Lenin Alevski
| Lenin Alevski | |
|---|---|
alevski | |
| Born | |
| 💼 Occupation | Computer security specialist, hacker, and public speaker |
| 👔 Employer | |
| 🏢 Organization | BSidesSF |
Lenin Alevski is a Mexican security engineer and independent security researcher. He is known for discovering multiple vulnerabilities in cloud-native technologies and for presenting at international cybersecurity conferences. Alevski currently works as a security engineer at Google and is a content review team member for BSidesSF.
Career
Alevski has worked as a security engineer at Google since 2022. In this role, he provides security guidance to engineering teams, conducts risk assessments, and develops security standards. His work focuses on infrastructure security, automation of security reviews, and threat modeling.
Security Research
Alevski has identified several security vulnerabilities in widely used software, leading to the assignment of Common Vulnerabilities and Exposures (CVEs). Some of his notable discoveries include:
- CVE-2023-39059 – A vulnerability in Ansible Semaphore that allows remote code execution through crafted payloads in the extra variables parameter.[1][2]
- CVE-2022-35919 – A path traversal vulnerability in MinIO’s admin API that could expose arbitrary files.[3][4]
- CVE-2021-41266 – An authentication bypass issue in MinIO’s Operator Console affecting external IDP configurations.[5][6]
Talks and Conferences
Alevski has spoken at numerous cybersecurity conferences, including DEF CON, RSA Conference, and BSides events, focusing primarily on Kubernetes security, application security, and cloud security. Some of his notable talks include DEF CON 32 (2024) in Las Vegas, NV, US, where he covered topics such as Chatbots for Cybersecurity[7], Recon MindMap[8], Kubernetes Security[9], and Red Team Kubernetes Attacks[10]. At the RSA Conference (2024, 2023, 2022) in San Francisco, CA, US, he presented on Kubernetes Security and Chatbots for Cybersecurity. He also conducted hands-on Kubernetes Security sessions at BSidesSF (2024[11], 2023, 2022) in San Francisco, CA, US. Additionally, he spoke about Kubernetes Security at the DragonJAR Security Conference (2024)[12] in Bogotá, Colombia, and at HACKMIAMI XI (2024)[13] in Sunny Isles Beach, FL, US.
Media Coverage
Alevski’s research has gained significant attention from multiple cybersecurity news outlets, particularly for his work on security vulnerabilities in Mastodon. His findings have been featured in renowned publications such as Forbes[14], which highlighted security issues in the Twitter alternative, TechRadar[15], where experts analyzed Mastodon’s flaws, Dark Reading[16], which examined the platform’s vulnerabilities under scrutiny, SC Media[17], discussing the increasing security concerns as Mastodon’s popularity grows, and SecurityWeek[18], which covered researchers' growing interest in the platform’s security as its user base expands.
References
- ↑ "CVE-2023-39059". Retrieved 6 February 2025.
- ↑ "Security Advisory for CVE-2023-39059". Retrieved 6 February 2025.
- ↑ "CVE-2022-35919". Retrieved 6 February 2025.
- ↑ "MinIO Security Advisory". Retrieved 6 February 2025.
- ↑ "CVE-2021-41266". Retrieved 6 February 2025.
- ↑ "MinIO Console Security Advisory". Retrieved 6 February 2025.
- ↑ "Chatbots - lavillahacker". Archived from the original on 2025-01-11. Retrieved 2025-04-13.CS1 maint: Unfit url (link)
- ↑ "Recon MindMap - reconvillage". Archived from the original on 2025-01-30. Retrieved 2025-04-13.CS1 maint: Unfit url (link)
- ↑ "Kubernetes Security: Hands-On Attack and Defense". Archived from the original on 2024-12-07. Retrieved 2025-04-13.CS1 maint: Unfit url (link)
- ↑ "The Red Team Village - Introduction to Kubernetes common attack techniques". Archived from the original on 2024-11-19. Retrieved 2025-04-13.CS1 maint: Unfit url (link)
- ↑ "BSidesSF 2024". Archived from the original on 2024-11-19. Retrieved 2025-04-13.CS1 maint: Unfit url (link)
- ↑ "Dragonjar Security Conference 2024". Archived from the original on 2024-09-10. Retrieved 2025-04-13.CS1 maint: Unfit url (link)
- ↑ "Kubernetes Insecurity - Attacking & Defending Modern Infrastructure". Archived from the original on 2024-04-23. Retrieved 2025-04-13.CS1 maint: Unfit url (link)
- ↑ "Twitter Alternative Mastodon Has Security Issues". Retrieved 6 February 2025.
- ↑ "Security Experts Are Laying Mastodon's Flaws Bare". Retrieved 6 February 2025.
- ↑ "Cybersecurity Pros Put Mastodon Flaws Under the Microscope". Retrieved 6 February 2025.
- ↑ "Mastodon Security Increasingly Scrutinized Amid Growing Popularity". Retrieved 6 February 2025.
- ↑ "Security Researchers Looking at Mastodon as Its Popularity Soars". Retrieved 6 February 2025.
External links
This article "Lenin Alevski" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Lenin Alevski. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
