I’m Evgeniy (Eugene) Yakovchuk, a self-employed security researcher from Ukraine, currently active mainly on HackerOne (from October 2016), Synack (from March 2019) and BugCrowd. I started in infosec in late 2016, and I was being a developer previously for 7 years (Web, Desktop Apps for Windows).
I’m doing bug bounties as a hobby, around 10-15 hrs a week. I’m not hunting for the HoFs, employment in the billion-dollar companies, money, or popularity – I’m doing it because I like it. Previously, when I did not hear about such platforms as HackerOne, BugCrowd, Synack, and others, I helped other companies, sometimes for free (“see something – say something!”). When I discovered the HackerOne in 2016, it was a surprise for me, and I immediately started to work on this platform.
This won’t be a typical “I’m [insert here tech words/certifications] professional…” post because I strongly believe that words often don’t matter, but actions matter. The goal of this post is to share some facts from my past instead to better understand my character and how and why I ended up here.
Few things from the past:
I got my first computer in 2005, when I was a kid, because of
I learned the PC/Windows basics very quickly and used PC mainly for the games (hi NFS, Doom 3, GTA:SA). In the same year, I discovered that I very like to rewrite something in the games, break existing stuff, and add something new (usually it is called modding). This could not be possible without additional knowledge – like tools, scripting languages, etc.
I decided to become a programmer after a funny case in the same 2005: one day, I accidentally deleted the PS/2 port driver (there was no USB in my PC) from my Windows XP system (i8042prt.sys). As a result, the keyboard and mouse no more worked (it means that I couldn’t do anything with them). Rebooting didn’t help, there was no internet (very small amount of people in my area had it that time), no USB, no OS install disc, no PC service, no system restore (and no experience). But I had the CD-ROM. Because I was afraid, what my parents will say, it took 1 day to learn CMD shell commands without any material (by the pure trial-and-error method, using help command on my friend’s machine), how CD autorun works (had few CDs with autorun), burn the CD on another machine with a .bat file to copy driver file (taken from another machine) from the disc to the correct system directory automatically after inserting the disc to the CD-ROM. Too complicated for such an easy case? Maybe, but it was strange times… Now such a problem could be solved in a few minutes, in several ways.
But there were not only wins – epic fails too (and many enough)! A few months later I came to the conclusion that my machine isn’t providing enough frames per second in my favorite games, so I decided to overclock the PC. I successfully overclocked CPU and RAM via BIOS settings and GPU via drivers. But it was not enough for my curiosity. Then I remembered that my power supply had a red switch and decided to push it while playing the game. Red should mean something cool, isn’t it? I bet you already know what happened next. My parents were not very happy once they smell the smoke coming from my room.
Almost every single day I practiced something, facing with software/hardware fails/wins as a result of my actions. This possibly was one of the things which done its share to who I am now – I preferred practicing over theory, even if it wasn’t often a good decision.
Anyway, in the next years, I finished High School (with mathematical specialization) and knew several languages (Delphi, Turbo Pascal). I also liked the hardware stuff and was a big fan of any kind of PC-related hardware. Must admit that I very loved to learn – also like history (particularly ancient civilizations, US/EU history), biology, mathematics, psychology – tried to consume as much data as possible.
By the results of the global admission tests, I was in the 1% of best in the country and could enter to any university for free in the country, but chose a small local university (it was convenient for me). The admissions board of the university was like, “wtf are you doing here, why not trying with big famous universities?” and I could only shrug because I didn’t know myself. Initially, I planned to be a teacher either of math or computer science – I could explain things well enough and had a bunch of funny stories to cheer up the class if bored. The next 6 years I spend in the university and graduated with a Master’s Degree. Someone can say that it was wasting of the time (and in some sense, it was, at least in programming – most things learned myself), but it was not hard for me, and I could do my favorite stuff during learning in the University. The getting a degree may be completely useless for real-life (itself it had zero impact on my career) and doesn’t mean anything, but in my experience, it improved few important skills – discipline, ability to create and prove my own methodologies and ability to fundamentally research the topic. I always tried to think differently than others, and this behavior was not always liked by some of my teachers:)
During studying, I was employed by the University, and also worked on my own projects (I can call it little startups), learned С++/C# languages, reverse engineering (for fun) and Web Development basics (both front-end and back-end – it took 2 years to learn PHP+JS stack on good level). I started to think about switching to the infosec, after one interesting finding (Access Control issue in the Facebook-based online game), which will be highlighted in the first blog post. I left the job at the university and focused on my projects and security. That’s how I discovered bug hunting and vulnerability research. It appeared to be that thing I looked for so long, in line with my spirit. Someone can ask, why I’m still not working in the company? During the last years, I discovered, that I can’t work effectively upon even a little pressure, timelines, deadlines, etc, due to some significant problems with health. It forced me to chose self-employment as the most suitable work form at this time – when I completely control, how much I work, earn, and how much I take rest. The freedom.
My favorite things to do (not related to the IT):
I like to read books (have mini-library), spend time with family and friends, traveling, collecting (both physical and digital things), playing table tennis, watching TV-series.