Step by Step. Automating multistep attacks in Burp Suite

When you attack a web app, you sometimes have to perform a certain sequence of actions multiple times (e.g. brute-force a password or the second authentication factor, repeatedly use the same resource, etc.). There are plenty of tools designed for this purpose. Which one to choose if you need, for instance, to make five requests over HTTP a thousand times in a row, while maintaining the same session? My choice is Burp Suite, and in this article, I will explain why.
Read full article →

Post-quantum VPN. Understanding quantum computers and installing OpenVPN to protect them against future threats

Quantum computers have been widely discussed since the 1980s. Even though very few people have dealt with them by now, such devices steadily become a harsh reality threatening traditional cryptography. In response to this threat, computer engineers have developed post-quantum encryption algorithms. In this article, I will show how these algorithms are applied in OpenVPN and will give an overview of the current situation in the world of quantum technologies.
Read full article →

First contact. Attacks against contactless cards

Contactless payment cards are very convenient: you just tap the terminal with your card, and a few seconds later, your phone rings indicating that the transaction is completed. But this convenience has a downside: malefactors can steal money from such cards. This article provides an overview of methods used to hack NFC (near-field communication) payment cards.
Read full article →