I received my Master's degree in Automation and Control Systems from the
National Mining University of Ukraine (Dnipro), and my Ph.D. from the
International Doctorate School in Information and Communication Technologies
(ICT) at the University of Trento (Italy) under the supervision of Prof. Fabio Massacci.
Before starting my Ph.D. studies, I worked as a software quality assurance
engineer at Sitecore (Ukrainian office).
Currently, I am a Principal Security Researcher at Forescout Research Labs.
My main research interests are network and software security.
I am finding and exploiting vulnerabilities in IoT, OT and IoMT, and I have 100+ CVEs to my name. I also sometimes talk at technical conferences.
- Talks
-
-
"A Closer Look at the Gaps in the Grid: New Vulnerabilities and Exploits Affecting Solar Power Systems", will be presented at Black Hat Asia 2025.
-
"When (Remote) Shells Fall Into The Same Hole: Rooting DrayTek Routers Before Attackers Can Do It Again", Black Hat Europe 2024.
(technical report)
(slides)
-
"Ghosts'n'gadgets: common buffer overflows that still haunt our networks", Hack.lu 2024.
(video)
(slides)
-
"Old Code Dies Hard: ...", Black Hat Europe 2023.
(technical report)
(slides)
-
"Route to Bugs: Analyzing The Security of BGP Message Parsing", Black Hat USA 2023 and DEFCON USA 2023.
(technical report)
(slides)
-
"NAME:WRECK Breaking and Fixing DNS Implementations", Black Hat Asia 2021.
(technical report)
(slides)
-
"How Embedded TCP/IP Stacks Breed Critical Vulnerabilities", Presented at Black Hat Europe 2020.
(technical report)
(slides)
- RFCs
-
-
S. Dashevskyi, D. dos Santos, J. Wetzels, and A. Amri,
"RFC 9267: Common Implementation Anti-Patterns Related to Domain Name System (DNS) Resource Record (RR) Processing."
- Selected Academic Papers
-
-
S. Dashevskyi, A. D. Brucker, and F. Massacci. "A Screening Test for
Disclosed Vulnerabilities in FOSS Components". IEEE
Transactions on Software Engineering (TSE), 2018.
Prepub version
-
I. Pashchenko, S. Dashevskyi, and F. Massacci.
"DeltaBench: Differential Benchmark for Static Analysis
Security Testing Tools". In Proceedings of the International
Symposium on Empirical Software Engineering and Measurement
(ESEM), 2017. Prepub version
-
S. Dashevskyi, A. D. Brucker, and F. Massacci. "On the Security Cost of
Using a Free and Open Source Component in a Proprietary Product". In Proceedings
of the Engineering Secure Software and Systems Conference (ESSoS), 2016.
Prepub version
-
V.H. Nguyen,S. Dashevskyi, and F. Massacci. "An Automatic Method for
Assessing the Versions Affected by a Vulnerability". Empirical Software
Engineering (ESE), 2016.
-
S. Dashevskyi, D. R. Dos Santos, F. Massacci, and A. Sabetta. "TestREx:
a Testbed for Repeatable Exploits". In Proceedings of the 7th USENIX Workshop on
Cyber Security Experimentation and Test (USENIX CSET), 2014.
Publisher's version
- Theses
-
-
S. Dashevskyi. "Security Assessment of Open Source Third-Parties Applications". PhD thesis,
University of Trento, Italy, 2017.
- Patents
-
-
A. D. Brucker, S. Dashevskyi. "Vulnerability Analysis of Software
Components", US Patent App. 14/965,449, 2017.
-
A. Sabetta, L. Compagna, S. Ponta, S. Dashevskyi, D.R. Dos Santos, and F.
Massacci. "Multi-Context Exploit Test Management". US Patent App. 14/692,203, 2016.