Ivan Spiridonov
Penetration Tester

Specialized in discovering and exploiting security vulnerabilities in web applications, networks, and infrastructure to help organizations improve their security posture.

Read My BlogView My CVEs
terminal — xbz0n@sh:~#

Expertise

Web Application Security

Identifying and exploiting vulnerabilities in web applications to prevent potential security breaches.

Exploit Development

Creating proof-of-concept exploits for discovered vulnerabilities and developing custom security tools for specialized testing scenarios.

Security Research

Discovering and responsibly disclosing vulnerabilities in software and systems with published CVEs.

Latest Research

View all posts →
Active DirectoryPenetration TestingNTLM RelaySMBDCSyncDomain TakeoverNetwork SecurityMay 20, 2025

From Zero Creds to Enterprise Admin

Read full analysis →
Web SecurityXSSAccount TakeoverCSRFSession RidingData ExfiltrationVulnerability ResearchApr 24, 2025

XSS to Account Takeover & Data Exfiltration

Read full analysis →
Exploit DevelopmentVulnServerDEP BypassROPBuffer OverflowWindows ExploitationApr 8, 2025

VirtualProtect DEP Bypass: Step-By-Step Exploit

Read full analysis →