Have you ever wondered how fintech projects and banking infrastructures get attacked? How the organizations protect against attacks? How cybersecurity works in the world of finance? If yes, make sure you come around to Finance.Zone.
Yuri will talk about the practical research of the security of an IP‑camera from a well‑known vendor. In the report, the speaker will look at the encryption algorithms used by the manufacturer to protect the device firmware, followed by reverse‑engineering of these algorithms ...
Most large and medium‑sized companies, regardless of the industry, have moved beyond just having the internal IT infrastructure. While proprietory software development is already the standard rather than the exception, this process poses new security risks and threats ...
Nikita is going to look at the process of reversing the firmware of the NVME‑to‑USB adapter and demonstrate the process of organizing dual‑booting the laptop with the modified adapter ...
Every month, malicious packages are reported to be found and neutralized in the PyPI, npm, and RubyGems repositories. They steal AWS tokens, payment card data, browser passwords, and other sensitive information. Open‑source projects appear to be a great opportunity for information security vendors to demonstrate their ...
The report is about ATM security analysis, beginning with the simplest and most common cases. The consequences of not ensuring proper security will be demonstrated using real‑life examples. We will also analyze possible attack scenarios and talk about how ATMs are actually protected nowadays ...
We all use open‑source software and enjoy the variety and functionality of programs that have been created for us. The downside of flexibility and functionality is the possibility of making a mistake that leads to vulnerabilities in the design, code, and configuration of applications. This talk ...
The workshop will guide you into the basics of Linux kernel security. In a series of exercise‑driven labs, you are going to explore the process of exploiting kernel bugs in modern Linux distributions on the x86‑64 architecture ...
During the Summ3r of h4ck internship at DSec, the speaker chose the topic of AMD PSP research and writing a dumper of PEI phase files. Given the ridiculous shortage of material on this topic on the Internet in any language, the speaker decided to talk about how the UEFI firmware works for devices containing ...
This report examines the method of obtaining access to protected data stored on mobile devices in the context of forensic analysis without a password. This appears to be extremely complicated, but for a number of devices (Huawei P9, Samsung A5 2016) it is feasible due to the presence ...
A CTF‑style cybersecurity competition is part of a training program on secure design and programming of information systems. The CTF allows developers to get hands‑on experience with typical vulnerabilities and exploitation techniques to avoid any such vulnerabilities in released products ...
The BI.ZONE team will take the opportunity at OFFZONE to showcase the platform interface, demonstrate which companies the product is designed for, and explain the process of earning rewards for bug hunters ...
Walls have ears and houses have eyes. The report is dedicated to the privacy and anonymity of cryptocurrencies. It will be useful for newcomers to learn about the principles of blockchain, and advanced users will learn more about ensuring their own privacy ...
The deception phase of information systems security is often unjustifiably neglected. Even though it can be used to provoke an intruder, who is trying to infiltrate your system or has already done so, to expose themselves and thereby detect them ...
The speakers will talk about their experience in testing payment applications and about interesting vulnerabilities that they have come across in real projects ...
What is a Privacy Sandbox? What problems are being solved with it, and what problems are eventually created by rejecting third‑party cookies? Let’s discuss the proposed technologies (FPS, CHIPS, FedCM, etc.) and the current status of their adoption ...
You can come across Flutter applications in security analysis projects or bug bounty programs. Most often, such assets are simply overlooked due to the lack of methodologies and ways to reverse engineer them ...
Finding secrets in a codebase is an essential stage of any mature SDLC. This report is about Avito’s approach to finding secrets in their codebase and docker images. The speaker will talk in depth about the process in the context of SDLC, why the current open source does not cover all needs, and most ...
A story of one bad pentest, which teaches us that even an absolutely hopeless situation can be dealt with if you think carefully and believe in yourself ...
There is a trend toward the possible use of cryptocurrencies at the corporate level. The speaker will share how to minimize mistakes when it comes to implementation. The report compiles the main technologies and practices that will allow corporations to use cryptocurrency for settlements safely ...
The word panopticum literally translates from the Greek as “the place where you can see everything.” In the report the audience will learn about the technologies to ensure their own privacy. Cryptographic methods of protection will be discussed for the most part ...
The organization of fault tolerance systems in corporate networks is a crucial link in order to make a computer network more reliable. This research delves into FHRPs and what they can mean for a pentester during a network attack ...
Modern frameworks eliminate a whole layer of security issues that were commonplace just a few years ago. In the report, the speaker will show what the security analysis of modern web applications looks like and share his experience in improving the efficiency of this approach ...
The speakers will give a detailed overview of Yubikey security keys, using such tools as GPG, U2F (FIDO/FIDO2), OTP, Git. They will show how to use passwordless, how to use TPM in Linux, and how to store SSH keys in it ...
The report talks about the mistakes that the speaker made when implementing SDLC from scratch and the lessons learned from these mistakes that may help in the future ...
Security antipatterns are common insecure application design practices. Without realizing it, such patterns “leave land mines” in the application’s core, which leads to recurring vulnerabilities and security issues. Meanwhile, all that patching can cost a fortune, especially in mature services ...
One of the fundamental properties of blockchain is the impossibility of data spoofing (immutability). However, not all smart contracts have immutable code. A common practice is to use the contract logic update template with the help of a proxy. You have to be very careful when updating implementation ...