Ethical Hacking
Blogs About Uncovering Vulnerabilities For Responsible Disclosures On Real World Targets
-
UNESCO's Unprotected Power Supply in Ecuador
United Nations Educational, Scientific and Cultural Organization (UNESCO) VDP — March 2026
Discovered UNESCO's remote control to power supply in Ecuador, earning public recognition via UNESCO's Cybersecurity Hall of Fame. -
UNESCO's Publicly Accessible xmlrpc.php File
United Nations Educational, Scientific and Cultural Organization (UNESCO) VDP — March 2026Discovered a publicly accessible xmlrpc.php file, earning public recognition via UNESCO's Cybersecurity Hall of Fame. -
Parliament of New South Wales Cyber Vulnerability
Parliament of New South Wales, Australia VDP — February 2026
Responsibly disclosed a public-facing cyber vulnerability, earning formal acknowledgement. -
Invalid Calendar Date Leads to Denial-of-Service (DoS)
Lawrence Berkeley National Laboratory (LBNL) VDP — Jan 2026
Acknowledged by Berkeley Lab Cybersecurity Team for discovering an invalid calendar date vulnerability leading to a DoS. -
Berkeley Lab's Exposed CR1000X Datalogger
Lawrence Berkeley National Laboratory (LBNL) VDP — Jan 2026Discovered broken access control to a CR1000X datalogger, earning public recognition via White Hats for Science Kudos. -
Unauthenticated Uploads in UNICEF’s ArcGIS FeatureServer
United Nations International Children's Emergency Fund (UNICEF) VDP — Jan 2026Identified unauthenticated data uploads on ArcGIS endpoint, earning public recognition via UNICEF Information Security Hall of Fame -
Discovering HTML Injection in Berkeley Lab's Search Feature
Lawrence Berkeley National Laboratory (LBNL) VDP — Dec 2025Uncovered HTML injection vulnerability in search feature, earning public recognition via White Hats for Science Kudos. -
Django Server Misconfigurations at Berkeley Lab
Lawrence Berkeley National Laboratory (LBNL) VDP — Dec 2025Discovered Django web server misconfiguration with Debug mode enabled, earning public recognition via White Hats for Science Kudos. -
NASA's Misconfigured Google Drive Permissions
National Aeronautics and Space Administration (NASA) VDP — Aug 2025Identified misconfigured security permissions in NASA’s Google Drive, earning a Letter of Recommendation from NASA.