Skip to content
Avatar
💣
3, 2, 1...
💣
3, 2, 1...

Achievements

Achievements

Block or Report

Block or report Bo0oM

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Bo0oM/README.md

Whoami

Anton Lopanitsyn

Web application security researcher. Current Location: Moscow, Russia

Blog: https://bo0om.ru

Twitter: @i_bo0om

Telegram channel: @webpwn

Penetration testing for business https://vulner.ru

Exploit & Hacktool Search Engine https://sploitus.com


Skills:

  • Web application security research;
  • Browser security and client-side exploits;
  • Web Application Firewall development and evasion;
  • Vulnerability scanning automation.

Achievements:

  • Experienced public speaker (more than 20 presentation);
  • CVEs in browsers;
  • Active researcher, lots of publications and whitepapers;
  • Received bug bounties from Microsoft, Google, Twitter, LinkedIn, Yandex, Cloudflare, VK.com, QIWI, Mail.ru, etc;
  • Nominated for the Top 10 web hacking technologies in 2017 and 2018;

Activities

Urban.Tech Moscow

First place in the category "searching for vulnerabilities"

https://www.vtbcareer.com/about/news/vtb-nagradil-uchastnikov-khakatona-urban-tech-moscow-v-nominatsii-finansy-/

https://www.kp.ru/daily/27063/4131459/

Wallarm Research Team:

https://lab.wallarm.com/how-to-trick-csp-in-letting-you-run-whatever-you-want-73cb5ff428aa

https://lab.wallarm.com/the-good-the-bad-and-the-ugly-of-safari-in-client-side-attacks-56d0cb61275a

https://lab.wallarm.com/hunting-the-files-34caa0c1496

https://lab.wallarm.com/blind-ssrf-exploitation/

Nominations:

https://portswigger.net/blog/top-10-web-hacking-techniques-of-2017-nominations-open

https://portswigger.net/blog/top-10-web-hacking-techniques-of-2018-nominations-open

Xakep magazine:

https://xakep.ru/author/bo0om/

Other:

https://hackerone.com/bo0om

https://github.com/Bo0oM


Whitepapers & Publications

Hosting dashboard web application logic vulnerabilities

There's Nothing so Permanent as Temporary

De-anonymization and total espionage

"You're so funny", about funny vulnerabilities in web applications. Mail.ru Security Meetup

Not by Nmap Alone

Geek Picnic 2015 - Big Brother is watching you

Security of payment systems and banks

VolgaCTF 2016 - DNS and attacks

Defcon KZ 2016 - Website reconnaissance tools

A blow under the belt. How to avoid WAF/IPS/DLP

KazHackStan 2017 | Tracking

Armsec 2017 | 2 bugs 1 safari

User-friendly, though. (Messaging bots expose sensitive data)

Safety for paranoids. Everything is bad.

ZeroNights Web Village Organizer

Web Application Cache Poisoning Mail.ru Security Meetup

Defcon Russia 2017 - Google Glass with AI

VolgaCTF 2018 - Neatly bypassing CSP

KazHackStan - "><script>alert()</script>

Defcon DC7499 Meetup - Param-pam-pam

Offzone | Another waf bypass

Speaker on SK Cyberday

ZeroNights 2018 | Race Condition Tool

ZeroNights 2018 | I <"3 XSS

PartyHack 2019 | How I hack the telegram

2000-day in Safari

Zeronights 2019 | Phoenix hunting

ZeroNights Web Village Organizer

OWASP Moscow Meetup #9

Wallarm Meetup 08.2020

Server-side request forgery via ftp account

Funny vulnerabilities especially for Fool's Day

Pinned

  1. Safiler Public

    Safari local file reader

    Python 122 20

  2. fuzz.txt Public

    Potentially dangerous files

    1.5k 292

  3. Webkit uxss exploit (CVE-2017-7089)

    HTML 61 18

  4. Chrome < 62 uxss exploit (CVE-2017-5124)

    PHP 160 36

26 contributions in the last year

Sep Oct Nov Dec Jan Feb Mar Apr May Jun Jul Aug Sep Mon Wed Fri

Contribution activity

September 2021

Bo0oM has no activity yet for this period.

Seeing something unexpected? Take a look at the GitHub profile guide.