Denis Makrushin

Attack Surface Analysis and Monitoring using Open-Source Intelligence

by Denis Makrushin February 7, 2022

The paper introduces the case study for attack surface analysis and monitoring with practical application of open-source intelligence (OSINT) methods. The case is based on the perimeters of healthcare organizations and aims to introduce the threat landscape of healthcare industry as well as methods to collect information about entry points and assets on network perimeter. Techniques and tools in this paper are not limited by organization type and can be applied for different network assets to prepare initial information during first stage of penetration testing and red team operations.

February 7, 2022

Blog

Prototype Pollution in “Top 10 Web Hacking Techniques of 2021” nomination

by Denis Makrushin January 28, 2022

Prototype Pollution research, performed with co-authorship by @_nikitastupin in Advanced Security Research team, is nominated to “Top 10 Web Hacking Techniques of 2021”. The opportunity for bug hunter, who found the research insightful, to support authors: https://t.co/HC1mSKAVk4
— Denis Makrushin (@makrushind) January 12, 2022

January 28, 2022

Blog

Application Security Course: Open Lectures

by Denis Makrushin December 9, 2021

https://t.me/bhhub/635

Designed the “Application Security Fundamentals” course for Information Security students of my alma mater, I’m giving back and together with my friends from industry cultivate the design thinking of next generation alumni: shift the mindset from problem discovery to solution architecture.

Three years after launching, to increase the impact of this course, we made our lectures open to every Russian-speaking student. Just register yourself using the link from the first comment and wait for the announcement of open lecture tomorrow.

The photo illustrates how a typical class looks like – somewhere with laptop. Grab your device, headset and join!

December 9, 2021