“While working together, I have always admired how Sam can inspire and direct the efforts of the team to achieve goals of any complexity. This is a specialist with high leadership and technical skills. It is also worth to note its excellent organization of Sam.”
About
As a founder of LSCP, LLC, I challenge cyber resilience with penetration testing services…
Activity
-
In 2005 Microsoft introduced Kernel Patch Protection, which basically took away a lot of the capabilities antimalware products were using to detect…
In 2005 Microsoft introduced Kernel Patch Protection, which basically took away a lot of the capabilities antimalware products were using to detect…
Liked by Sam Lyhin
-
Use binary likelihood to measure cybersecurity risks. Cost to fix the issue is million times smaller than its impact. 0,001% likelihood is "Yes".…
Use binary likelihood to measure cybersecurity risks. Cost to fix the issue is million times smaller than its impact. 0,001% likelihood is "Yes".…
Shared by Sam Lyhin
-
When reporting cybersecurity issues to bosses, don't make a mountain out of a marble. Prolixity in cybersecurity is merely hubris. Even if third…
When reporting cybersecurity issues to bosses, don't make a mountain out of a marble. Prolixity in cybersecurity is merely hubris. Even if third…
Shared by Sam Lyhin
Experience & Education
-
LSCP, LLC
View Sam’s full experience
See their title, tenure and more.
or
Licenses & Certifications
Publications
-
Command Injection in gitlabhook node.js module (CVE-2019-5485)
National Institute of Standart and Technology
See publicationNPM package gitlabhook version 0.0.17 is vulnerable to a Command Injection vulnerability. Arbitrary commands can be injected through the repository name.
-
WebERP 4.15 - SQL injection (CVE-2019-13292)
cve.mitre.org
See publicationA 0-day vulnerability was found in the latest version of a popular ERP system.
It was found that a malicious query can be sent in base64 encoding to unserialize() function (Payments.php, line 569). It can be deserialized as an array without any sanitization then.
After it, each element of the array is passed directly to the SQL query. A fully working exploit was written on Python. -
D-Link DI-524 V2.06RU - Multiple Cross-Site Scripting (CVE-2019-11017)
cve.mitre.org
See publicationMultiple XSS vulnerabilities were found in a popular router.
-
Windows/x86 - Download With TFTP And Execute Shellcode (51-60 bytes) (Generator)
Exploit Database
See publicationThe provided code generates x86 shellcode to download and execute PE file via TFTP. Size: 51-60 bytes.
-
XAMPP Control Panel 3.2.2 - Buffer Overflow (SEH) (Unicode)
Exploit Database
See publicationLocal exploit for XAMPP.
-
Arm Whois 3.11 - Buffer Overflow (SEH)
Exploit Database
See publication1-day local exploit for Arm Whois 3.11
Languages
-
Русский
Full professional proficiency
-
Українська
Native or bilingual proficiency
-
English
Full professional proficiency
Recommendations received
8 people have recommended Sam
Join now to viewMore activity by Sam
-
🔓 Two critical zero-day vulnerabilities in Ivanti's products are being actively exploited by suspected cyber espionage group UNC5221 potentially…
🔓 Two critical zero-day vulnerabilities in Ivanti's products are being actively exploited by suspected cyber espionage group UNC5221 potentially…
Liked by Sam Lyhin
-
There is an ultimate solution to reduce the risk of social engineering issues. Code of ethics. Here is a short example. It could be that soon…
There is an ultimate solution to reduce the risk of social engineering issues. Code of ethics. Here is a short example. It could be that soon…
Shared by Sam Lyhin
-
Around four years ago, a chief risk guy of a midsize business hurled: "Of course they could hack us if they come to the physical office. Anyone can…
Around four years ago, a chief risk guy of a midsize business hurled: "Of course they could hack us if they come to the physical office. Anyone can…
Shared by Sam Lyhin
-
Get to know how to target /cyber resilience/ in /third party/ scope covering entire lifecycle of relationship #cyberresilience #nistcsf…
Get to know how to target /cyber resilience/ in /third party/ scope covering entire lifecycle of relationship #cyberresilience #nistcsf…
Liked by Sam Lyhin
-
We can't afford to not have the firewall configured these days. SSH was an impenetrable and reliable system some time ago, although there were…
We can't afford to not have the firewall configured these days. SSH was an impenetrable and reliable system some time ago, although there were…
Shared by Sam Lyhin
-
Always great to visit with leadership from other sites and what fun to break for ice cream sandwiches and networking. Thanks Jonathan Giglio helping…
Always great to visit with leadership from other sites and what fun to break for ice cream sandwiches and networking. Thanks Jonathan Giglio helping…
Liked by Sam Lyhin
-
Did former Uber CISO tip the policemen who delivered him to the final destination?
Did former Uber CISO tip the policemen who delivered him to the final destination?
Posted by Sam Lyhin
Other similar profiles
-
Alex Horlan
Connect -
Vlad Styran 🇺🇦
Connect -
Jason Serrao
Connect -
Saravanan Gnanaguru
Founder - CloudEngine Labs | Chief Technology Evangelist | DevOps Cloud SRE Practitioner | Tech Blogger | Speaker | Mentor | AWS Community Builder | Hashicorp Ambassador
Connect -
Ilya Aksyonenko
Connect -
Heath Adams
Connect -
Michael Adcock
Connect -
Anna Zhmurko
Penetration Tester OSWE | OSCP | BSCP | CEH
Connect -
Daryna Honcharenko
Connect -
Yuliia Sumovska
Senior Consultant | Deloitte
Connect
Explore collaborative articles
We’re unlocking community knowledge in a new way. Experts add insights directly into each article, started with the help of AI.
Explore More