About Me
Finished 2021 as the 7th hacker in the world at Intigriti for the last quarter, and 87th hacker of all time there. Had the opportunity to contribute to companies like Red Bull, Randstad, Telenet, Soundtrack Your Brand, etc.
Also made my first reports on HackerOne, and from there also had the opportunity to contribute to the security of big companies, such as Bitwarden, Adobe, IBM, Sony, Xiaomi and also the U.S. Department of Defense.
Reported vulnerabilities in a few different open source projects: Elgg, HumHub, Vim (yes, the text editor), Diaspora, Tooljet and Budibase. They were all reported through Huntr, which is an awesome bug bounty platform exclusively designed to make open source code more secure.
Contributions to Open Source Software
- Exposure of Sensitive Information Leading to Account Takeover in Tooljet. See CVE-2022-3348
- Mass Assignment Leading to Vertical Privillege Escalation in Budibase. See CVE-2022-3225
- Use After Free in Vim. See CVE-2022-3037
- Exposure of Sensitive Information Leading to Account Takeover in Tooljet. See CVE-2022-3019
- Double Free in Vim. See CVE-2021-4187
- IDOR in HumHub allowed registered users to become unauthenticated members of private spaces. See CVE-2021-43847
- Stored Cross-Site Scripting in Elgg. See CVE-2021-4072
- Personal Information Disclosure in Elgg. See CVE-2021-3980
- IDOR in Elgg leading to arbitrary use of group actions. See CVE-2021-3964