Ivan SpiridonovOffensive Security Consultant
Specialized in discovering and exploiting security vulnerabilities in web applications, networks, and infrastructure to help organizations improve their security posture.
Expertise
Web Application Security
Identifying and exploiting vulnerabilities in web applications to prevent potential security breaches.
Exploit Development
Creating proof-of-concept exploits for discovered vulnerabilities and developing custom security tools for specialized testing scenarios.
Security Research
Discovering and responsibly disclosing vulnerabilities in software and systems with published CVEs.
Latest Research
View all posts →Living Off the Land: Windows Post-Exploitation Without Tools
I'll never forget one of my first red team engagements where I learned this lesson the hard way. I'd spent two days carefully phishing my way into a financial services company, finally landing a sh...
Read full analysis →Finding and Exploiting CVE-2025-50674 in OpenMediaVault
Recently, I discovered a critical vulnerability in OpenMediaVault, a popular open-source network-attached storage solution. The vulnerability (published as [CVE-2025-50674](https://nvd.nist.gov/vul...
Read full analysis →Mythic C2 with EarlyBird Injection and Defender Evasion
Let's talk about building C2 infrastructure that actually works in the real world. Most red teamers think they can just spin up a Cobalt Strike server and call it a day, but that's how you get burn...
Read full analysis →