I build custom tooling, reverse engineer APIs, and tear apart cloud infrastructure to find what scanners miss. Every writeup below involved writing code — Cloudflare Workers, Docker analysis pipelines, distributed bruteforce systems, and automated recon at scale.
What’s below is a fraction of the work. Most engagements stay under NDA or pending responsible disclosure. Technologies used: Node.js, Python, Rust, Cloudflare Workers, Docker, PostgreSQL, Redis, Supabase, Vercel, AWS, Solana, GraphQL, REST/WebSocket APIs, Binance/Kraken trading APIs, Telegram Bot API.
Six vulnerabilities chained into mass account takeover against a blockchain infrastructure platform. Custom Cloudflare Workers-based distributed OTP bruteforce, IDOR enabling financial manipulation, and password hashes leaked in API responses — all discovered through systematic reconnaissance and exploitation chain development.
A single RSA-2048 private key baked into 50+ public Docker image versions enabled decryption of every wallet private key ever generated by the platform. 347 Solana and 90 Ethereum wallets recoverable from a custodial trading system serving hundreds of users.
Complete platform compromise of a crypto market-making and arbitrage bot system. Admin panel exposed without authentication alongside unauthenticated Prometheus, Docker Registry, and monitoring infrastructure. Self-registered as superuser (id: 0) as proof of impact. $500 bounty paid.
From a single unauthenticated /api/env endpoint to full platform compromise in under ten minutes. Credential chain: environment variables to Vercel token to Supabase service role key to 19,363 candidate records with full PII, plus 1,620 Google Drive files and 30 Vercel projects with decrypted secrets.
A Turkish software company exposed their Binance futures trading bot control panel without authentication on their primary business server. Full trade execution, automated trading control, credential injection, and $119K+ in historical balance exposure — alongside shared email and web hosting infrastructure.
A live AI-driven cryptocurrency trading bot managing real funds across Binance and Kraken exposed its entire REST API without authentication. Full portfolio disclosure, writable notification configuration enabling Telegram hijack, remote trading engine shutdown, and error log leakage with internal paths.
Custom-built Docker image analysis pipeline identified hardcoded production credentials across 60+ organizations spanning fintech, healthcare, and enterprise SaaS. AWS infrastructure, database credentials, private keys, and API secrets extracted from public image layers. Private disclosure sent to all parties; fewer than 10% responded.