| CVE ID | Severity | Summary |
|---|---|---|
| CVE-2026-7461 | π΄ HIGH | Amazon ECS Agent β Remote Command Injection in container orchestration |
| CVE-2026-40931 | π΄ HIGH | Path Traversal + Symlink Poisoning β Filesystem escape via junction abuse |
| CVE-2026-42043 | π΄ HIGH | Axios SSRF β Server-Side Request Forgery in axios HTTP client |
-
Azure Pipelines Agent β Arbitrary File Write to RCE Chain
- Status: Important Severity.
- Vector: Arbitrary file write vulnerability enabling a Remote Code Execution (RCE) chain.
-
Microsoft Edge β Elevation of Privilege (EoP) & Arbitrary File Deletion to SYSTEM
- Status: Critical Severity.
- Vector: Leading to Elevation of Privilege (EoP) and arbitrary file deletion via a confused deputy attack.
-
Hall of Fame: https://msrc.microsoft.com/update-guide/acknowledgement/online
| π Award | Platform | Year |
|---|---|---|
| π‘οΈ 2x Hall of Fame (consecutive months) | Microsoft MSRC | AprβMay 2026 |
| π 300+ Bug Reports Triaged & Resolved | HackerOne | 2022β2024 |
| π΄ 3x Public CVEs β AWS, NPM,Microsoft | MITRE / NVD | 2026 |
| β 2x Security Advisory Credits | GitHub Security | 2025β26 |
Research writeups, CVE analyses & methodology breakdowns β Published on Medium & InfoSec Write-ups
π΄ CVE Technical Write-ups
π Bypassing a Security Patch (CVE-2026-24884)
π How We Bypassed an Axios Patch (CVE-2026-42043)
π Zero-Day to SYSTEM (RCE): Escaping AWS ECS Containers via OS Command Injection CVE-2026β7461
π Beyond the Digits: The Emotional Rollercoaster of My First CVE
π§ AI & Offensive Security Research
π Hacking the Brain of AI: Prompt Injection Methodologies in LLMs
π Prompt Playbooks: AI Crime-as-a-Service is Booming on the Dark Web
π AI Hallucinations Explained β Why They Happen & Can We Reach 0%?
π The AI Governance Gap: Why 77% of Companies Use AI but Only 37% Have a Policy
π Threat Intelligence & Industry Analysis
π Nation-State Hackers & Geopolitics: Why 64% of Orgs Fear Espionage
π The 2027 Prediction: When Cyberattacks Become Fully Autonomous
π The CVE Program Crisis: When the Vulnerability Database Becomes Vulnerable
π Q-Day is Coming: How Quantum Computing Will Redefine Offensive Security
π― Career & Methodology
π Bug Bounty vs Pentesting: A Unique Hybrid Methodology for Both Worlds
π The 2026 Cybersecurity Certification Trap: Why Paper Credentials Are Failing
Research Focus:
Security Analyst (Nov 2021 - Present)
- Vulnerability Triage & Remediation: Managed and resolved 300+ security vulnerabilities reported via HackerOne, ensuring end-to-end remediation by collaborating with engineering teams.
- Risk Exposure Reduction: Reduced critical risk exposure by 60% through consistent patching and strategic mitigations across web applications and infrastructure.
- Compliance & Audits: Led infrastructure security audits (internal/external), ensuring compliance with PCI-DSS and GDPR.
- Security Automation: Automated vulnerability scanning using Qualys and tracked remediation via JIRA, achieving a 40% closure rate for high-risk findings.
- Stakeholder Reporting & Training: Authored detailed security reports for stakeholders and trained development teams on secure coding practices, specifically focusing on the OWASP Top 10.
-
AWS High-Severity β
CVE-2026-7461Discovered and reported a critical Remote Command Injection vulnerability within the Amazon Web Services ECS Agent. https://aws.amazon.com/security/security-bulletins/2026-024-aws/
-
Microsoft MSRC β
2x Hall of FameAcknowledged for deep logic flaw hunting, Zero-Day RCE research, and identifying confused deputy attacks across Azure and Edge platforms. https://msrc.microsoft.com/update-guide/acknowledgement/online
-
Node.js Ecosystem β
CVE-2026-40931(compressinglibrary)Discovered a high-impact path traversal and symlink poisoning vulnerability enabling filesystem escapes and arbitrary file write. https://github.com/advisories/GHSA-4c3q-x735-j3r5
-
Axios HTTP Client β
CVE-2026-42043Identified and reported a high-severity Server-Side Request Forgery (SSRF) vulnerability within the Axios HTTP client logic. https://github.com/advisories/GHSA-pmwg-cvhr-8vh7
