Depov's latest activity

Depov posted the thread Prototype Pollution: Client-side and Server-side Attacks in Web.

Prototype Pollution rarely looks like a loud vulnerability. Usually it all starts with a piece of code that no one considers dangerous...

May 17, 2026
Depov posted the thread Pre-auth RCE PHP injection: lax-gaide according to CVE-2026-39337 and CVE-2026-27681 in Programming.

The beginning of 2026 threw two CVE, which are worth dismantling on the stand. CVE-2026-39337 - pre-auth RCE PHP injection in ChurchCRM...
May 17, 2026
Depov posted the thread XSS vulnerability in practice: search, operation and bypass filters in Web.

Here I will analyze all three types of XSS in web applications, not retelling OWASP wikis (the hundredth time it makes no sense to...

May 16, 2026
Depov posted the thread CVE-2026-0300: Palo Alto PAN-OS vulnerability analysis – from buffer overflow to root RCE in Programming.

AnatomyCVE-2026-0300: out-of-bounds in User-ID Authentication Portal CVE-2026-0300 - buffer overflow type CWE-787(Out-of-bounds...
May 16, 2026
Depov posted the thread Hardening Active Directory through the eyes of the attacker: Protected Users, Tiering Model and LAPS on internal pentest in Programming.

Three weeks ago, on the internal bank infrastructure pentest, we got Domain Admin in 47 minutes. The chain is banal to the limit...
May 15, 2026
Depov posted the thread NTLM Coercion Attack Active Directory in Web.

/// Depth Security in the reports for 2026 continue to find hosts vulnerable to CVE-2025-33073 (CVSS 8.8), including domain controllers...

May 15, 2026
Depov posted the thread Salesforce Mysconfigration: We Find and Close to Leakage - Analysis of Attacks and Step-by-Step Audit in Web.

April 2026. McGraw Hill confirms the leak of 13.5 million records - names, emails, phones, physical addresses. Three days earlier...

May 14, 2026
Depov posted the thread Bypassing EDR through a direct syscall call PART 3/2 BONUS in Programming.

7.1. Detect on anomalies in the execution stream Modern EDRs use hardware breakpoints and Execution Tracing. Theycan track where the...

May 14, 2026
Depov posted the thread Web-pentest for beginners: from setting up the environment to the first vulnerability found in Web.

What is a web pentest and why it is needed Web applicationpenetration testing is a controlled imitation of an attack on awebsite or...

May 13, 2026
Depov posted the thread Article Bypassing EDR through a direct syscall call PART 2/2 in Programming.

4. The executioner's toolkit (practical section). Continuation. 4.4. SysWhispers3: Behind the Scenes of Automation Let’s...

May 13, 2026
Depov posted the thread Article Bypassing EDR through a direct syscall call PART 1/2 in Programming.

Today, the conversation will not go about another “Malvari-invisible”from the Githab, which detects 5 minutes after pouring on VT...

May 12, 2026
Depov posted the thread Vulnerabilities in WebSocket Configurations and Their Operation PART 5 (END) in Web.

Protection - how not to become a victim Protection is not a“do it” list. This is an understanding of principles. Always use WSS...

May 12, 2026
Depov posted the thread Hacking NFC: NFC History, Technology and Capabilities in Programming.

NFCGate: radio magic that breaks the boundaries of NFC When it comes tocontactless systems – be it subway, passes, payment cards or...

May 11, 2026
Depov posted the thread Vulnerabilities in WebSocket Configurations and Their Operation PART 4 in Web.

Spider Tools - What to Use in Intelligence and Attack Let's get it alltogether. What does the WS testing process look like...

May 11, 2026
Depov posted the thread How to disable SH password on Linux to improve security in Programming.

I want to disable access for ssh clients using password and allowonly authorization ssh with SSH keys. Howto disable password...

May 10, 2026

Show older items

Top Bottom