Search titles only
By:
Home
Members
Moderators
Current visitors
Escrow
Deposit
Account Upgrades
ADS
Help
Storm Exchange
Komplexes Bot
Log in
Register
What's new
Search
Search titles only
By:
Menu
Log in
Register
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Depov's latest activity
Depov
posted the thread
API protection from BOLA and IDOR: authorization patterns, policy-as-code and developer checklist
in
Web
.
The attacker substituted someone else's identifier in the request, the server returned the data. No exploit, without bypassing the WAF -...
Jun 16, 2026
Depov
posted the thread
MSP Supply Chain Attack: Kaseyya VSA Demand and RMM Infrastructure Protection
in
Programming
.
The business logic of the attack: why RMM is the perfect engine of scale The MSP provider by definition has privileged access to the...
Jun 16, 2026
Depov
posted the thread
CTF infrastructure deployment: CTFd, kTF and Docker insulation from 50 to 2000 participants
in
Web
.
DownUnderCTF 2023 served more than 2000 teams on 68 assignments, withstood a peak of 32 100 requests per second and cost $ 876 AUD in...
Jun 16, 2026
Depov
posted the thread
Protection against DDoS attacks 2026: a comparison of strategies, detection and checklist for SOC
in
Web
.
Morning. Grafana shows 340 Gbps inbound UDP traffic on the border routers of the fintech company, where six months ago adjusted...
Jun 15, 2026
Depov
posted the thread
Extraction of passwords from memory: how master keys of password managers settle in the RAM-dump
in
Programming
.
On one IR case in a fintech company, we shot the RAM dump via WinPmem - RAT at the developer's workstation found on Thursday morning...
Jun 15, 2026
Depov
posted the thread
Lateral Movement from IT to OT: Industrial Network Pentest Techniques
in
Web
.
At the audit of the energy enterprise, we received domain admin in four hours - Kerberoasting plus a weak password for service earnings...
Jun 12, 2026
Depov
posted the thread
Hidden C2 Data Channels: DNSing Tuning and HTTP Clitt Points from Customization to Detect
in
Web
.
At red team, operations in the financial sector, we raised dnscat2 on the rented VPS, prescribed the NS delegation and chased the teams...
Jun 12, 2026
Depov
posted the thread
Segmentation and protection of OT networks: Purdue Model, Industrial DMZ and Zero Trust for ICS
in
Programming
.
At the audit of the petrochemical plant last year, we found Modbus/TCP traffic from the Siemens S7-1200 and HMI panels in the same VLAN...
Jun 12, 2026
Depov
posted the thread
Steganography in malware: how APT-groups hide C2-channels and peloads in images
in
Programming
.
When the Zero.T bootloader downloaded three BMP files from a C2 server, the corporate DPI system missed them without a single alert...
Jun 12, 2026
Depov
posted the thread
Attacks through stolen account details: kill chain from styler log to domain admin
in
Programming
.
For the past year, I have been dismantling the dumps of infostlers - archives from Telegram channels and log marketplaces - and in each...
Jun 11, 2026
Depov
posted the thread
Pentest ICS TP: kill chain from the corporate network to the controller registers
in
Web
.
At the petrochemical facility in 2024, the task was specifically: to check whether the attacker from the corporate network will get to...
Jun 11, 2026
Depov
posted the thread
Bcrypt Breaking Passwords: How Hashes with Dragonica Are Leaked and Why It’s Easier Than It Seems
in
Programming
.
At the CTF last year, the dump of the database of the private server Dragonica appeared - about 40 thousand accounts, bcrypt-hashi with...
Jun 10, 2026
Depov
posted the thread
Cloud imconfiguration as a vector of attack: a complete map of threats and protection of AWS, Azure and GCP
in
Web
.
99% of cloud security incidents are the fault of the client, not the provider. This is Gartner (Through 2025, original publication...
Jun 10, 2026
Depov
posted the thread
Zero Trust Network Microshenement: a Practical Guide to Implementation
in
Web
.
In three of the five microsegmentation projects that I have audited over the past year and a half, within the created segments there was...
Jun 9, 2026
Depov
posted the thread
Ransomware in 60 minutes: how Akira and Medusa/Storm-1175 accelerated attacks and how to detect them
in
Programming
.
According to CrowdStrike Global Threat Report 2025, the average time of the lateral movement after initial access in 2024 is 62 minutes...
Jun 9, 2026
Top
Bottom
