Ivan SpiridonovPenetration Tester
Specialized in discovering and exploiting security vulnerabilities in web applications, networks, and infrastructure to help organizations improve their security posture.
Expertise
Web Application Security
Identifying and exploiting vulnerabilities in web applications to prevent potential security breaches.
Exploit Development
Creating proof-of-concept exploits for discovered vulnerabilities and developing custom security tools for specialized testing scenarios.
Security Research
Discovering and responsibly disclosing vulnerabilities in software and systems with published CVEs.
Latest Research
View all posts →Mythic C2 with EarlyBird Injection and Defender Evasion
Let's talk about building C2 infrastructure that actually works in the real world. Most red teamers think they can just spin up a Cobalt Strike server and call it a day, but that's how you get burn...
Read full analysis →Breaking ADCS: ESC1 to ESC16 Attack Techniques
Let's talk about Active Directory Certificate Services. If you've been doing red team work for any length of time, you've probably heard about ADCS attacks. What started as a convenient way to mana...
Read full analysis →From Zero Creds to Enterprise Admin
Active Directory remains the backbone of most corporate network environments. Despite being a mature technology with decades of security research behind it, misconfigurations and default settings c...
Read full analysis →