https://elsayyay.github.io/bounty-blog/Recent content on Youssef Elsayyad — Security ResearchHugoen-usFri, 17 Apr 2026 00:00:00 +0000https://elsayyay.github.io/bounty-blog/posts/shared-name-invitespace-improper-access-control/Fri, 17 Apr 2026 00:00:00 +0000https://elsayyay.github.io/bounty-blog/posts/shared-name-invitespace-improper-access-control/How I discovered that a staging environment shared its invite ID namespace with production, allowing an attacker to generate invite codes on staging and use them to forcefully join random private servers on production — including invite-only ones.https://elsayyay.github.io/bounty-blog/posts/hello-world/Fri, 17 Apr 2026 00:00:00 +0000https://elsayyay.github.io/bounty-blog/posts/hello-world/Introducing my security research blog — what to expect and why I’m writing.https://elsayyay.github.io/bounty-blog/about/Mon, 01 Jan 0001 00:00:00 +0000https://elsayyay.github.io/bounty-blog/about/About me and this blog.