Valeriy ShevchenkoHacking Hackers for fun and profitThis story will be in several parts. In each of the situations, I had to face unexpected results. By and large, these are stories that have…·6 min read·Jan 9, 2023--2--2
Valeriy ShevchenkoHow I accidentally hacked many companies using N/A vulnerability in Atlassian CloudBelow you will learn in detail about the discovered vulnerability that allowed me to get about 15000$ in bounty with all secrets from the…·11 min read·Nov 19, 2021--2--2
Valeriy ShevchenkoCredential stuffing in Bug bounty huntingBug hunting is not always about looking for classic vulnerabilities (XSS, SQLi, SSRF, RCE, etc). Sometimes it is a search for a new problem…·6 min read·Jul 13, 2021--1--1
Valeriy Shevchenko$10,000 for a vulnerability that doesn’t existA couple of months ago, an interesting story happened to me. I caught a Path Traversal issue with no chance to reproduce it again.·8 min read·Jan 7, 2021----
Valeriy ShevchenkoFrom CRLF to Account TakeoverAt the beginning of March,while researching one site I discovered the new functionality. The functionality allowed the user to login via…·7 min read·Jun 3, 2020----
Valeriy ShevchenkoinInfoSec Write-upsBroke limited scope with a chain of bugsOne morning, I was asked to participate in a private bug bounty program. In general, my experience in security is based on such private…·7 min read·Mar 9, 2020----
Valeriy ShevchenkoCritical vulnerabilities in Pulse Secure and Fortinet SSL VPNs in the Wild InternetInfiltrating Corporate Intranet like Banks, Governments, Airports became possible with vulnerable SSL VPN clients.·5 min read·Sep 2, 2019--1--1
Valeriy ShevchenkoJenkins RCE PoC or simple pre-auth remote code execution on the Server.Once upon a time, a friend of mine asked me a question — "Do you know any fresh RCE for the Jenkins environment ?". I was informed already…4 min read·Aug 19, 2019----
Valeriy ShevchenkoTwo Easy RCE in Atlassian ProductsIt was a long time from my last article. It was so many interesting results in my work. Seems that it's right time to share my knowledge…4 min read·Aug 9, 2019--2--2
Valeriy ShevchenkoSSRF Vulnerability due to Sentry misconfigurationThat story happened when I saw that disclosed report.2 min read·May 27, 2019--3--3