Stanislav Dashevskyi

PhD, Security Researcher



Email (personal) :

Github: https://github.com/standash



I received my Master's degree in Automation and Control Systems from the National Mining University of Ukraine (Dnipro), and my Ph.D. from the International Doctorate School in Information and Communication Technologies (ICT) at the University of Trento (Italy) under the supervision of Prof. Fabio Massacci. Before starting my Ph.D. studies, I worked as a software quality assurance engineer at Sitecore (Ukrainian office).

Currently, I am a Principal Security Researcher at Forescout Research Labs. My main research interests are network and software security. I am finding and exploiting vulnerabilities in IoT, OT and IoMT, and I have 100+ CVEs to my name. I also sometimes talk at technical conferences.

Talks
  1. "A Closer Look at the Gaps in the Grid: New Vulnerabilities and Exploits Affecting Solar Power Systems", will be presented at Black Hat Asia 2025.
  2. "When (Remote) Shells Fall Into The Same Hole: Rooting DrayTek Routers Before Attackers Can Do It Again", Black Hat Europe 2024. (technical report) (slides)
  3. "Ghosts'n'gadgets: common buffer overflows that still haunt our networks", Hack.lu 2024. (video) (slides)
  4. "Old Code Dies Hard: ...", Black Hat Europe 2023. (technical report) (slides)
  5. "Route to Bugs: Analyzing The Security of BGP Message Parsing", Black Hat USA 2023 and DEFCON USA 2023. (technical report) (slides)
  6. "NAME:WRECK Breaking and Fixing DNS Implementations", Black Hat Asia 2021. (technical report) (slides)
  7. "How Embedded TCP/IP Stacks Breed Critical Vulnerabilities", Presented at Black Hat Europe 2020. (technical report) (slides)
RFCs
  1. S. Dashevskyi, D. dos Santos, J. Wetzels, and A. Amri, "RFC 9267: Common Implementation Anti-Patterns Related to Domain Name System (DNS) Resource Record (RR) Processing."
Selected Academic Papers
  1. S. Dashevskyi, A. D. Brucker, and F. Massacci. "A Screening Test for Disclosed Vulnerabilities in FOSS Components". IEEE Transactions on Software Engineering (TSE), 2018. Prepub version
  2. I. Pashchenko, S. Dashevskyi, and F. Massacci. "DeltaBench: Differential Benchmark for Static Analysis Security Testing Tools". In Proceedings of the International Symposium on Empirical Software Engineering and Measurement (ESEM), 2017. Prepub version
  3. S. Dashevskyi, A. D. Brucker, and F. Massacci. "On the Security Cost of Using a Free and Open Source Component in a Proprietary Product". In Proceedings of the Engineering Secure Software and Systems Conference (ESSoS), 2016. Prepub version
  4. V.H. Nguyen,S. Dashevskyi, and F. Massacci. "An Automatic Method for Assessing the Versions Affected by a Vulnerability". Empirical Software Engineering (ESE), 2016.
  5. S. Dashevskyi, D. R. Dos Santos, F. Massacci, and A. Sabetta. "TestREx: a Testbed for Repeatable Exploits". In Proceedings of the 7th USENIX Workshop on Cyber Security Experimentation and Test (USENIX CSET), 2014. Publisher's version
Theses
  1. S. Dashevskyi. "Security Assessment of Open Source Third-Parties Applications". PhD thesis, University of Trento, Italy, 2017.
Patents
  1. A. D. Brucker, S. Dashevskyi. "Vulnerability Analysis of Software Components", US Patent App. 14/965,449, 2017.
  2. A. Sabetta, L. Compagna, S. Ponta, S. Dashevskyi, D.R. Dos Santos, and F. Massacci. "Multi-Context Exploit Test Management". US Patent App. 14/692,203, 2016.