Search titles only
By:
Home
Members
Moderators
Current visitors
Escrow
Deposit
Account Upgrades
ADS
Help
Storm Exchange
Komplexes Bot
Log in
Register
What's new
Search
Search titles only
By:
Menu
Log in
Register
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Depov's latest activity
Depov
posted the thread
APT42 and Seedworm: credential harvesting through social engineering — how Iranian APT steals accounts without malware
in
Web
.
In 2024, APT42hacked into the Trump campaign, pulled out internal documents andtried to merge them to journalists. Without a single...
Jun 2, 2026
Depov
posted the thread
Disable NTLMv1 via GPO — and still see it in pcap: bypass LmCompatibilityLevel and audit of legacy traffic
in
Web
.
Internal pentest of the financial organization, late 2024. Domain on Windows Server 2019, GPO Network security: LAN Manager...
Jun 2, 2026
Depov
posted the thread
Consent phishing through OAuth: From Phishing Link to Microsoft 365
in
Web
.
The place of the consent phishing OAuth attacks in the attack chain Consent phishing is not a pointtechnique, but a full-fledged attack...
May 31, 2026
Depov
posted the thread
BIOS protection bypass: Secure Boot off on plug-in firmware
in
Programming
.
The place in the chain of attack: why break the firmware Compromise of UEFI-fishering is notan end in itself, but the solution of two...
May 31, 2026
Depov
posted the thread
ML IDS Detection of Unsignature Attacks: Blind Areas of Behavioral Detector
in
Web
.
Six months ago on the internal Red Team exercise Isolation Forest,trained on the monthly baseline from Zeek conn.log, missed a DNStunnel...
May 30, 2026
Depov
posted the thread
Identity-based APT 2026 attack: how groups go from endpoints to the cloud and mail – Red Team and Detection Guide
in
Programming
.
In November 2023, the APT29 (Midnight Blizzard) climbed into the corporate environment of Microsoft through the password spraying of the...
May 30, 2026
Depov
posted the thread
Hardening UEFI and firmware protection: BIOS-passwords, Secure Boot, TPM and Intel Boot Guard – what really works
in
Programming
.
Each mechanism closes certain tactics on MITRE ATT&CK: from the substitution of system firmware System Firmware (T1542.001...
May 29, 2026
Depov
posted the thread
Attacks on OAuth 2.0: redirect URI manipulation, token interception and authorization code interception in practice
in
Web
.
On theSaaS-platform with SSO through Keyclok, I found that theauthorization server is accepting redirect_uri with path...
May 29, 2026
Depov
posted the thread
Hardware Penttest: JTAG, UART and SPI for Firmware Recovering and Receiving Shell
in
Programming
.
The Place of the Technological Pentest in the Attack Hardware analysis of embedded systemsis not a separate discipline, but a specific...
May 28, 2026
Depov
posted the thread
CRLF Injection: from HTTP Response Splitting to session capture — operation and real CVE
in
Web
.
For bug bounty in fintech, I spend three minutes to detect CRLF Pointin the Reddirect Engrade - and Two hours escalating to XSS...
May 28, 2026
Depov
posted the thread
UEFI boutiquet and protection Secure Boot: analysis of BlackLotus, CosmicStrand and attack on the download chain
in
Programming
.
In 2023, ESET published a detailed analysis of BlackLotus, the firstpublic documented boutique that bypasses UEFI Secure Boot on theFull...
May 27, 2026
Depov
posted the thread
Device Bound Session Credentials Chrome: as DBSC in Chrome 146 breaks kill chain theft of sessions
in
Web
.
"Con" to the IBM X-Force Thread Intelligence Index 2025infostealers came out on top among all types of smallware - 32%Overtaking...
May 27, 2026
Depov
posted the thread
CVE-2026-0300: buffer overflow in PAN-OS - from vulnerability analysis to root RCE on the Pano Alto firewall
in
Programming
.
May 6, 2026 CISA added CVE-2026-0300 to the catcolog KnownExploited Vulnerabilities. Deadline for addressing - three days,Until May 9...
May 26, 2026
Depov
posted the thread
Secrets scanning leakage of tokens and API keys: we find leaked credentials in GitHub, GitLab, Bitbucket and Jira
in
Web
.
AWS-key format AKIA* in the git-history of the private repositoryremoved from the code eight months ago, but aws stsget-caller-identity...
May 26, 2026
Depov
posted the thread
Patch2Vuln: Analysis of Binary Patchs for Automatic Recovering Linux Vulnerabilities
in
Programming
.
Binary patch as the only artifact for n-day research When the Linux distribution releases a security update, a window appears in which...
May 22, 2026
Top
Bottom
