Depov's latest activity

Depov posted the thread Detection of APT attacks: SIEM, EDR, NDR and Threat Hunting – full protection map in 2026 in Programming.

Business logic of APT: why the attacker stays in the network for months Before dismantling detection tools, it is necessary to...
Jun 9, 2026
Depov posted the thread Information Security Maturity Models: CMMC, C2M2, SSE-CMM and BSIMM – selection of framework and self-assessment in Web.

In three years, I have conducted a gap analysis on four different maturity models for twelve organizations – from Defense Industrial...
Jun 8, 2026
Depov posted the thread SAML Authentication Attacks: XML Signature Wrapping, Golden SAML and bypassing the federal SSO in Web.

SAML-Floy through the eyes of an attacker For the SAML pencilator, there is a trust chain between three participants: User's browser...

Jun 5, 2026
Depov posted the thread Bypassing ML detectors to IDS: adversarial-attacks and testing the robustness of models in Web.

How IDS ML Detectors Make Traffic Decisions The ML-based NIDS operates on a three-stage pipeline. Understanding each step is critical...
Jun 5, 2026
Depov posted the thread Modern methods of bypassing WAF in tasks with non-standard XSS in Web.

Эволюция XSS и современные защиты Most likely, you already know what XSS is, but let’s repeat for the completeness of the picture. XSS...

Jun 5, 2026
Depov posted the thread Bypass Secure Boot: attack techniques for the verification of the loader for the pentesters in Programming.

On the Red Team project last year, the task sounded the following task: to prove persistence below the OS level on the host with Windows...
Jun 5, 2026
Depov posted the thread iOS App Pentest: From Frida Installation to the Keybreak Curet in Programming.

On the audit of the fintech application for iOS, we stumbled in a three-layer jailbreak detection - file checks, sandbox recording in...
Jun 5, 2026
Depov posted the thread Reverse-engineering of iOS applications: IPA-analysis, class-dump and Frida through the eyes of a protector in Programming.

The place in the attack chain: why reverse an iOS application Reverse-engineering of iOS applications is not an end in itself. This is...
Jun 5, 2026
Depov posted the thread Malware development on Rust: stealth agent for red team, bypass EDR and comparison with C++ in Programming.

A functionally identical plaid loader weighs 71.7 KB on C and 151.5 KB on Rust - the binary doubled. At the same time, according to a...
Jun 4, 2026
Depov posted the thread Nginx reverse proxy: C2 security and detection-checking for SOC in Web.

Business logic of attack: the place of Nginx-redirector in kill chain Nginx reverse proxy for the security of C2 works at the Command...

Jun 4, 2026
Depov replied to the thread 🛡️ MixTum & BFD Crew - FREE RAFFLE 🎁 1 mBTC!.

Slot # 2 BTC: bc1q5hz3uhfrepc272h55cqlv4g4ygkyha37vrsxrq

Jun 3, 2026
Depov posted the thread Feature engineering for network traffic: why the quality of the features solves more than the choice of an algorithm in IDS ML models in Web.

Six months ago, we killed two weeks for the selection of LightGBM hyperparameters for a C2 backed detect in corporate traffic. F1 was...
Jun 3, 2026
Depov posted the thread Development of extensions of Burp Suite in Python and Java: automation of web application pentest in Programming.

On the latest API pentest, fintech service every request requiredHMAC-signature in the title X-Signature - calculated from the...
Jun 3, 2026
Depov posted the thread Preaothy RCE and bypass mTSS: the analysis of Mongoose vulnerabilities on millions of devices in Programming.

The comment in the product code "ignore secp386 for now" - and the P-384 mTS is turned into a decoration. Heap overflow in TLS-handshake...
Jun 2, 2026
Depov posted the thread Penttest IoT devices: from reconnaissance and disassembly to OWASP ITG in Programming.

On the last three IoT security testing projects, I opened the device body, connected to UART – and in two cases out of three received a...
Jun 2, 2026

Show older items

Top Bottom