// Blog

From the Research Desk

Hands-on vulnerability writeups, bug bounty findings, and field notes from our security research team.

Latest Posts

4 articles · All categories

How I Found an Account Takeover Vulnerability Using Verification Mail

A walkthrough of an account-takeover flaw in a password reset flow, where insufficient validation of user parameters let an attacker pivot the verification email to seize other accounts.

Nadeem Mansoori · Dec 6, 2024 · 3 min read

Read

Critical

2FA Bypass Authentication

Cracking the Code: How I Discovered an Account Takeover Vulnerability via 2FA Bypass

A critical 2FA flaw discovered in the wild, where manipulating the username parameter during OTP verification let an attacker bypass two-factor and take over arbitrary accounts.

Nadeem Mansoori · Dec 4, 2024 · 3 min read

Read

Critical

AWS Security Cloud Storage

From Cloud to Chaos: Sensitive PDF Leak on AWS

A misconfigured API endpoint on a job application platform exposed an entire AWS S3 bucket — 453 unprotected resumes accessible without auth. A clean lesson in why cloud access control reviews matter.

Safwaan Qureshi · Dec 17, 2024 · 2 min read

Read

Critical

OTP Bypass Authentication

OTP Houdini: Escaping Authentication with Clever Response Tricks

A live financial site let an attacker bypass 2FA by tampering with the OTP-verify response payload, then register accounts under arbitrary phone numbers. Classic response manipulation, real impact.

Safwaan Qureshi · Dec 17, 2024 · 2 min read

Read

Need Help With Security Testing?

The findings on these posts are the kind of work we do for clients every day. Browse our 10 services or see fixed-price packages.

Get a Quote Explore Services