Ivan SpiridonovPenetration Tester
Specialized in discovering and exploiting security vulnerabilities in web applications, networks, and infrastructure to help organizations improve their security posture.
Expertise
Web Application Security
Identifying and exploiting vulnerabilities in web applications to prevent potential security breaches.
Exploit Development
Creating proof-of-concept exploits for discovered vulnerabilities and developing custom security tools for specialized testing scenarios.
Security Research
Discovering and responsibly disclosing vulnerabilities in software and systems with published CVEs.
Latest Research
View all posts →Finding and Exploiting CVE-2025-50674 in OpenMediaVault
Recently, I discovered a critical vulnerability in OpenMediaVault, a popular open-source network-attached storage solution. The vulnerability (published as [CVE-2025-50674](https://nvd.nist.gov/vul...
Read full analysis →Mythic C2 with EarlyBird Injection and Defender Evasion
Let's talk about building C2 infrastructure that actually works in the real world. Most red teamers think they can just spin up a Cobalt Strike server and call it a day, but that's how you get burn...
Read full analysis →Breaking ADCS: ESC1 to ESC16 Attack Techniques
Let's talk about Active Directory Certificate Services. If you've been doing red team work for any length of time, you've probably heard about ADCS attacks. What started as a convenient way to mana...
Read full analysis →