My write-up’s, Discoveries & Open Source Contributions

Recent posts

Jan 7, 2021
Github Organization Takeover By Claiming Owner Invitation TL;DR courtesy - https://bounty.github.com/researchers/Abss0x7tbh.html A malicious user could leverage 3 things to takeover a Github Organization : An invitation to owner from the organization.…
Aug 17, 2020
Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties TL;DR A malicous attacker could control the content of push notifications to any application that runs the FCM SDK and has it’s FCM server key exposed & at the same time send these notifications to every single user of the vulnerable application!…