Valeriy ShevchenkoHacking Hackers for fun and profitThis story will be in several parts. In each of the situations, I had to face unexpected results. By and large, these are stories that have…Jan 9, 20232Jan 9, 20232
Valeriy ShevchenkoHow I accidentally hacked many companies using N/A vulnerability in Atlassian CloudBelow you will learn in detail about the discovered vulnerability that allowed me to get about 15000$ in bounty with all secrets from the…Nov 19, 20212Nov 19, 20212
Valeriy ShevchenkoCredential stuffing in Bug bounty huntingBug hunting is not always about looking for classic vulnerabilities (XSS, SQLi, SSRF, RCE, etc). Sometimes it is a search for a new problem…Jul 13, 20211Jul 13, 20211
Valeriy Shevchenko$10,000 for a vulnerability that doesn’t existA couple of months ago, an interesting story happened to me. I caught a Path Traversal issue with no chance to reproduce it again.Jan 7, 2021Jan 7, 2021
Valeriy ShevchenkoFrom CRLF to Account TakeoverAt the beginning of March,while researching one site I discovered the new functionality. The functionality allowed the user to login via…Jun 3, 2020Jun 3, 2020
Valeriy ShevchenkoinInfoSec Write-upsBroke limited scope with a chain of bugsOne morning, I was asked to participate in a private bug bounty program. In general, my experience in security is based on such private…Mar 9, 2020Mar 9, 2020
Valeriy ShevchenkoCritical vulnerabilities in Pulse Secure and Fortinet SSL VPNs in the Wild InternetInfiltrating Corporate Intranet like Banks, Governments, Airports became possible with vulnerable SSL VPN clients.Sep 2, 20191Sep 2, 20191
Valeriy ShevchenkoJenkins RCE PoC or simple pre-auth remote code execution on the Server.Once upon a time, a friend of mine asked me a question — "Do you know any fresh RCE for the Jenkins environment ?". I was informed already…Aug 19, 2019Aug 19, 2019
Valeriy ShevchenkoTwo Easy RCE in Atlassian ProductsIt was a long time from my last article. It was so many interesting results in my work. Seems that it's right time to share my knowledge…Aug 9, 20192Aug 9, 20192
Valeriy ShevchenkoSSRF Vulnerability due to Sentry misconfigurationThat story happened when I saw that disclosed report.May 27, 20193May 27, 20193