In 2020 goals were set: add even more value to cybersecurity education, integrate practical experience, address staff shortages. Now, as Academic Director, I'm proud to bring worlds of industry and academia together in postgraduate program at National Research Nuclear University.

The act of archaeology. Video of the research report "The Way from App to Brain: Attack Surface of Smart Medical Infrastructure" published in 2019: youtube.com/watch?v=AKZqG_… Slides of the presentation are published now: speakerdeck.com/makrushin/the-…

The reason to sit and smile this time is the topic of the discussion: new manager role model and skills to build high-performance distributed teams. Just count: how many times a day do you speak with your monitor instead of having offline-discussion? Then sit and smile.

eBPF program debugger On the way from a small script to a full-fledged application developer spends half his time on debugging. The tool is useful for anyone developing security and observability applications based on eBPF. Credits to Alex Kalinin. github.com/ph1048/ebpfdbg

Web Applications Bug Hunting: Fundamentals A crash course in bug hunting presented at the TheSAS2025, covering key terminology, attack vectors and everything you need to know to start your application security journey. #DevSecOps #BugBountyTips youtu.be/WWCV2MrphU4

report_v.2023.4: release candidate Sit next to me. Let's discuss and prepare our annual report. Highlight the ones that made you feel the most, not just list the results. Let's do it in “parameter: value” format. linkedin.com/posts/makrushi…

Secure SDL in FinTech: summary of the DevOpsConf roundtable Key theses voiced together with colleagues from the financial industry during the discussion of secure development challenges: linkedin.com/feed/update/ac… #DevSecOps #AppSec #DevOps #SDLC

Together with the Bauman Moscow State Technical University team, we've upgraded the "Information Security" program, equipping developers with new superpowers. By students, for students—with a “secure-by-design” mindset from day one.

I've compiled a collection of vulnerabilities and an overview of attack methods against Github users identified in 2024. The material will be helpful for both developers, #devsecops and #appsec engineers in protecting their projects. medium.com/yandex/securit…

Sprint from idea to Application Security course makrushin.com/application-se…

Advanced Research Review 2024 Let's review last year's perspective research reports. Use the knowledge to refine your strategies, strengthen defenses, and take your findings forward in 2025. makrushin.com/advanced-resea…

Over 1,000 GitHub repositories at risk: how to detect RepoJacking vulnerabilities. In this paper, we share our methodology, tools and key findings to help the community effectively detect and mitigate repository hijacking. makrushin.com/repojacking-gi… #DevSecOps #BugBounty

Secret detection is easy in single repo and deterministic pattern. It gets tricky at enterprise scale monorepos + non-deterministic strings. We benchmarked engines, mapped their limits and defined use-cases with highest precision/recall/perf: medium.com/p/0cf351e74250 #AppSec

Restored my bot that collects security insights. It scrapes #bugbountytips #bugbountytip #bugbounty #pentest #redteam via Playwright, sends it to DeepSeek-V3 for review, publishes daily 13:37 UTC in “Research Hub” TG. Got hashtags / sources to add? DM me. makrushin.com/research-hub/

A small step in the large open-source: CVSS integration in Trivy. At the heart of our #AppSec platform is an open-source SCA project called Trivy. This time, we are not only integrating, but also contributing: in Trivy 0.65.0 release we added the CVSS vector support.