The difference between the red, blue and purple teams

The difference between the red, blue and purple teams Hello colleagues. We remind you that not so long ago we had two cool classic books about hacking and analysis of malicious software . And also on the way a great book about the distribution of Kali Linux . Nevertheless, we still believe that the topic of computer security is not completely covered by us and would like to ask your opinion about book Yuri Diogenes and Erdal Ozkaya on the interaction of the Red Team and the Blue Team in the verification of information security in ...
+ 0 -

Anti-Piracy Wars - The Empire Strikes Back

+ 0 -

Legends of the virus construction: The beginning of the war

Legends of the virus construction: The beginning of the war
 
 
The end of the eighties became an amazing time for the country of the Soviets. Accumulated and growing discontent is poured into a bastard "perestroika". In the TV - the shameful withdrawal of Soviet troops from Afghanistan, in stores - empty shelves and food cards. "A star named Sun" and "I want change" sound from every iron. Meanwhile, in the depths of the GVC Gosplan of the USSR Dmitry Lozinsky ...
+ 0 -

Win32 /Glupteba is no longer associated with the operation of Windigo

Win32 /Glupteba is no longer associated with the operation of WindigoStudy Linux /Ebury , the main component of Operation Windigo , led us to look at the rest of the ecosystem to see if they were being used in the operation. Attention was drawn to the open proxy server Win32 /Glupteba, which was previously distributed using a set of exploits in the operation Windigo. Based on the results of the last analysis, we assume that the program is no longer associated with Windigo.
 
In the post we will provide information on the current mechanisms for the distribution of Glupteba, a brief analysis of the network traffic passing through the proxy, technical analysis ...
+ 0 -

Anti-interview

I visited many bad interviews, and as a candidate both as a facilitator and as an observer. As a result, an extremely subjective set of notes on how it is worth and how not to interview developers is formulated.
 
 
Anti-interview
 

Interview is the exam


 
The presenter is a strict teacher, and the candidate is a student. Classic setting. Usually it goes like this. They asked where you came from, and then the technical interview went off.
 
 
Begins with simple questions on the buildup, about these:
 
Good illustration of as there is a selection of candidates ...[/h]
+ 0 -

Threat Hunting with the new Cisco Visibility

Threat Hunting with the new Cisco Visibilitysolution.Imagine that you are Read the an article in Kommersant that a complete package for attacks on Pegasus banks was publicly available on the Internet. Probably you want to find out if you were hit by the distribution and whether your network is infected with malicious code. On the one hand, you have a bunch of logs and security events from various protections, and on the other, you may receive threat information as part of a subscription to any paid or free Threat Intelligence service (for example, from BI.ZONE, GOSOPKI or FINCERT). On the one hand, you have a lot of data to analyze, but you ...
+ 0 -

Building an extended anti-virus protection system for a small enterprise. Part 3

Building an extended anti-virus protection system for a small enterprise. Part 3
 
In this part, we will continue to describe the solution of multi-stage protection based on the USG Performance Series gateways, in particular, Zyxel USG40W. Previous parts: first and the second is . But in the beginning it is worth remembering the reasons that encourage system administrators, IT security specialists to use such devices.
 
 
Next, we turn to the description of Zyxel USG40W, taking as a basis both versions of the web-interface: "Simple Mode" and "Experienced User Mode".
 
Page of USG Performance Series ...
+ 0 -

ESET discovered the BackSwap bailor using a new method of manipulating the browser

ESET discovered the BackSwap bailor using a new method of manipulating the browserBanking Trojans in recent years are losing popularity among cybercriminals. One of the reasons is the development of protection technologies for anti-virus vendors and web browser developers. It is difficult to conduct an attack using a banker, so many virus writers switch to simpler and more profitable tools: encryptors, miners, crypto currency theft software.
 
 
Many, but not all. We found a new family of bankers using new techniques to manipulate the browser. Instead of complex code injection into the browser process to monitor its activity, the malware captures Windows events in the message ...
+ 0 -

Cybergroup Turla uses Metasploit in the Mosquito campaign

Turla is a well-known cyber-spy group that has been active for at least ten years. The first mention of the group is dated 2008 and is associated with hacking. US Department of Defense . Subsequently, Turla attributed numerous incidents of information security - attacks on government and strategic industries, including defense industry .
 
 
Cybergroup Turla uses Metasploit in the Mosquito campaign  
 
In January 2018 we published first report about the new campaign Turla for the distribution of the ...
+ 0 -

Analysis of Zebrocy, malware of the first stage of the group Fancy Bear

Sednit, also known as APT2? Fancy Bear, Sofacy or STRONTIUM - a group of intruders working since 200? and maybe even earlier, the main purpose of which is stealing confidential information from selected objects.
 
 
Analysis of Zebrocy, malware of the first stage of the group Fancy Bear
 
Approximately from the end of 201? we are witnessing the deployment by this group of a new component - Zebrocy, the bootloader for Xagent (the main backdoor Sednit). Kaspersky Lab first mentions this component in 2017 in the report APT trend report and recently released ...
+ 0 -