Throughout the past few years I've engaged in responsible security research. This page summarizes some of the things I've found.

  • Reported access control flaws in Signal Desktop & Telegram for macOS. The issue with Signal Desktop was to be expected, Telegram for macOS less so, the issue in Telegram allowed a pin-code bypass. It's been about a year, perhaps I should go bug hunting again 😜
  • Several cross site scripting issues were found and responsibly disclosed to the MyBB Group, which were patched in MyBB 1.8.15. The admin and moderation control panels are still a nightmare from a security point of view.