SECURITY RESEARCHER
I specialize in finding and responsibly disclosing critical infrastructure vulnerabilities to help secure global enterprise platforms.
flawme@proton.me→Methodology
Focusing on deep source code review, bypassing modern WAFs, and chaining low-impact bugs into critical zero-clicks.
Specialties
Web Application Security, Cloud Infrastructure (AWS/GCP), API Abuse, and Authentication Bypasses.
Impact
Consistently demonstrating the ability to independently discover and validate critical zero-days, authentication bypasses, and high-severity logic flaws in complex enterprise environments.
Selected Disclosures
All reports were responsibly disclosed via HackerOne
Select All
Show: 25Sort: Latest Activity
#3772746
Critical Liveness Bypass, Admin Information Disclosure & Moderator Takeover
To: Unico IDtech
Critical
May 31, 2026→
#3772659
Unauthenticated Administrative Identity Flow & 2FA Bypass Chain
To: CLEAR
High
May 31, 2026→
#3771161
Unauthenticated Access to Internal Service Registry Exposing API Infrastructure
To: Flipkart
High
May 30, 2026→
#3770913
Potential AWS S3 Bucket Takeover via Unregistered Referenced Bucket
To: Syfe
Medium
May 30, 2026→
#3770377
Multiple Management Interfaces Exposed on Infrastructure
To: Coupang Taiwan
Critical
May 29, 2026→
#3770359
Unauthenticated Data Exfiltration via Salesforce Aura Controller
To: Coupang Taiwan
High
May 29, 2026→