I’m an Application Security Researcher and part-time bug bounty hunter. My focus is on identifying vulnerabilities and building automation offensive security tools.
🔍 Focus: Crushing app vulnerabilities, hunting bugs and automating security testing.
🛠️ Current Project: N/A
🌱 Learning: Game Hacking — exploring memory manipulation, cheat detection, and reverse engineering.
🤝 Collaborating On: Open-source tooling for CI/CD security and automated app-sec workflows.
💡 Fun Fact: I once found a critical bug at 3 AM fueled by coffee and sheer curiosity caffeine + curiosity = 🔥.
I love sharing what I learn from my security research and bug bounty adventures. Here’s a glimpse of my recent posts:
-
Uncovering Path Traversal in Devika v1: A Deep Dive into CVE-2024-40422
I walk through how I discovered this path traversal vulnerability in Devika v1, the risks it posed, and the steps I took to mitigate it. -
The Ghost in the Commit: RCE in GitHub Actions via Command Injection
I break down how a small mistake in a GitHub Actions workflow can turn into command injection and lead to remote code execution. -
The Unsafe Send: How an HTTP Client Library Led to Remote Code Execution
I explain how unsafe request handling inside an HTTP client library opened the door to remote code execution.
