Search for vulnerabilities in software during exploitation
January 22, 2026·245 views

🤔 Search for vulnerabilities in software during exploitation

Today I listened to a cool webinar with Artem Khramykh from AktivConsulting.

I hope the recording will be available to you soon and you will be able to note the main features, but for my part I will note the following:

• The context of a real launch, where the vulnerability is visible only taking into account the data, configuration, feature flags and environment

• The operating vector of the attack is important, as is the payload into effect: RCE, LFI, data access

• Logs, traces, RASP/IAST are used: you can see which request, which function and which data reached the dangerous operation

• Bugs after authorization: IDOR, escalation of rights, abuse of legal functions

• The vulnerability is specific to the product configuration: IAM, network, secrets, service versions

• The vulnerability is already in production, there is a PoC and temporary measures are needed until the code is fixed

And yes, it’s still worth looking at colleagues and their cases at AKTIV.CONSULTING @aktivcons.

#reco #research #riskanalysis

#reco#reserch#riskanalysis
Open in Telegram