Mikhail Shcherbakov
@yu5k3.bsky.social
Doing security research. For fun and profit...
Just noticed @elastic.co shipped a bunch of CVEs for the 0-days I reported. Threading them here for memory and tipping my hat to the Elastic Security Team ❤️ top-tier BBP and meticulous triage. Highly recommended for Bug Hunters 😎
#bugbounty #0day #rce
#bugbounty #0day #rce
May 7, 2025 at 7:19 PM
Just noticed @elastic.co shipped a bunch of CVEs for the 0-days I reported. Threading them here for memory and tipping my hat to the Elastic Security Team ❤️ top-tier BBP and meticulous triage. Highly recommended for Bug Hunters 😎
#bugbounty #0day #rce
#bugbounty #0day #rce
✌️ Bug Bounty Tip: If you don't have time to watch the full video, just check out this slide!
If you find a very restricted Prototype Pollution where you can only add empty objects or arrays to the prototype, but the gadget requires properties with payloads..
#bugbounty #bugbountytips #bugbountytip
If you find a very restricted Prototype Pollution where you can only add empty objects or arrays to the prototype, but the gadget requires properties with payloads..
#bugbounty #bugbountytips #bugbountytip
December 11, 2024 at 12:02 PM
✌️ Bug Bounty Tip: If you don't have time to watch the full video, just check out this slide!
If you find a very restricted Prototype Pollution where you can only add empty objects or arrays to the prototype, but the gadget requires properties with payloads..
#bugbounty #bugbountytips #bugbountytip
If you find a very restricted Prototype Pollution where you can only add empty objects or arrays to the prototype, but the gadget requires properties with payloads..
#bugbounty #bugbountytips #bugbountytip
Can you add me too? A brief prof of my experience in bug bounty, now doing BB full-time 🤪
November 23, 2024 at 4:52 PM
Can you add me too? A brief prof of my experience in bug bounty, now doing BB full-time 🤪
Most common question for freshly defended PhDs: What's next? Honestly... I'd love to know too! God, give me a sign!
God: Your defense will be in room 1337.
me: Say no more. I shall become a Bug Hunter! Full-time Bug Hunter!
God: 😳
God: Your defense will be in room 1337.
me: Say no more. I shall become a Bug Hunter! Full-time Bug Hunter!
God: 😳
November 22, 2024 at 2:08 PM
Most common question for freshly defended PhDs: What's next? Honestly... I'd love to know too! God, give me a sign!
God: Your defense will be in room 1337.
me: Say no more. I shall become a Bug Hunter! Full-time Bug Hunter!
God: 😳
God: Your defense will be in room 1337.
me: Say no more. I shall become a Bug Hunter! Full-time Bug Hunter!
God: 😳
🎓 Major November Update: I successfully defended my Ph.D. thesis, "Code-Reuse Attacks in Managed Programming Languages and Runtimes"!
📖 Full text: github.com/yuske/PhD_Th...
Check it out if you're interested in attacks based on Prototype Pollutions, Object Injection Vulnerabilities, and want to...
📖 Full text: github.com/yuske/PhD_Th...
Check it out if you're interested in attacks based on Prototype Pollutions, Object Injection Vulnerabilities, and want to...
November 21, 2024 at 4:45 PM
🎓 Major November Update: I successfully defended my Ph.D. thesis, "Code-Reuse Attacks in Managed Programming Languages and Runtimes"!
📖 Full text: github.com/yuske/PhD_Th...
Check it out if you're interested in attacks based on Prototype Pollutions, Object Injection Vulnerabilities, and want to...
📖 Full text: github.com/yuske/PhD_Th...
Check it out if you're interested in attacks based on Prototype Pollutions, Object Injection Vulnerabilities, and want to...