I am a PhD student in the Theoretical Computer Science (TCS) division at KTH Royal Institute of Technology in Stockholm, Sweden. My research interests include application security, web security, static and dynamic code analysis, information flow security. Supervisors: Musard Balliu and Mads Dam.
I am a co-organizer of IT meetups and a member of the program committee of DotNext conference since 2016. I have participated in Microsoft Bug Bounty Programs: CVE-2017-0256, CVE-2018-0787, CVE-2019-0866, CVE-2019-0872, CVE-2019-1306.
- Mikhail Shcherbakov, and Musard Balliu, SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web, NDSS, 2021
- Musard Balliu, Massimo Merro, Michele Pasqua, and Mikhail Shcherbakov, Friendly fire: cross-app interactions in IoT platforms, ACM TOPS 24 (3), 2021
Selected Conference Talks:
- State of the Art: Insecure Deserialization, PHDays, 2021
- SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web, NDSS, 2021
- .NET deserialization vulns: past, present, and future, PHDays, 2019
- ASP.NET Core: Preventing attacks 2.0, DotNext, 2017
- Preventing attacks in ASP.NET Core, PHDays, 2017
- Under the Hood of the ASP .NET Core Security, DotNext, 2017
- Stranger Things: Vulnerabilities in .NET Platform, DotNext, 2016
- Microsoft Most Valuable Professional (MVP) in 2016, 2017 and 2018.