Sahar Shlichove

sahar shlichove (mixbanana) doesn't specialize. he hunts wherever the assumption is.

kubernetes clusters where a directory traversal means service-account tokens, means the whole cluster. MongoDB internals where uninitialized heap memory leaks what the developer assumed was zeroed. windows protocol handlers where an environment variable filter has a gap wide enough for an RCE. cloud tenancy boundaries the architecture diagram says are walls but the runtime says are suggestions. AI guardrails that fold under one structured prompt.

he finds bugs across every layer because the bug is always the same bug: somebody believed something about their code that isn't true.

that's why he's at snailsploit. same thesis. same instinct. different substrate.

sahar and avraham shemesh have been friends since childhood — teen hackers who grew up breaking things together. i met them both through a previous role, and we clicked. we've been researching together since. each one of us is an undeniable piece of the chain. and if you ask me and avraham, sahar is the most dangerous hacker we know.

sahar and avraham built their own saas at 16 — sold it to buy their first car.

before offense, defense: senior SOC analyst at TrustNet, malware analyst professional (levels 1 & 2) through uriel kosayev's TrainSec academy. now runs offensive operations against supply-chain infrastructure at scale. also a sharp automation engineer.

eight vendor security teams have credited him by name for vulnerabilities he found and responsibly disclosed:

apple. IBM. palo alto. red hat. broadcom. apache. and the Israeli national cyber directorate's own VDP leaderboard. that's not a list — it's a pattern. he finds what internal teams miss, across codebases they built, in infrastructure they operate.

CVE-2023-40297 — directory traversal in stakater forecastle 1.0.127 (CVSS 7.5). kubernetes app-discovery component. arbitrary file read → service-account tokens → cluster. discovered, disclosed, published.

CVE-2025-14847 (MongoBleed) — critical uninitialized heap memory disclosure in MongoDB server. active exploit/PoC code.

CVE-2023-4771 — CKEditor 4 XSS via AJAX sample. published working proof-of-concept.

microsoft excel URI scheme RCE — discovered a vulnerability in windows protocolhandler.exe allowing remote code execution by bypassing environment variable filters. full exploit chain published.

shodan broken access control — IDOR exposing membership-tier features to unauthenticated users. acknowledged by shodan.

ID-verified HackerOne profile (mixbanana), active on AWS and MUFG VDPs, submitting to NVIDIA via intigriti.

demo track speaker alongside orel bitan and itay meller (AWS). live demonstration: transforming a research blog into a fully functional attack environment in AWS using AI. not a slide deck — a live attack.

authored the chatgpt-red-team structural prompt framework and published research on bypassing GPT-5 guardrails. the same thesis that runs through snailsploit — prompt injection and social engineering are the same attack class, executed against different substrates — runs through his work.

provided the foundational offensive security checklists behind claude-red, snailsploit's autonomous AI red-teaming operator. credited in the published papers social engineering framework and position: AI systems are inherently vulnerable.

when multi-tenant isolation completely falls apart — the assumption that tenant boundaries hold under adversarial pressure

CORS end-to-end — the full attack surface of cross-origin misconfiguration