May 11, 2018

Take Part in PHDays 8 Online CTF


Positive Hack Days 8 will start in a couple of days, and we have lots of exciting stuff not only for participants who will visit the event at the venue. Two online contests (HackQuest and Competitive Intelligence) have already been finished, but we have more to come.

Starting from May 15 and until May 22, PHDays online CTF will take place. Everyone can participate, challenges vary in difficulty, and are mainly aimed at beginners, but skilled professionals will find it interesting as well.

April 4, 2018

Is your Mobile API under silent attack?


How well protected are your mobile apps? Pretty Secure? What about the mobile API they rely on? This could be the weakest link in 's AppSec armor. Data from Positive Technologies’ customers suggests as much as 15% of all traffic to the average mobile API comes from illegitimate sources.

March 19, 2018

We need to talk about IDS signatures


The names Snort and Suricata are known to all who work in the field of network security. WAF and IDS are two classes of security systems that analyze network traffic, parse top-level protocols, and signal the presence of malicious or unwanted network activity. Whereas WAF helps web servers detect and avoid attacks targeted only at them, IDS detects attacks in all network traffic.

Many companies install an IDS to control traffic inside the corporate network. The DPI mechanism lets them collect traffic streams, peer inside packets at the IP, HTTP, DCE/RPC, and other levels, and identify both the exploitation of vulnerabilities and network activity by malware.

At the heart of both systems are signature sets used for detecting known attacks, developed by network security experts and companies worldwide.
We at the @attackdetection team also develop signatures to detect network attacks and malicious activity. Later on in the article, we'll discuss a new approach we discovered that disrupts the operation of Suricata IDS systems, and then hides all trace of such activity.