By Innokentii Sennovskii

Image for post
Image for post
Photo credit: https://www.deviantart.com/heroeswho

How long can it take to register a vulnerability? We are quite used to bug bounties, where most of the time you just have to wait for the company in question to triage your report, and that’s it, now you have a CVE. However, if the company doesn’t have an established framework for submitting security issues, then all your attempts can be met with a lack of understanding and sometimes even pushback. This is a story of how I discovered two similar vulnerabilities in cryptographic libraries for embedded devices and how it took two years to get…


By Konstantin Molodyakov

Image for post
Image for post

A file structure is a whole fascinating world with its own history, mysteries and a home-grown circus of freaks, where workarounds are applied liberally. If you dig deeper into it, you can discover loads of interesting stuff.

In our digging we came across a particular feature of APK files — a special signature with a specific block of metadata, i.e. frosting. It allows you to determine unambiguously if a file was distributed via Google Play. This signature would be useful to antivirus vendors and sandboxes when analyzing malware. …


By Demyan Sokolin (@_drd0c), Alexander Bolshakov (@spacepatcher), Ilyas Igisinov (@ph7ntom), Vadim Khrykov(@BlackMatter23)

Image for post
Image for post

CVE-2020–1472, or Zerologon, has already been named one of the most dangerous vulnerabilities discovered in recent years. It allows an attacker to compromise a domain controller’s machine account and access the contents of the entire Active Directory database. The only thing the attacker requires to exploit this vulnerability is a network connection to the company’s domain controller.

We did our own research on Zerologon and developed various methods to detect its existence: by Windows audit log events, by network traffic and by YARA rules. This article will focus…


On 8 July 2020, we hosted Cyber Polygon — an international online cybersecurity training — for the second time. The technical exercise was attended by 120 teams from some of the largest Russian and international organisations across 29 countries. Among the participants were: banks, telecom providers, energy suppliers, medical institutions, universities as well as government and law enforcement agencies.

The participants acting as Blue Teams had to defend their segments of the training infrastructure. We, the organisers, acted as the Red Team and simulated the cyberattacks.

The exercise included two scenarios: Defence and Response.

This article goes into details of…


In February 2020, BI.ZONE detected a surge in the Faketoken trojan activity. Trojan-Banker.AndroidOS.Faketoken disguises itself as an application for a popular online classifieds platform, with over 2,000 victims infected daily. BI.ZONE experts explain what you should know about the trojan and how to protect yourself from it.

What Is Faketoken?

In February 2020, criminals launched a large-scale Faketoken malware distribution campaign targeted at customers of a popular classifieds platform in Russia. Detected first in 2012, the trojan is not unknown to the cybersecurity community. Back then, its capabilities were limited to intercepting SMS passwords from online banks. …

BI.ZONE

BI.ZONE is a leading Russian developer of cybersecurity solutions.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store