Denis Makrushin

statistics

09/11/16 |Blog # , , , , ,

IT threat evolution Q3 2016. Statistics

0 likes no responses
11/08/16 Blog # , , ,

IT threat evolution in Q2 2016

0 likes no responses
Twitter

Cybercriminal workflow to increase a botnet:
-monitor new firmware;
-extract internal content;
-include hardcoded creds in brute-list.
Researcher workflow to decrease a botnet:
-find vulnerability;
-notify vendor and CERT;
-educate users.
The long-term war with different goals.

Do not join IoT-botnet: multiple vulnerabilities in Network Video Recorders.
The following advisory describes three vulnerabilities and default accounts in firmware for network/digital video recorders produced by major Chinese vendor. https://t.co/ADk1wmETLe

Tomorrow at Security Stage of "Internet and Mobile World 2018" (Romania) we'll again discuss the problems of network perimeter. But this time, in addition to common recommendations and mitigation strategy I'll present Perimeter Control project for Red and Blue Teams. #IMWorld

42.195 km. It's a proof, how far we can chase an adversary running away from protected perimeter. 😄
#MoscowMarathon

One more backdoor in D-Link DIR-620 (RevG) #CVE201812676
As I mentioned, #CVE201812677 exposures a config-file. I found there the strange account with “support<substring>”. The creds for web-dashboard are hardcoded for ISP support purposes.
Update and restore to factory settings

Recent Comments
- Sergey to Погружение в даркнет: Снифаем выходную ноду Tor и анализируем получившийся контент
лучше заходиииииииить через тор онлайн http://torproject.online/,...
- Denis Makrushin to The problems of heterogeneous means of protection
Of course!...
- K. Olbert to The problems of heterogeneous means of protection
Insightful diagram, Denis. Would you mind if I use it in a presentation, with credit, of course?...