Depov's latest activity

Depov posted the thread Grav CMS vulnerability path traversal: 0-day in FormFlash without authentication in Programming.

CVSS 8.8 (HIGH), zero privileges, automated operation - according to the CISA-ADP, Technical Impact: total. CVE-2026-42608 in Grav CMS -...
May 22, 2026
Depov posted the thread Wireless pentest in 2025: attacks on Wi-Fi, Bluetooth and ZigBee in Programming.

Environment requirements for wireless pentest Before you go to the facility, you need a set of three protocols: Wi-Fi (802.11)...
May 22, 2026
Depov posted the thread Attacks on network protocols for pentest: operation of SMB, FTP, SNMP and SMTP in Programming.

Key terms: what you need to understand before the first team Before dismantling specific attacks on network protocols with a pentest, we...
May 22, 2026
Depov posted the thread CTF Web Writeup: SQL injection, SSRF and Deserialization in Web.

Web Packaging Methodology in CTF Before you get into specific vulnerabilities, you need a system. Without it, you will spend an hour on...

May 22, 2026
Depov posted the thread AiTM phishing: bypassing MFA through Evilginx, Modlishka and Murena in Web.

How AiTM Attack Works at the level of an HTTPsession Before you getinto the tools, you need to understand what is happening at...
May 22, 2026
Depov posted the thread RCE Vulnerabilities in AI Platforms: CVE-2026-40933 and CVE-2026-40911 — from Allist link bypass to eval() injection in Web.

Allowlist of five commands, function validateCommandInjection() and verification validateArgsForLocalFileAccess() - three layers of...
May 22, 2026
Depov posted the thread Fazing web applications and APIs: from AFL++ and LibFuzzer to 0-day detection in real-world projects in Web.

Fazing place in the attack chain Fazing is areconnaissance and resource development tool for MITRE AT&CK.Vulnerability Scanning...
May 22, 2026
Depov posted the thread Attacks on cloud accounts AWS and Azure: equipment, detection and real cases in Web.

T1078.004 Cloud Accounts - a place in kill chainand why SOC stalls T1078.004 (CloudAccounts) in MITRE AT&CK covers four tactics at...
May 21, 2026
Depov posted the thread Malware analysis: step-by-step analysis of the sample from statics to dynamics in Programming.

Adjustments to the environment Before you open the first file - about iron and insulation. The error at this stage is worth the...
May 21, 2026
Depov posted the thread Neural networks in the hands of fraudsters_ attack vectors, methods of detection and protection in Web.

Generated neural networks are a useful thing until those who want to divorce you are not picked up. Fraudsters quickly realized: LLM...

May 20, 2026
Depov posted the thread CVE-2026-32202: Windows Shell vulnerability — zero-click NTLM hashes theft through LNK files in Programming.

Chronology: from CVE-2026-21510 to zero-clickvector CVE-2026-32202 To disassembleCVE-2026-32202, you need to unwind the chain from...
May 20, 2026
Depov posted the thread Attacks on network protocols for pentest: operation of SMB, FTP, SNMP and SMTP in Web.

38 minutes from the first SNMP query to the domain-adminpassword. The Internal Pentest of the Logistics Company - Nmap Showthe port of...
May 19, 2026
Depov posted the thread Attacks on the SCADA system: analysis of hacking of water treatment plants and detection-playbook for OT-net in Programming.

In January 2024, the hacktivist group CARR (Cyber Army of Russia Reborn), which Mandiant in April 2024 associated with the...

May 19, 2026
Depov posted the thread Cloud Infrastructure Pentest: Methodology, Tools and Real Efforts in Programming.

On the penultimate project for fintech, we received read-only IAMkeys “for auditing”. After four hours - full access to...
May 18, 2026
Depov posted the thread Cloud imconfiguration as attack vector: S3-bouquets, Spines and storage AWS/Azure/GCP in Web.

On the pentest fintech company, I found an S3-backet with Baks of DB in three minutes - aws s3 ls s3://company-prod-backups...
May 18, 2026

Show older items

Top Bottom