I hunt for account takeover vulnerabilities and authentication logic flaws in real-world applications. My approach centers on understanding how systems fail under edge cases rather than relying on payload-driven testing.
Areas where I've developed deep expertise and consistently find critical vulnerabilities
Finding and exploiting vulnerabilities that allow unauthorized account access through OTP bypasses, session hijacking, and authentication logic flaws. This is where I spend most of my research time.
Analyzing login flows, token validation, permission checks, and finding privilege escalation vectors. Understanding how authentication systems break at their edges.
Abusing application workflows, feature interactions, and system assumptions to bypass restrictions and controls. Thinking beyond traditional vulnerability classes.
Reviewing client-side code for sensitive data exposure, API key leaks, and frontend security controls. Understanding how frontend logic can enable backdoor access.
Developing custom search patterns and reconnaissance techniques to identify exposed credentials, configuration files, and sensitive information across platforms.
Testing GraphQL/REST endpoints for injection, broken object level authorization, excessive data exposure, and learning new technologies on-demand for specific targets.
Real-world vulnerabilities discovered across bug bounty programs
Discovered a race condition in the registration flow that allowed account creation using any email address without verification. By chaining this with OTP handling flaws, complete account takeover was achievable.
Demonstrates how timing issues combined with trust assumptions can break otherwise "secure" authentication systems. This finding represents my focus on exploit chains rather than single vulnerabilities.
Abused the message editing feature to bypass free-tier message limits. The flaw existed due to missing enforcement when modifying existing messages after limits were reached.
Shows how non-obvious feature interactions can invalidate core product controls without traditional vulnerabilities. This required understanding how the system tracked and enforced limits.
Built custom search patterns to identify exposed configuration files, leading to the discovery of 25+ production secrets including API keys, database credentials, and third-party service tokens.
Highlights a recon-driven methodology rather than opportunistic discovery. This finding demonstrates the importance of systematic information gathering and understanding what to look for.
Injected persistent XSS payloads via username, name, and address fields. Payload executed across user views, allowing cookie exfiltration to an attacker-controlled server and complete account takeover.
Demonstrates understanding of stored XSS impact chains, not just payload injection. This was my first valid XSS finding and showed how client-side vulnerabilities can lead to server-side consequences.
Learned GraphQL specifically for this target. Identified exposed introspection on a development endpoint, mapped internal API routes, and assessed DoS vectors via query complexity.
Shows ability to learn new technologies on-demand and apply them during live hunting. This research demonstrates my approach to expanding skills based on target requirements.
Tools, languages, and approaches I use in security research
Open-source security tools and awareness projects I've developed
Google Dorks Generator for Security Research
A curated collection of 150+ Google dorks for finding APIs, cloud exposures, directory listings, login/admin panels, and sensitive filetypes. Generates domain- or wildcard-scoped queries for systematic reconnaissance.
Command-Line Image Forensics Toolkit
Comprehensive image forensics tool for metadata extraction, steganography detection, hash generation, and text embedding/extraction. All processing happens locally with no data collection.
Cybersecurity Awareness Platform
Student-led initiative to promote cybersecurity awareness through interactive educational tools. Demonstrates security concepts in a non-exploitative manner with all processing happening locally in the browser.
Open to discussing security research, bug bounty methodologies, and collaboration
I'm actively researching web security vulnerabilities and always interested in discussing new approaches, methodologies, and potential collaborations.