logo
logo
twitter facebook facebook
Dennis Turpitka
Cloud/Virtualization and Security Software R&D Tech Executive
twitter facebook facebook
Followers 3 Following 0
Dennis Turpitka 2017-04-25
img

Often companies developing ParentalControl or DLP solutions require access to private data from software, installed on Android devices. For example, messages from Skype/KIK/Viber, etc., or even an access to a browsing history are both good examples of such tasks. By default (and this is what is used most often due to security) all Android apps save data in a so-called

Sandbox – a storage area which other applications cannot access. And if an app doesn’t provide an API to get the data (or simply places the data in memory card where other applications can access it), then this data seemingly cannot be accessed. In this article, I want to show one simple and fairly elegant way to access private data of third party applications.

Original: How to access app private data on Android (no root)

Written by:
Andrey Petrov,
Software Developer at Apriorit

collect
0
Dennis Turpitka 2017-03-29
img

Microsoft SQL database optimization is a constant struggle for any project, and this is something that Apriorit tackles often as an R outsourcing company.

The thing is, when developing an application, initially engineers tend to point all their attention towards actually writing the code, while performance takes the back seat.

Often, performance problems are caused by the speed at which the data from the application is received.

Some problems can creep past the MVP stage and only became apparent when your solution is fully released to the general public.This is why it is necessary to estimate what problems could occur and try to fix them early at the design stage, or at the very least when optimizing the database query.In this article, we will look at techniques for Microsoft SQL server database design and optimization.

We will explore how to work with databases in order to get the maximum amount of information for the least amount of time and see what problems we can avoid by applying optimization best practices for SQL server database design.

While this article is based on designing database solutions for Microsoft SQL server, the majority of techniques can be applied to other relational databases as well, including custom ones.Database optimization methods1.

collect
0
Dennis Turpitka 2017-02-03
img

In this article, I will tell about the main tools that a modern software reverser uses in his work.This article is for readers, who are familiar with the Assembler language, network interaction principles, and have experience of programming for Windows using API functions.Written by:Sergey Prepodobniy,Researcher of Driver R TeamIntroduction1.

Practical software reverse engineering examples to show tools2.1.

Modification of the executed statements in Hiew2.5.

Deleting a value from the Relocation table by means of Relocation Section Editor2.6.

Modification of a value in the Relocation table by means of CFF Explorer2.7.

collect
0
Dennis Turpitka 2016-12-29
img

With this target in mind, decision to choose between cloud computing vs virtualization depends on the broader vision of the company’s desired IT infrastructure and other various factors, such as budged and willingness to hire additional specialists.

Eventually this technology grew to fully abstract software and hardware layers, making them independent from one another.

Virtualization allows to save hardware resources and provides flexible easy-to-manage solution that can be quickly provisioned as needed, allowing for cost-effectiveness and flexible dynamic infrastructure.

From consumer point of view, cloud resources should feel unlimited with the ability to quickly provision more at any time.

Number of used resources should be monitored and controlled, and users are usually charged as they go, proportionally to the amount of resources they are using.

Data centers and infrastructure for this type of services are usually maintained by providers themselves.

collect
0
Dennis Turpitka 2017-04-19
img
Written by:Apriorit security testing team(special thanks to Stas Ignatenko, Denys Rudov, and Dmitriy Yurko)   Introduction Challenges of server software security Nowadays, with the constant development of informational technology, the role of cyber security gets ever bigger. While it is impossible to imagine the modern world without constant communications over the network, almost all valuable data that often acts as a target for attacks is stored in various forms on the servers. Not to mention that the stability of the whole system depends on the servers. This is why the servers are very attractive targets for malicious attacks. Email server security Security of mail servers, among others, is a particularly important question. And for businesses in particular, loss of confidential information can result in large financial loses.
collect
0
Dennis Turpitka 2017-03-24
img
One of the key features of the QT framework is providing communication between objects via signals and slots. For QT developers, this is a very convenient and organic way to do things, but the nature of the feature does not allow to communicate between objects located in different address spaces. Therefore, the need arose to create a library that would allow establishing communication between objects located in different processes in a way when a user just needs to connect signals and slots of these objects. The results of these efforts I called the QRpc library, and here is how it is applied and built. Written by:Denys Krestol,Junior Software Developer of Apriorit   Read full article: Organizing RPC via QT: Library for Communication between Objects in Different Processes
collect
0
Dennis Turpitka 2017-02-03
img

The Internet makes everything easier, faster and cheaper.

People using mobile devices to access their data and services on the go, at the same time, enterprises are no longer willing to pay large license fees and handle maintenance for on-site applications.

Cloud platforms are thriving and with cloud infrastructure being cheap and widely available, Software as a Service becomes an increasingly more attractive and lucrative business.In recent years, IT startups are booming not only in the USA, but all over the world.

Entrepreneurs with ideas are racing to get them on the market as fast as possible.

This is where the practice of using MVP comes in.

MVP helps small startups to get their ideas out there as fast as possible, validate them and get feedback in order to keep developing in the right direction.MVP is not exclusively used in startups, though.

collect
0
Dennis Turpitka 2016-12-29
img

If application works with a database, query execution time should be taken into consideration.

But I decided to share my own experience in the field with the focus on SQL Server query optimization tips.

Depending on a specific case, this task can have varying starting conditions:

You already know what query runs slowly;

You only know that your entire system has generally poor performance that requires some tuning.

You can run SQL Server Profiler from SQL Server Management Studio: go to Tools > SQL Server Profiler

collect
0
Dennis Turpitka 2017-03-30
img

You have an Android Device and you are familiar with Linux-based operating systems.

However, you will be surprised.

This is one of the Android security principles to isolate applications from the user, each other, and the system.In this article, I will describe you how to obtain root access on Android device in spite of security, so basically we will discuss some Android exploit development tips.

I will delve deeply into one of the Android rooting principles - the adb exhaustion attack, one of the Andoid vulnerabilities, which is simpler to understand than a previous udev exploit.

Android rooting explained: principlesOverviewIn three words, the main rooting idea is to get super user rights on a device shell.

Like a standard Linux shell, it allows you to interact with the device by executing commands from the shell.

collect
0
Dennis Turpitka 2017-03-02

One of the key features of the QT framework is providing communication between objects via signals and slots.

For QT developers, this is a very convenient and organic way to do things, but the nature of the feature does not allow to communicate between objects located in different address spaces.

Therefore, the need arose to create a library that would allow establishing communication between objects located in different processes in a way when the user just needs to connect signals and slots of these objects.The results of this effort I called the QRpc library, and here is how it is applied and built.

Full: Organizing RPC via QT: Library for Communication between Objects in Different ProcessesWritten by:Denys Krestol,Junior Software Developer of Apriorit

collect
0
Dennis Turpitka 2017-02-03
img

This guide will cover certain ways to detect restart or shutdown of the PC, as well as other similar events, such as log off or sleep.

We will be handling the OS shutdown event using WinAPI for different types of applications - console, GUI applications, and services.

If you’re interested in the general information on Windows process monitoring, you can also check out this article.Written by:Tatyana Zakatova,Software Developer of AprioritWhy do we need to detect computer shutdown?Computer shutdown detection is required to complete short, but very important actions, such as:Saving all unsaved dataNotify distributed system components via network that the current component will be shut offAdd record about the shutdown into the log in order to better analyze the situationFull article: https://www.apriorit.com/dev-blog/413-win-api-shutdown-events

collect
0
Dennis Turpitka 2016-12-29
img

Technology companies of the leading countries like USA are feeling that the professional labor market is limited, and local recruiting and talent engagement processes become more and more expensive.

On the other hand, offshore outsourcing is a global tendency.

Apriorit, delivering engineering outsourcing services for 15 years, has seen hundreds of various projects and businesses in different situations, with different goals, and different results.

In this blog post, based on feedback and interviews of industry decision makers and our own experience, we will try to summarize and analyze why technology companies use engineering outsourcing services, what benefits they can get, what risks they typically face, what concerns they have and how can those concerns can be answered.

I hope, these considerations about pros and cons of outsourcing software development services will help you to more efficiently evaluate this opportunity when the next outsourcing-offer email lands in your inbox.

Why companies turn to engineering outsourcing

collect
0
Dennis Turpitka 2017-03-30
img

You have an Android Device and you are familiar with Linux-based operating systems.

However, you will be surprised.

This is one of the Android security principles to isolate applications from the user, each other, and the system.In this article, I will describe you how to obtain root access on Android device in spite of security, so basically we will discuss some Android exploit development tips.

I will delve deeply into one of the Android rooting principles - the adb exhaustion attack, one of the Andoid vulnerabilities, which is simpler to understand than a previous udev exploit.

Android rooting explained: principles  Overview  Exhaustion attackConfiguration & BuildRunningUseful links Android rooting explained: principlesOverviewIn three words, the main rooting idea is to get super user rights on a device shell.

Like a standard Linux shell, it allows you to interact with the device by executing commands from the shell.

collect
0
Dennis Turpitka 2017-03-02
Microsoft SQL database optimization is a constant struggle for any project, and this is something that Apriorit tackles often as an R outsourcing company. The thing is, when developing an application, initially engineers tend to point all their attention towards actually writing the code, while performance takes the back seat. Often, performance problems are caused by the speed at which the data from the application is received. Some problems can creep past the MVP stage and only became apparent when your solution is fully released to the general public. This is why it is necessary to estimate what problems could occur and try to fix them early at the design stage, or at the very least when optimizing the database query. In this article, we will look at techniques for Microsoft SQL server database design and optimization.
collect
0
Dennis Turpitka 2017-02-03
img

Microsoft Windows Forms® (WinForms) is a library that allows you to develop rich applications with graphical user interface (GUI).

This library is a part of .NET Framework.

Therefore, such a WinForms application can be developed with any .NET language (C#, F#, VB, etc.

), and run on any platform supported by .NET Framework.

Thus, WinForms is considered multi-platform.

For new projects, consider using Windows Presentation Foundation® (WPF) instead.Written by:Alexey Koshulyan,Software Developer of AprioritIn case of Windows, WinForms is a wrapper for Windows API and GDI+.

collect
0
Dennis Turpitka 2016-11-25
img

Creating IOCP and associating it with the file handles is done via the CreateloCompletionPort API function:

HANDLEWINAPICreateIoCompletionPort(_In_ HANDLE FileHandle,_In_opt_ HANDLE ExistingCompletionPort,_In_ ULONG_PTR CompletionKey,_In_ DWORD NumberOfConcurrentThreads);

Handle from the FileHandle parameter is associated with a new or existing completion port.

When the asynchronous I/O request for the IOCP-related file is completed, I/O manager creates an I/O completion packet and places it in the queue.

Packets are extracted from the queue when a worker thread calls the GetQueuedCompletionStatus API function:

BOOLWINAPIGetQueuedCompletionStatus(_In_ HANDLE CompletionPort,_Out_ LPDWORD lpNumberOfBytesTransferred,_Out_ PULONG_PTR lpCompletionKey,_Out_ LPOVERLAPPED * lpOverlapped,_In_ DWORD dwMilliseconds);

collect
0
Dennis Turpitka 2017-04-25
img

Often companies developing ParentalControl or DLP solutions require access to private data from software, installed on Android devices. For example, messages from Skype/KIK/Viber, etc., or even an access to a browsing history are both good examples of such tasks. By default (and this is what is used most often due to security) all Android apps save data in a so-called

Sandbox – a storage area which other applications cannot access. And if an app doesn’t provide an API to get the data (or simply places the data in memory card where other applications can access it), then this data seemingly cannot be accessed. In this article, I want to show one simple and fairly elegant way to access private data of third party applications.

Original: How to access app private data on Android (no root)

Written by:
Andrey Petrov,
Software Developer at Apriorit

Dennis Turpitka 2017-03-30
img

You have an Android Device and you are familiar with Linux-based operating systems.

However, you will be surprised.

This is one of the Android security principles to isolate applications from the user, each other, and the system.In this article, I will describe you how to obtain root access on Android device in spite of security, so basically we will discuss some Android exploit development tips.

I will delve deeply into one of the Android rooting principles - the adb exhaustion attack, one of the Andoid vulnerabilities, which is simpler to understand than a previous udev exploit.

Android rooting explained: principlesOverviewIn three words, the main rooting idea is to get super user rights on a device shell.

Like a standard Linux shell, it allows you to interact with the device by executing commands from the shell.

Dennis Turpitka 2017-03-29
img

Microsoft SQL database optimization is a constant struggle for any project, and this is something that Apriorit tackles often as an R outsourcing company.

The thing is, when developing an application, initially engineers tend to point all their attention towards actually writing the code, while performance takes the back seat.

Often, performance problems are caused by the speed at which the data from the application is received.

Some problems can creep past the MVP stage and only became apparent when your solution is fully released to the general public.This is why it is necessary to estimate what problems could occur and try to fix them early at the design stage, or at the very least when optimizing the database query.In this article, we will look at techniques for Microsoft SQL server database design and optimization.

We will explore how to work with databases in order to get the maximum amount of information for the least amount of time and see what problems we can avoid by applying optimization best practices for SQL server database design.

While this article is based on designing database solutions for Microsoft SQL server, the majority of techniques can be applied to other relational databases as well, including custom ones.Database optimization methods1.

Dennis Turpitka 2017-03-02

One of the key features of the QT framework is providing communication between objects via signals and slots.

For QT developers, this is a very convenient and organic way to do things, but the nature of the feature does not allow to communicate between objects located in different address spaces.

Therefore, the need arose to create a library that would allow establishing communication between objects located in different processes in a way when the user just needs to connect signals and slots of these objects.The results of this effort I called the QRpc library, and here is how it is applied and built.

Full: Organizing RPC via QT: Library for Communication between Objects in Different ProcessesWritten by:Denys Krestol,Junior Software Developer of Apriorit

Dennis Turpitka 2017-02-03
img

In this article, I will tell about the main tools that a modern software reverser uses in his work.This article is for readers, who are familiar with the Assembler language, network interaction principles, and have experience of programming for Windows using API functions.Written by:Sergey Prepodobniy,Researcher of Driver R TeamIntroduction1.

Practical software reverse engineering examples to show tools2.1.

Modification of the executed statements in Hiew2.5.

Deleting a value from the Relocation table by means of Relocation Section Editor2.6.

Modification of a value in the Relocation table by means of CFF Explorer2.7.

Dennis Turpitka 2017-02-03
img

This guide will cover certain ways to detect restart or shutdown of the PC, as well as other similar events, such as log off or sleep.

We will be handling the OS shutdown event using WinAPI for different types of applications - console, GUI applications, and services.

If you’re interested in the general information on Windows process monitoring, you can also check out this article.Written by:Tatyana Zakatova,Software Developer of AprioritWhy do we need to detect computer shutdown?Computer shutdown detection is required to complete short, but very important actions, such as:Saving all unsaved dataNotify distributed system components via network that the current component will be shut offAdd record about the shutdown into the log in order to better analyze the situationFull article: https://www.apriorit.com/dev-blog/413-win-api-shutdown-events

Dennis Turpitka 2016-12-29
img

With this target in mind, decision to choose between cloud computing vs virtualization depends on the broader vision of the company’s desired IT infrastructure and other various factors, such as budged and willingness to hire additional specialists.

Eventually this technology grew to fully abstract software and hardware layers, making them independent from one another.

Virtualization allows to save hardware resources and provides flexible easy-to-manage solution that can be quickly provisioned as needed, allowing for cost-effectiveness and flexible dynamic infrastructure.

From consumer point of view, cloud resources should feel unlimited with the ability to quickly provision more at any time.

Number of used resources should be monitored and controlled, and users are usually charged as they go, proportionally to the amount of resources they are using.

Data centers and infrastructure for this type of services are usually maintained by providers themselves.

Dennis Turpitka 2016-12-29
img

Technology companies of the leading countries like USA are feeling that the professional labor market is limited, and local recruiting and talent engagement processes become more and more expensive.

On the other hand, offshore outsourcing is a global tendency.

Apriorit, delivering engineering outsourcing services for 15 years, has seen hundreds of various projects and businesses in different situations, with different goals, and different results.

In this blog post, based on feedback and interviews of industry decision makers and our own experience, we will try to summarize and analyze why technology companies use engineering outsourcing services, what benefits they can get, what risks they typically face, what concerns they have and how can those concerns can be answered.

I hope, these considerations about pros and cons of outsourcing software development services will help you to more efficiently evaluate this opportunity when the next outsourcing-offer email lands in your inbox.

Why companies turn to engineering outsourcing

Dennis Turpitka 2017-04-19
img
Written by:Apriorit security testing team(special thanks to Stas Ignatenko, Denys Rudov, and Dmitriy Yurko)   Introduction Challenges of server software security Nowadays, with the constant development of informational technology, the role of cyber security gets ever bigger. While it is impossible to imagine the modern world without constant communications over the network, almost all valuable data that often acts as a target for attacks is stored in various forms on the servers. Not to mention that the stability of the whole system depends on the servers. This is why the servers are very attractive targets for malicious attacks. Email server security Security of mail servers, among others, is a particularly important question. And for businesses in particular, loss of confidential information can result in large financial loses.
Dennis Turpitka 2017-03-30
img

You have an Android Device and you are familiar with Linux-based operating systems.

However, you will be surprised.

This is one of the Android security principles to isolate applications from the user, each other, and the system.In this article, I will describe you how to obtain root access on Android device in spite of security, so basically we will discuss some Android exploit development tips.

I will delve deeply into one of the Android rooting principles - the adb exhaustion attack, one of the Andoid vulnerabilities, which is simpler to understand than a previous udev exploit.

Android rooting explained: principles  Overview  Exhaustion attackConfiguration & BuildRunningUseful links Android rooting explained: principlesOverviewIn three words, the main rooting idea is to get super user rights on a device shell.

Like a standard Linux shell, it allows you to interact with the device by executing commands from the shell.

Dennis Turpitka 2017-03-24
img
One of the key features of the QT framework is providing communication between objects via signals and slots. For QT developers, this is a very convenient and organic way to do things, but the nature of the feature does not allow to communicate between objects located in different address spaces. Therefore, the need arose to create a library that would allow establishing communication between objects located in different processes in a way when a user just needs to connect signals and slots of these objects. The results of these efforts I called the QRpc library, and here is how it is applied and built. Written by:Denys Krestol,Junior Software Developer of Apriorit   Read full article: Organizing RPC via QT: Library for Communication between Objects in Different Processes
Dennis Turpitka 2017-03-02
Microsoft SQL database optimization is a constant struggle for any project, and this is something that Apriorit tackles often as an R outsourcing company. The thing is, when developing an application, initially engineers tend to point all their attention towards actually writing the code, while performance takes the back seat. Often, performance problems are caused by the speed at which the data from the application is received. Some problems can creep past the MVP stage and only became apparent when your solution is fully released to the general public. This is why it is necessary to estimate what problems could occur and try to fix them early at the design stage, or at the very least when optimizing the database query. In this article, we will look at techniques for Microsoft SQL server database design and optimization.
Dennis Turpitka 2017-02-03
img

The Internet makes everything easier, faster and cheaper.

People using mobile devices to access their data and services on the go, at the same time, enterprises are no longer willing to pay large license fees and handle maintenance for on-site applications.

Cloud platforms are thriving and with cloud infrastructure being cheap and widely available, Software as a Service becomes an increasingly more attractive and lucrative business.In recent years, IT startups are booming not only in the USA, but all over the world.

Entrepreneurs with ideas are racing to get them on the market as fast as possible.

This is where the practice of using MVP comes in.

MVP helps small startups to get their ideas out there as fast as possible, validate them and get feedback in order to keep developing in the right direction.MVP is not exclusively used in startups, though.

Dennis Turpitka 2017-02-03
img

Microsoft Windows Forms® (WinForms) is a library that allows you to develop rich applications with graphical user interface (GUI).

This library is a part of .NET Framework.

Therefore, such a WinForms application can be developed with any .NET language (C#, F#, VB, etc.

), and run on any platform supported by .NET Framework.

Thus, WinForms is considered multi-platform.

For new projects, consider using Windows Presentation Foundation® (WPF) instead.Written by:Alexey Koshulyan,Software Developer of AprioritIn case of Windows, WinForms is a wrapper for Windows API and GDI+.

Dennis Turpitka 2016-12-29
img

If application works with a database, query execution time should be taken into consideration.

But I decided to share my own experience in the field with the focus on SQL Server query optimization tips.

Depending on a specific case, this task can have varying starting conditions:

You already know what query runs slowly;

You only know that your entire system has generally poor performance that requires some tuning.

You can run SQL Server Profiler from SQL Server Management Studio: go to Tools > SQL Server Profiler

Dennis Turpitka 2016-11-25
img

Creating IOCP and associating it with the file handles is done via the CreateloCompletionPort API function:

HANDLEWINAPICreateIoCompletionPort(_In_ HANDLE FileHandle,_In_opt_ HANDLE ExistingCompletionPort,_In_ ULONG_PTR CompletionKey,_In_ DWORD NumberOfConcurrentThreads);

Handle from the FileHandle parameter is associated with a new or existing completion port.

When the asynchronous I/O request for the IOCP-related file is completed, I/O manager creates an I/O completion packet and places it in the queue.

Packets are extracted from the queue when a worker thread calls the GetQueuedCompletionStatus API function:

BOOLWINAPIGetQueuedCompletionStatus(_In_ HANDLE CompletionPort,_Out_ LPDWORD lpNumberOfBytesTransferred,_Out_ PULONG_PTR lpCompletionKey,_Out_ LPOVERLAPPED * lpOverlapped,_In_ DWORD dwMilliseconds);