Articles

I write about my experiences and learnings as a software engineer and entrepreneur.

July 26, 2023

Railway, PII, and GraphQL Endpoints

GraphQL vulnerability in Railway's platform exposed user PII and project data. Details on the bug report, security patch implementation, and $1,000 bounty payout.

October 1, 2021

Instagram, Privacy and iFrames

Cross-Site Leaks vulnerability discovered in Instagram's iframe implementation exposed private account status. Technical breakdown of the exploit, responsible disclosure, and $1,000 Facebook bounty.

Let's get in touch!

I'm always looking for new opportunities and would be happy to chat.

Email meorDM me on X