Skip to content
View DavidOsipov's full-sized avatar
🏠
Working from home
🏠
Working from home

Organizations

@Phishing-Database @telemt

Block or report DavidOsipov

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
DavidOsipov/README.md

Hey, I’m David Osipov 👋

I’m a B2B Product Leader and independent security researcher working at the intersection of cybersecurity, AI, open Internet infrastructure, and machine-readable trust.

I’m currently focused on two tracks:

  • building and maintaining censorship-resilient Telegram infrastructure with the Telemt community;
  • researching security, trust, and metadata failures in large Internet platforms.

I’m credited as the independent researcher behind CVE-2026-14440, a Cloudflare Universal SSL / CAA / RFC 8657 vulnerability involving automatic CAA management and end-to-end enforcement of accounturi / validationmethods.

I’m also CPO at The Flip, where we work on generative engine optimization, entity-level trust, machine-readable facts, and evidence-backed knowledge infrastructure.


Current focus

I created and maintain tdlib-obf, a security-hardened fork of TDLib for high-threat network environments.

The project focuses on MTProto traffic masking, anti-DPI transport behavior, and client-side support for censorship-resilient Telegram access. It is designed to work together with the Telemt Rust MTProxy server.

Status: alpha / pre-first official release.

I contribute to telemt, a Rust + Tokio MTProxy server for Telegram.

Telemt is a fast, secure, production-oriented MTProxy implementation with a large user and operator community. I help with product direction, community operations, threat modeling, documentation, testing, and ecosystem development.

I’m one of the admins in the Telemt community, which has grown to 21k+ people on Telegram. The main telemt/telemt repository has around 5k GitHub stars.


Security research

CVE-2026-14440 — Cloudflare Universal SSL / CAA / RFC 8657

I discovered and coordinated the disclosure of a Cloudflare Universal SSL issue where automatic CAA management can supersede customer-configured CAA records at query time.

In affected Universal SSL configurations, RFC 8657 accounturi and validationmethods protections may not be enforced end-to-end. Successful exploitation is non-trivial and requires a strong network position, but the impact can include issuance of a browser-trusted TLS certificate and a man-in-the-middle window against the affected domain.

Official records:


Product background

I’ve worked across B2B SaaS, cybersecurity, enterprise software, mobility, and consulting.

Previously, I was Lead Product Manager at DeskAlerts, where I led the development of a new SaaS suite from scratch, worked with enterprise security requirements, and contributed to product growth.

Earlier roles included:

  • Product Ops Analyst at DiDi Global
  • Senior Business Analyst at Paragon Consulting
  • freelance product and market research work for international companies

My product work usually combines market research, customer discovery, roadmap ownership, technical writing, data analysis, and systems thinking.


Open knowledge and mapping

I care about public knowledge infrastructure.

I contribute to:

  • OpenStreetMap and Mapillary
  • Wikidata and Wikipedia
  • MusicBrainz
  • open cybersecurity datasets and anti-phishing communities

Selected public identifiers:


Skills

Product leadership: B2B SaaS, roadmap strategy, discovery, market research, enterprise requirements, stakeholder management
Cybersecurity: vulnerability research, TLS/PKI, CAA, CVE coordination, phishing intelligence, threat modeling, OSINT
Internet infrastructure: MTProxy, Telegram transport, DPI resistance, DNS, certificate issuance, routing-risk analysis
AI and data: AI-assisted research, prompt engineering, information extraction, structured metadata, knowledge graphs
Web and tooling: Python, Astro, Tailwind CSS, schema markup, performance optimization, GitHub workflows
Languages: Russian, English, Georgian, French, German


Contact

Verify identity:

Pinned Loading

  1. Phishing-Database/phishing Phishing-Database/phishing Public

    The central repository for adding or removing domains, links, and IPs from the Phishing.Database project.

    83 268

  2. gmpy2-stubs gmpy2-stubs Public

    PEP 561 type stubs for gmpy2 2.2.1, a Python extension wrapping the GMP, MPFR, and MPC arbitrary-precision arithmetic libraries. Improves static type checking and IDE support.

    Python 5 2

  3. telemt/tdlib-obf telemt/tdlib-obf Public

    Forked from tdlib/td

    Fork of cross-platform library for building Telegram clients with much improved traffic masking

    C++ 134 3