Security Research

This section of my website highlights my accomplishments in the hacking space. For the most part, there will be corresponding writeups either on this website or hosted externally for each of my CVEs. As far as the company hacking that I have accomplished, most of the bugs cannot be publicly disclosed per NDAs or out of respect for the Company that I have coordinated disclosure with. Any interesting vulnerability writeups that I have done can be found in the "Writeups" section below.


  • Write Ups
    CVE-2021-24495: Improper Neutralization of Input During Web Page Generation on ‘id’ parameter in Wordpress Marmoset Viewer Plugin versions 1.9.3 ≤ leads to Reflected Cross Site Scripting
    Read more
    Indian Government - Breach Disclosure
    Read more
    CVE-2021-23827: Sakura Samurai discover cleartext pictures in Keybase Desktop Client; Windows, macOS, Linux
    Read more
    UNEP Breached, 100K+ Employee Records Accessed
    Read more
    CVE-2020-28360: npm private-ip SSRF Bypass (IP Phone Home)
    Read more
    CVE-2020-27388: YOURLS 1.5 - 1.7.10, Multiple Stored Cross Site Scripting (XSS) Vulnerabilities in Admin Panel
    Read more
    Account Takeover on the Jack Daniel's Tennessee Squire Association Platform
    Read more
    P1: Critical - Discovering and Foiling a Threat Actor
    Read more