Security Research Portfolio

Showcasing significant vulnerabilities discovered and responsible disclosure

500+
Total Vulnerabilities Found
50+
Critical Vulnerabilities
100+
High Severity Issues
4+
Years Experience

Featured Security Findings

Authentication Bypass in Major Social Platform

Critical Severity
F******

Discovered a critical authentication bypass vulnerability that could allow attackers to access accounts without knowledge of credentials. This server-side flaw affected millions of users globally.

Impact:

Complete account takeover potential, affecting millions of users worldwide.

$15,000 Bounty

Stored XSS in Game Developer Portal

High Severity
Epic Games

Identified a stored XSS vulnerability in the developer portal that allowed execution of malicious JavaScript in administrator contexts, potentially leading to account compromise.

Impact:

Could allow attackers to perform actions on behalf of administrators and access sensitive developer information.

$7,500 Bounty

BAC Vulnerability in Crypto Wallet

Critical Severity
Metamask

Uncovered an Broken access Control vulnerability that allowed attacker to bypass password protection window and get victim private key, physicall access of wallet is needed.

Impact:

Exposure of seed phrase, potential for financial fraud or theft.

$3,500 Bounty

XSS at T-mobile

High Severity
T-Mobile

XSS at many t-mobile endpoints, leads to API token theft, and attacker can use that token to takeover accounts.

Impact:

XSS leads to Account takeover

$30,000 Bounty in Total

Case Studies

E-commerce Platform Security Assessment

Industry: Retail

Duration: 3 weeks

Comprehensive penetration test of a major e-commerce platform processing over 10,000 transactions daily.

Key Findings:

  • Critical SQL injection vulnerability in product search
  • Broken access control in order management
  • Insecure direct object references in payment processing
  • Business logic flaws in discount application

Result:

Prevented potential data breach affecting 1.5 million customers and financial loss estimated at $2.3 million.

FinTech Mobile Application Assessment

Industry: Financial Technology

Duration: 2 weeks

Security assessment of a mobile banking application with over 500,000 users.

Key Findings:

  • Insufficient certificate pinning implementation
  • Insecure data storage of sensitive user information
  • Authentication bypass in PIN recovery mechanism
  • Weak encryption of local transaction data

Result:

Secured sensitive financial data for half a million users and prevented potential fraud losses.

Healthcare Portal Security Review

Industry: Healthcare

Duration: 4 weeks

Comprehensive security assessment of a patient portal containing sensitive medical records.

Key Findings:

  • Critical IDOR vulnerability exposing patient records
  • Inadequate authorization controls
  • Insecure file upload functionality
  • Session fixation vulnerability

Result:

Protected sensitive medical data of over 200,000 patients and ensured HIPAA compliance.

Areas of Expertise

Cross-Site Scripting (XSS)

100+ XSS vulnerabilities found across various applications, including stored, reflected, and DOM-based variants.

IDOR Vulnerabilities

Specialized in uncovering complex insecure direct object reference vulnerabilities that bypass access controls.

Authentication Flaws

Expert at identifying authentication weaknesses, from bypasses to account takeover vulnerabilities.

Remote Code Execution

Successfully identified numerous high-impact RCE vulnerabilities in web applications and server infrastructure.

Business Logic Flaws

Specialized focus on uncovering business logic vulnerabilities that automated scanners cannot detect.

API Security

Comprehensive experience finding vulnerabilities in REST, GraphQL, and SOAP APIs across various industries.

Ready to enhance your security posture?

Get expert penetration testing at reasonable rates.

Request a Quote