Search results

ChipWhisperer: Power Analysis Attack on Magma As part of Summer of Hack 2019 at Digital Security, I studied power analysis attacks and worked with ChipWhisperer. --- What is it? Power analysis is a type of side-channel attack—that is, attacks that exploit information leaked through the...

Beginner Pentester’s Toolkit: A Brief Overview of Essential Tools In this article, we present a short digest of key tools that are useful for internal network penetration testing. These tools are already widely used by security professionals, so understanding their capabilities and mastering...

This article is for those who are not familiar with assembly languages—but would like to take a quick look. We won’t turn you into an assembly guru in 15 minutes, but we will show assembly languages for several popular microcontroller architectures (ARM32, AVR, MSP430, 8051), as well as for...

This post is a translation and is intended for beginners—or for those who have forgotten their introductory university lectures. Most likely, this material has already appeared on Habr in one form or another, but here the focus is on PHP and its specifics. Data Structures, or Abstract Data...

--- Привет! Меня зовут Павел. Сегодня я расскажу о популярных инструментах в Kali Linux. Список основан на моём личном опыте и общей популярности. Если вы не согласны, смело делитесь своим мнением. --- Metasploit Framework Инструмент для создания, тестирования и использования эксплойтов. Он...

--- В этой статье мы обсудим, почему был создан цикл событий (Event Loop), как с ним работать и почему о нем часто спрашивают на собеседованиях. JavaScript был разработан как однопоточный язык программирования. Это означает, что он может выполнять только одну операцию за раз. Однако в...

--- What is this longread about? Hello to everyone reading this longread. I haven’t posted on Habr for quite a while, but 2022 turned out to be rather difficult in terms of DDoS attacks. Due to my line of work, I encountered many questions about what DDoS attacks are and whether they should be...

Erlang is a platform with unique capabilities, yet the language is still considered exotic. There are several reasons for this. For example, cumbersome arithmetic, unusual syntax, and functional programming. These are not disadvantages—they are simply things most programmers either cannot or do...

Тестирование на проникновение всегда ограничено по времени. В то время как хакеры-злоумышленники (или просто хакеры) могут тратить недели или месяцы на проведение APT-атаки, хакеры-белые не могут себе позволить такую роскошь. Тестирование на проникновение проводится в рамках контракта, в котором...

Существует бесчисленное множество статей, посвященных SQL-инъекциям. Все слышали о печально известной конструкции «ИЛИ 1 = 1» и подобных ей, но мало кто действительно применял их на практике. В этой статье мы рассмотрим несколько практических способов проведения SQL-инъекционных атак, используя...

Rust is a language that has been becoming more or less popular in recent years due to its high performance and safety. It was developed by Mozilla and a community of developers with the goal of providing a tool for systems programming that helps avoid many common memory management errors. In...

--- Хотя синтаксис Objective-C может показаться несколько необычным по сравнению с другими языками программирования, синтаксис его методов прост и понятен. Вот краткий обзор прошлого: + (void)mySimpleMethod { // метод класса // без параметров // нет возвращаемого значения } -...

Vulnerability Assessment Using CVSS 3.0 We have been using the CVSS scoring system since the creation of our vulnerability database and our first product, XSpider (hopefully someone still remembers it). For us, it is extremely important to keep the knowledge base used in our products and...

How Loops Work Usually people don’t like repeating the same action many times in a row — after the tenth time it starts to get annoying. However, computers absolutely love performing the same actions in a loop. For example, imagine we need to print the same line in the console ten times in a...

Face Anti-Spoofing: Technologically Identifying a Fraudster by Their Face Biometric identification of a person is one of the oldest ideas for recognizing people that engineers ever attempted to implement technically. Passwords can be stolen, observed, or forgotten; keys can be forged. But the...

Cryptography for Dummies: Let’s Define the Terms Why and who needs such an article? This article presents the basic concepts that arise when talking about cryptography. We will try to explain them at a simple everyday level that is understandable to everyone. Such an approach will certainly...

+

+

+

+