I’m a Web Applications Security enthusiast who enjoys participating in Bug Bounty programs and building reliable systems. I like to understand how things work and why they were designed to work in that way.

Achievements

Some of my public facing work and vulnerability reports can be found below.

• differer - find out how URLs are parsed by different languages in order to help you bypass URL allow-list filters

• GitLab security issues

  • Blind SSRF on “Detect host keys” function of Mirroring repositories feature - CVE-2022-1188

  • Guest project members to access trace log of jobs when it is enabled - CVE-2022-1124

  • Non project members can view public projects Deploy Keys - CVE-2022-2095

  • Private user email disclosure via group invitation - CVE-2021-22249

  • Ability to list and delete impersonation tokens for your own user - CVE-2021-22250

• Brave browser address bar spoofing

Additional open source contributions can be found in my GitHub profile.