I’m Evgeniy (Eugene) Yakovchuk, a self-employed security researcher from Ukraine, currently active mainly on HackerOne (from October 2016), Synack (from March 2019) and BugCrowd. I started in infosec in late 2016, and I was being a developer previously for 7 years (Web, Desktop Apps for Windows).
I’m doing bug bounties as a hobby, around 10-15 hrs a week. I’m not hunting for the HoFs, employment in the billion-dollar companies, money, or popularity – I’m doing it because I like it. Previously, when I did not hear about such platforms as HackerOne, BugCrowd, Synack, and others, I helped other companies for free (“see something – say something!”). When I discovered the HackerOne in 2016, it was a surprise for me, and I immediately started to work on this platform.
My short IT bio:
I got my first computer in 2005, when I was a kid, because of
I learned the PC/Windows basics very quick and used PC mainly for the games (hi NFS, Doom 3, GTA:SA). But even that time, in the same year, I discovered that I very like to rewrite something in the games, break existing stuff, and add my own things (usually it is called modding). This could not be possible without additional knowledge – like tools, scripting languages etc.
But I definitely decided that I become a programmer after funny case in the same 2005: one day, I accidentally deleted the PS/2 port driver (there was no USB in my PC) from my Windows XP system (i8042prt.sys). As a result, keyboard and mouse no more worked (it means that I couldn’t do anything with them). Rebooting didn’t help, there was no internet (very small amount of people had it that time), no USB, no OS install disc, no PC service, no system restore (and no experience). But I had the CD-ROM. Because I was afraid, what my parents will say, it took only 1 day to learn CMD shell commands without any material (by the pure trial-and-error method), how CD autorun works, burn the CD on another machine, and copy driver file (taken from another machine) from the disc to the correct system directory automatically after inserting the disc to the CD-ROM. Too complicated for such easy case? Maybe, but it was strange times…Now such problem could be solved in a few minutes, by several ways.
Anyway, next years I finished the High School (with mathematical specialization) and had knowledge of the several languages (Delphi, Turbo Pascal). I also liked the hardware stuff and was a big fan of any kind of PC-related hardware. Must admit that I very loved to learn – also like history, biology, mathematics, psychology – but programming I like more:)
By the results of the global admission tests, I was in the 1% of best in the country and could enter to the absolutely any university in the country, but chose a small local university (it was convenient for me). Next 6 years I spend in the university and graduated with a Master’s Degree. Someone can say that it was wasting of the time (and in some sense, it was, at least in programming – most things learned myself), but it was not hard for me, and I could do my favorite stuff during learning in the University. I always tried to think differently than others, and this behavior was not always liked by some of my teachers:) During studying, I was employed by the University, and also worked on my own projects (I can call it little startups), learned С++/C# languages, reverse engineering (for fun) and Web Development basics (both front-end and back-end – it took 2 years to learn PHP+JS stack on good level). I started to think about switching to the infosec, after one interesting finding (Access Control issue in the Facebook-based online game), which will be highlighted in the first blog post. I left the job at the University and focused on my projects and security. That’s how I discovered bug hunting and vulnerability research. Someone can ask, why I’m still not working in the company? Upon last years, I discovered, that I can’t work effectively upon even a little pressure, timelines, deadlines, etc, due to some problems with health. I think I just haven’t found my company yet – so chose self-employment as most suitable work form at this time – when I completely control, how much I work, earn, and how much I take rest.
My favorite things to do (not related to the IT):
I like to read books (have mini-library), spend the time with the family and friends, traveling, collecting, watching TV-series.