On July 23-25, 2021, the largest competitive pentest platform, HackTheBox, hosted the HTB Business CTF 2021 competition for companies worldwide. A total of 537 teams registered for the competition, of which 374 managed to participate.
Last week the large-scale five-day cybersecurity training The Standoff ended. Our experts also took part in the competition as a Red Team. Six teams participated on the defense side and 29 teams from different countries
During the recent Google CTF competition I solved a curious web security challenge called safehtmlpaste that required to bypass a certain HTML sanitizer. The vulnerable application allows users to create Pastes with HTML-formatted text in
Deteact team has recently conducted a security audit of the blockchain voting service which is a part of Waves Enterprise system. Waves Enterprise system is a blockchain platform combining private and public networks. Waves Enterprise
There’re many different attacks under the name HTTP Request Smuggling. Let’s look at a simple example from the past SpamAndFlags CTF competition (I participated with More Smoked Leet Chicken team and we sadly finished 2nd).
In Russian: https://blog.deteact.com/ru/common-flaws-of-sms-auth/ Many online services use SMS to authenticate users. But subtle implementation mistakes may lead to major problems. This is what we will talk about in this article. Intro This authentication protocol is
This year’s ZeroNights conference was held on 12-13 November in Saint Petersburg. Our team participated in the Web Security Village, where Ramazan Ramazanov, a security researcher at DeteAct, presented his continued research about Doctrine Query
Our team participated in the KazHackStan conference for the third time. We help the Call for Papers committee and presented our researches at this excellent conference in Kazakhstan. This year, Ramazan Ramazanov, a security researcher