I am a PhD student in the Theoretical Computer Science (TCS) division at KTH Royal Institute of Technology in Stockholm, Sweden. My research interests include application security, web security, static and dynamic code analysis, information flow security. Supervisors: Musard Balliu and Mads Dam.
I am a co-organizer of IT meetups and a member of the program committee of DotNext conference since 2016. I have participated in Microsoft Bug Bounty Programs: CVE-2017-0256, CVE-2018-0787, CVE-2019-0866, CVE-2019-0872, CVE-2019-1306.
- Mikhail Shcherbakov, and Musard Balliu, SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web, NDSS, 2021
- Musard Balliu, Massimo Merro, Michele Pasqua, and Mikhail Shcherbakov, Friendly fire: cross-app interactions in IoT platforms, ACM TOPS 24 (3), 2021
Selected Conference Talks:
- SerialDetector: Principled and Practical Exploration of Object Injection Vulnerabilities for the Web, NDSS, 2021
- .NET deserialization vulns: past, present, and future, PHDays, 2019
- ASP.NET Core: Preventing attacks 2.0, DotNext, 2017
- Preventing attacks in ASP.NET Core, PHDays, 2017
- Under the Hood of the ASP .NET Core Security, DotNext, 2017
- Stranger Things: Vulnerabilities in .NET Platform, DotNext, 2016
- Microsoft Most Valuable Professional (MVP) in 2016, 2017 and 2018.
Compiler Construction (DD2488), assistant | Course web
Computer Security (DD2395), assistant | Course web
Cybersecurity Project (DD2394), assistant | Course web
Language-Based Security (DD2525), assistant | Course web
Principles of Programming Languages (DD2481), assistant | Course web
Project course in System Security (DD2497), assistant | Course web
Software Engineering Fundamentals (DD2480), assistant | Course web
Software Safety and Security (DD2460), assistant | Course web