Skip to content
 
Deteact – continuous information security services

Deteact – continuous information security services

Application Security, Penetration Testing, Security Consulting, Vulnerability Management, DDoS Testing, Threat Hunting, Awareness Training, Bug Bounty, Blockchain Security, Security Research

  • Home
  • About
  • RU
  • Home
  • About
  • RU
Categories : Business Press releasesTags : businessgrowthrevenueLeave a comment

Leap Year for DeteAct

On December 31, 2020February 15, 2021 By beched

2020 was rough. But to be fair, not for most of the IT companies. We’ve almost managed to triple our revenue (162+% YoY growth) and scaled our team from 3 to 9 people. That kind

continue reading
Categories : Business News Press releasesLeave a comment

We won The Standoff

On November 23, 2020November 23, 2020 By beched

Last week the large-scale five-day cyber training The Standoff organized by Positive Technologies ended. Our experts also took part in the competition as a Red Team. Six teams participated on the defense side and 29

continue reading
Categories : Bug Bounty Research Uncategorized Web SecurityLeave a comment

Account Takeover via IDOR

On September 4, 2020September 11, 2020 By r0hack

Insecure Direct Object Reference (IDOR) is a very common type of weakness in the application authorization logic. The potential damage from IDOR exploitation can be either minimal or critical. Let’s consider some cases when the

continue reading
Categories : Application Security CTF Research Web SecurityLeave a comment

Defeating Google Closure Library Sanitizer

On August 27, 2020August 31, 2020 By beched

During the recent Google CTF competition I solved a curious web security challenge called safehtmlpaste that required to bypass a certain HTML sanitizer. The vulnerable application allows users to create Pastes with HTML-formatted text in

continue reading
Categories : Business News Press releasesLeave a comment

Security Audit of Waves Enterprise Voting

On July 21, 2020July 21, 2020 By beched

Deteact team has recently conducted a security audit of the blockchain voting service which is a part of Waves Enterprise system. Waves Enterprise system is a blockchain platform combining private and public networks. Waves Enterprise

continue reading
Categories : Application Security Research Web SecurityLeave a comment

Content Security Policy Bypass

On June 3, 2020June 4, 2020 By beched

In Russian: https://blog.deteact.com/ru/csp-bypass/ Content Security Policy (CSP) is an additional security mechanism built into browsers to prevent Cross Site Scripting (XSS). CSP allows to define whitelists of sources for JavaScript, CSS, images, frames, XHR connections.

continue reading
Categories : CTF Research Web SecurityLeave a comment

HTTP Request Smuggling

On May 10, 2020May 11, 2020 By beched

There’re many different attacks under the name HTTP Request Smuggling. Let’s look at a simple example from the past SpamAndFlags CTF competition (I participated with More Smoked Leet Chicken team and we sadly finished 2nd).

continue reading
Categories : Bug Bounty Research Web SecurityLeave a comment

Bitrix WAF bypass

On April 27, 2020June 4, 2020 By r0hack

In Russian: https://blog.deteact.com/ru/bitrix-waf-bypass/ UPD: CVE-2020-13758 assigned Sometimes when exploiting reflected XSS the input parameters get injected directly into the body of the <script> tag. Typically, this means that the exploit is trivial: HTML entity encoding

continue reading
Categories : Bug Bounty Research Web SecurityLeave a comment

Common flaws of SMS auth

On December 20, 2019December 20, 2019 By beched

In Russian: https://blog.deteact.com/ru/common-flaws-of-sms-auth/ Many online services use SMS to authenticate users. But subtle implementation mistakes may lead to major problems. This is what we will talk about in this article. Intro This authentication protocol is

continue reading
Categories : Business News Research Web SecurityTags : application securitydqlphpzeronightsLeave a comment

ZeroNights 2019

On November 15, 2019December 31, 2019 By beched

This year’s ZeroNights conference was held on 12-13 November in Saint Petersburg. Our team participated in the Web Security Village, where Ramazan Ramazanov, a security researcher at DeteAct, presented his continued research about Doctrine Query

continue reading

Posts navigation

Older posts

Recent Posts

  • Leap Year for DeteAct
  • We won The Standoff
  • Account Takeover via IDOR
  • Defeating Google Closure Library Sanitizer
  • Security Audit of Waves Enterprise Voting

Archives

  • December 2020
  • November 2020
  • September 2020
  • August 2020
  • July 2020
  • June 2020
  • May 2020
  • April 2020
  • December 2019
  • November 2019
  • October 2019
  • September 2019
  • July 2019
  • June 2019
  • May 2019
  • January 2019
  • August 2018
  • April 2018

Categories

  • Application Security
  • Bug Bounty
  • Business
  • CTF
  • Information
  • News
  • Press releases
  • Research
  • Services
  • Tools
  • Uncategorized
  • Web Security
Copyright © All right reserved.