Biography
Security researcher, bug hunter, international speaker, and expert in vulnerability analysis and penetration testing. He has reported valid security issues in top-tier companies such as Google, Apple, Microsoft, Facebook, Twitter, Telegram, Nokia, Sony, Slack, Atlassian, Netflix, and others, earning a place in each of their security halls of fame.
Security Issue Reports
- Google VRP: Discovery of local files on Google’s production server.
- Apple: PII exposure, full contact list, primary phone number, and iCloud email disclosure; local file read via a ZIP file and symbolic links in the iOS Files app.
- Google VRP: From JavaScript injection to compromising Cloud Shell servers.
- Google VRP: Local variables from /etc/environment exfiltrated in Google Earth Pro desktop.
- Yahoo!: From JavaScript injection to fully compromised user account.