Security Research

Vulnerability Findings

Some of the vulnerabilities highlight that I found during my security research:

Apple Security Research (CVE-2024-44235)
- Component: Spotlight
- Impact: An attacker may be able to view restricted content from the lock screen
- Description: The issue was addressed with improved checks.
- Security Release: iOS 18.1 and iPadOS 18.1
Apple Security Research (CVE-2024-44274)
- Component: Accessibility
- Impact: An attacker with physical access to a locked device may be able to view sensitive user information
- Description: The issue was addressed with improved authentication.
- Security Release: watchOS 11.1, iOS 17.7.1 and iPadOS 17.7.1, iOS 18.1 and iPadOS 18.1
Google Mobile Vulnerability Reward Program - Anonymized Report
- Found vulnerability affecting user accounts on certain Google mobile apps
- Affected Target: Android & iOS app
- Bounty Reward: $4,500
- Leaderboard | Profile
Google Play Security Reward Program - Anonymized Report
- Found vulnerability affecting user accounts in a widely used app
- Affected Target: Android app
- Bounty Reward: $1,000
- Leaderboard | Profile
YesWeHack - Private Program, Financial App
- Discovered significant security flaw affecting user authentication
- Affected Target: Android & iOS app
- Bounty Reward: $600
- Profile
HackerOne - Private Program, Privacy Browser
- Identified vulnerability allowing unauthorized data deletion
- Affected Target: iOS app
- Bounty Reward: $150
- Profile

List of publication related to cybersecurity (article & presentation):

List of security certification that I’ve taken:

CTF Labs that I’ve done:

Security tools that I’ve developed:

oauth_poc - PoC demonstrating how to perform OAuth Mobile App Impersonation through custom scheme hijacking.