Greeting from FelixGreeting from Felix

Shift Security Left #20

Products with vulnerabilities keep hitting the market, incidents keep happening, hidden threats keep showing up, cryptographic primitives don't seem primitive... what a mess, right?
Let's make a mess more deterministic, enjoy reading new issue.

Felix from Cossack Labs

AppSec

Backdooring Electron Applications – Inside Out Insights

Would you like to learn the secrets of manipulating Electron-based apps and stealing their data? This read will reveal techniques to infiltrate and exploit Electron apps, such as DLL hijacking and remote debugging, to give you a glimpse into the dark side of software vulnerabilities.

tchncs.de

Cryptography

PRFs, PRPs and other fantastic things

From secret codes to unbreakable locks: Matthew Green will take you on a thrilling journey through the marvelous world of cryptographic primitives. Get ready to experience the power of the cryptography pseudorandom!

This article will provide you with food for thought, leaving you hungry for more.

cryptographyengineering.com

Malware

How one of Vladimir Putin’s most prized hacking units got pwned by the FBI

Get ready for the epic saga of how FBI outsmarted Turla — a skilled APT group with Kremlin connections. This is a thrilling read about a high-stakes espionage mission and FBI's quest for breaking The Snake — a sophisticated modular malware targeting governments and militaries since at least 2008.

arstechnica.com

DevOps

Testing a new encrypted messaging app's extraordinary claims

Another "secure" and "end-to-end encrypted" messenger has entered the market. Product claims are appealing, if not a little far-fetched. But is there something behind them?

Read a detailed breakdown of every security claim and learn how to break end-to-end encrypted apps.

crnkovic.dev

Incidents

Inside Datadog’s $5M Outage

Exploring smth new is always a good idea, and learning from other people's mistakes — even better. Learn the whys and hows of the incident that rocked the world of monitoring services. Now we know what happens when you create tens of thousands of new virtual machines at the same time :)

This article is worth your time as it offers a practical case study for a better understanding of how to build resilient systems.

pragmaticengineer.com

P.S.

When it comes to security, don't let it rain on the UX parade. So, when selecting your security controls, tread the path of caution and finesse. Remember, the power is in your hands to create a seamless and safe digital dance floor.

Oh, here's Nat Griffen's humorous post about 4 step authentication. So, stay cool, stay secure, and keep rocking that awesome user experience.
Have sun!

Felix from Cossack Labs

No spam, ever. We'll never share your email address and you can opt out at any time.