Software Engineering @ McMaster · Bug Bounty Hunter since 2021 · Web & Mobile Security Researcher
Writeups on XSS, IDOR, auth bypasses, privilege escalation, and more.
Forcefully Joining Private Servers via Shared Invite ID Namespace
How I discovered that a staging environment shared its invite ID namespace with production, allowing an attacker to generate invite codes on staging and use them to forcefully join random private servers on production — including invite-only ones.
Hello World — Why I Started This Blog
Introducing my security research blog — what to expect and why I’m writing.