programming in C++ can be challenging. But even a greater challenge is to find educational content that will arm you with the knowledge on how to apply your networking skills in real applications.

In this article you can learn the basics of socket communication and many ways how you can design your internal messaging protocols.

Why x^0 = 1 visually

Reading time 3 min
Views 1K

The traditional definition for the operation of exponentiation to a natural power (or a positive integer) had introduced approximately as follows:

Exponentiation is an arithmetic operation originally defined as the result of multiple multiplications a number by itself.

But the more precise formulation is still different:

Raising a number X to an integer power N is an arithmetic operation defined as the result of multiple [N by mod times] multiplications or divisions one by number X.

How to Use Throw and Throws in Java

Level of difficulty Easy
Reading time 2 min
Views 936

Exception handling in Java is the most effective way to handle runtime errors occurring in the application. This is used to protect the abnormal flow of the execution of the application and continue the application in normal flow. This is the process of handling runtime errors such as ClassNotFoundException, IOException, etc. The throw and throws keywords are used to handle exceptions in Java.
In this topic, we will learn how to use throw and throws keywords in Java with examples.

Spring Boot Mapping

Level of difficulty Easy
Reading time 1 min
Views 1.5K

The platform is designed for those who want to enhance their knowledge with simplicity. Programming tutorials and examples written in simple, understandable language for beginners and experienced. Spring Java tutorials provides well contents to learn java, spring framework and also the architecture of spring technology for professionals.

High-performance network library using C++20 coroutines

Level of difficulty Medium
Reading time 17 min
Views 16K

Asynchronous programming is commonly employed for efficient implementation of network interactions in C++. The essence of this approach lies in the fact that the results of socket read/write functions are not immediately available but become accessible after some time. This approach allows for loading the processor with useful work during the wait for data. Various implementations of this approach exist, such as callbacks, actors, future/promise, coroutines. In C++, these implementations are available as libraries from third-party developers or can be implemented independently.

Coroutines are the most challenging to implement as they require writing platform-dependent code. However, the recent version of the C++ 20 language standard introduces support for coroutines at the compiler and standard library levels. Coroutines are functions that can suspend their execution, preserving their state, and later return to that state to resume the function's work. The compiler automatically creates a checkpoint with the coroutine's state.

For a comprehensive understanding of C++ 20 coroutines, refer to this article. Below, we examine a code example using coroutines and describe important points applied during implementation.

Create a native Kotlin application with Spring Boot Native, Gradle, and GraalVM without Docker for MacOS and Windows

Level of difficulty Medium
Reading time 11 min
Views 1.4K

In this tutorial, I want to talk about the practical experience of native compilation of a production application written in Kotlin with Spring Boot and Gradle using GraalVM. I’ll start right away with the pros and cons of the native compilation feature itself and where it can be useful, and then I’ll move directly to the build process for MacOS and Windows.

At the end of the article, in the afterword block, I will talk in more detail about the project and why such a need arose, given quite a few limitations and pitfalls of supporting native compilation both from Spring Boot and from GraalVM.

Referential Transparency as a mechanism for building Reliable Programs

Level of difficulty Easy
Reading time 4 min
Views 505

Referential transparency, a key concept in functional programming, is often associated with more reliable, easier to test, and safer software. This term refers to a principle in which a function, given the same input, will always produce the same output without producing any side effects.

In the real world of software development, side effects are inevitable. Programs are rarely useful unless they interact with the outside world. This interaction could be reading from or writing to the console, making network requests, querying a database, or modifying a variable.

Yet, despite the necessity of side effects, they introduce risks and complexities. Programs with side effects are harder to test, harder to reason about, and more prone to bugs. They can also make the system as a whole more difficult to understand and maintain, due to hidden dependencies between components.

Enter referential transparency - a concept that means a function, given the same input, will always provide the same output, without creating any side effects. A function that adheres to this principle doesn't read any global state or change any state outside of its scope. The result is code that is more predictable and easier to reason about.

In terms of software safety and reliability, the absence of side effects is not enough. Programs should also be free from external influence - their results should only depend on their arguments. That is, programs should not read data from the console, a file, network, database, or even system variables.

Total votes 1: ↑1 and ↓0 +1
Comments 3

Review of mini-book «60 terrible tips for a C++ developer»

Level of difficulty Easy
Reading time 6 min
Views 1.2K

I wrote a small e-book about terrible tips for C++ developers. Actually, it describes bad programming practices and explains why it's better to avoid them. However, every chapter of this mini-book starts with a terrible tip — just for fun.

60 terrible tips for a C++ developer

By the way, these tips may seem artificial but believe me, they are based on the real experience. In other words, the described terrible tips occur in developers' lives — that's why it's worth discussing them. First of all, this book will be useful for junior developers. But more skilled C++ developers can also find interesting and useful tips.

Even though it's a mini-book, it clearly does not fit into the Habr format. Too many words. So, I decided to write here the review. Here is the link to find the full version of the mini-book: 60 terrible tips for a C++ developer.

If you still hesitate whether to read it or not, below you will find a list of terrible tips that will be discussed in the mini-book.

View the terrible tips:

Spring Data JPA entity enum converter

Reading time 4 min
Views 3K

Faced with situation when had to map STRING VALUE coming from database TO ENUM. The problem happens when value stored in database differs from enum name. And here we need a workaround to make a mapping. I will describe main points on how I was able to realise it.

ChatGPT to Help You Become a 10x Programmer

Level of difficulty Easy
Reading time 2 min
Views 7K

I believe that every programmer has at least once heard about ChatGPT and its marvelous abilities to process, calculate and create huge amounts of data; if not, go check out this Wikipedia article - https://en.wikipedia.org/wiki/ChatGPT.

Can you imagine that some 50 years ago people could not even believe that there may be something artificial surpassing humans in so many areas? Nowadays, we have this marvel at the distance of a few tabs on a phone screen or a keyboard; however, there is still a sadly large number of people who do not fully—if at all— utilize all the perks of ChatGPT in their lines of work. This is mostly related either to people's reluctance to learn new technologies or the fear of losing coding skills they have previously gained—which is not the case with using ChatGPT properly.

In this article I want to give you some of the most useful uses of ChatGPT for your coding work. Remember, there is nothing shameful in using the AI, since this the development and further implementation of it in our day-to-day life is inevitable, so we should start adapting to it as early as we can to take the full advantage of this "magical" technology. Let's get started.

Your own Duolingo without overengineering

Reading time 14 min
Views 1.2K

Hi, my name is Mikhail Emelyanov, I’m a Python programmer and I would like to show you my pet project — Flywheel, a micro-platform for learning foreign languages, a mixture of Duolingo and Anki, an application that can teach you to properly write in Spanish (or any other language you’re studying). Flywheel’s source code is available on GitHub.


As you may know, generalized knowledge of a foreign language can be broken down into four relatively independent components: reading, writing, listening, and speaking. Unfortunately, training one of these abilities has no direct effect on the other components, so, for example, by developing our reading skills, the effect on our writing skills is quite indirect. Flywheel is a ‘sharpener’ specifically for written Spanish.

If you’ve ever used Duolingo, you should have some idea of the format in which you’ll be studying. The formula is simple: here’s a phrase, translate it into the other language; the app will remember the last time you translated a phrase and how successful you were at it; and depending on the accuracy of your answer, it will determine when you should do the same phrase again. In my opinion, Duolingo and its approach are brilliant. However… There are certain aspects that somewhat spoil the learning experience, and Flywheel was specifically designed to address them.

lsFusion: Open-Source Rapid Application Development Platform

Reading time 7 min
Views 757

lsFusion platform is designed for rapid development of business applications. It is distributed under the terms of a Lesser General Public License (LGPLv3). The source code of the platform is available on Github.

lsFusion is best suited for creating complex systems with large numbers of entities and forms, where users need to input and process large amounts of data. However, the platform can also be used to quickly create simple applications instead of spreadsheets when Excel’s functionality is not enough.

At the same time the use of the platform will not give a great advantage when developing applications aimed at interaction with a large number of “external” users or without the need for any complex calculations. You should also take into account that the web interface is a single page application using JavaScript. Therefore, the lsFusion platform is not well-suited for creating websites, for example.

How we built a Cyber Immune product using an open source library: stages, pitfalls, solutions

Reading time 11 min
Views 626
Do you remember how, even before the pandemic set in, companies were striving to provide secure perimeter access for their telecommuters? Especially if super sensitive data was involved such as accounting information or corporate documents. The solutions were complex, bulky and expensive. Can you imagine just how critical it has become now?!


My name is Sergey Yakovlev, and I'm the head of the Kaspersky Thin Client project based on our proprietary operating system, KasperskyOS. A thin client is one of the main components of a virtual desktop infrastructure, which is a remote desktop access system. In this article, I will use such a client as an example of how you can build a secure (yet commercially viable!) product. I will cover the stages, the stumbling blocks, the problems and solutions. Let's go!
