Eldar Zaitov

Email: eldar @ kyprizel.net
twitter / flickr / instagram

From time to time I play CTFs with More Smoked Leet Chicken and LC↯BC,
write technical stuff at Medium, and I'm the maintainer of CTFtime.org.

My talks:

Yandex SRE and DevOps school: Authentication basics [not in public]
Evolution of SSH authentication in an engineering company: from passwords to modern days [not in public]
Yandex School of Information Security 2023: Zero Trust security model [video|rus]
KazHackStan 2022: Hybrid cloud infrastructure security challenges and pitfails [video|rus]
Defcon Russia: Hacking Mazda CMU for fun[slides|rus]
Yandex School of Information Security 2018: Web Application Security [rus]
Defcon Russia: GitHub Bug Bounty Experience
DEF CON 24 Crypto & Privacy Village: Managing digital code signing in an engineering company
Defcon Russia: Certificate Transparency FTW
ZeroNights 2015: Our experience of web application security scanning automatization [rus]
ZeroNights 2014: Fast (and almost automatic) SSRF detection
Yet another Conference 2014: TLS deployment in big environments
RuCTF 2013: Attack log analysis for vulnerability detection [rus]
Defcon Russia: Experience of participating in "A month of searching for Yandex vulnerabilities" [video]

Some stuff:

Why keep your Zoo doors closed at Medium
ClickHouse CVE-2019-16535 at Medium

Molly Scanner extension turns BurpSuite into headless web vulnerability scanner
Linux HID Gadget (USBArmory) compatible FIDO U2F token implementation
Certificate Transparency Log monitoring tool

More code on GitHub.

Old stuff:

TACK support for Nginx SSL module
Nginx testcookie DDoS mitigation module
Packet fragmentation support for BoNeSi
RSA keyfinder script for IDA

//@kyprizel