Anton Lopanitsyn
Web application security researcher. Current Location: Moscow, Russia
Blog: https://bo0om.ru
Twitter: @i_bo0om
Telegram channel: @webpwn
Penetration testing for business https://vulner.ru
Exploit & hacktool search engine https://sploitus.com
Antifraud for everyone https://antibot.ru
Leak finder https://passleak.com
- Web application security research;
- Browser security and client-side exploits;
- Web Application Firewall development and evasion;
- Vulnerability scanning automation.
- Experienced public speaker (more than 20 presentation);
- CVEs in browsers;
- Active researcher, lots of publications and whitepapers;
- Received bug bounties from Microsoft, Google, Twitter, LinkedIn, Yandex, Cloudflare, VK.com, QIWI, Mail.ru, etc;
- Nominated for the Top 10 web hacking technologies in 2017 and 2018;
Urban.Tech Moscow
First place in the category "searching for vulnerabilities"
https://www.kp.ru/daily/27063/4131459/
Wallarm Research Team:
https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa
https://lab.wallarm.com/the-good-the-bad-and-the-ugly-of-safari-in-client-side-attacks-56d0cb61275a
https://lab.wallarm.com/hunting-the-files-34caa0c1496
https://lab.wallarm.com/blind-ssrf-exploitation/
Nominations:
https://portswigger.net/blog/top-10-web-hacking-techniques-of-2017-nominations-open
https://portswigger.net/blog/top-10-web-hacking-techniques-of-2018-nominations-open
Xakep magazine:
https://xakep.ru/author/bo0om/
Other:
Hosting dashboard web application logic vulnerabilities
- http://2013.zeronights.org
- https://www.slideshare.net/DefconRussia/dmitry-boomov-hosting-dashboard-web-application-logic-vulnerabilities
There's Nothing so Permanent as Temporary
De-anonymization and total espionage
"You're so funny", about funny vulnerabilities in web applications. Mail.ru Security Meetup
Not by Nmap Alone
Geek Picnic 2015 - Big Brother is watching you
Security of payment systems and banks
VolgaCTF 2016 - DNS and attacks
Defcon KZ 2016 - Website reconnaissance tools
A blow under the belt. How to avoid WAF/IPS/DLP
- https://2016.zeronights.org/conference-materials/presentations/
- https://www.slideshare.net/ssusera0a306/zeronights-2016-a-blow-under-the-belt-how-to-avoid-wafipsdlp-wafipsdlp
KazHackStan 2017 | Tracking
Armsec 2017 | 2 bugs 1 safari
User-friendly, though. (Messaging bots expose sensitive data)
Safety for paranoids. Everything is bad.
ZeroNights Web Village Organizer
Web Application Cache Poisoning Mail.ru Security Meetup
Defcon Russia 2017 - Google Glass with AI
VolgaCTF 2018 - Neatly bypassing CSP
KazHackStan - "><script>alert()</script>
Defcon DC7499 Meetup - Param-pam-pam
Offzone | Another waf bypass
Speaker on SK Cyberday
ZeroNights 2018 | Race Condition Tool
ZeroNights 2018 | I <"3 XSS
PartyHack 2019 | How I hack the telegram
2000-day in Safari
Zeronights 2019 | Phoenix hunting
ZeroNights Web Village Organizer
OWASP Moscow Meetup #9
Wallarm Meetup 08.2020
Server-side request forgery via ftp account
Funny vulnerabilities especially for Fool's Day
ZeroNights 2021 | 31337
KHS | Defending against automatization
HighLoad | Protection against malicious automation