Security Researcher & Engineer

Breaking things to
make them safer.

Deep dives into AI security, web application vulnerabilities, bug bounty hunting, and offensive security research. From CVEs to conference talks.

Read the Blog About Me
0 Hall of Fames
0 CVEs
0 Writeups
0 Talks
techycodec@kali:~
$ _

// Featured

Bug Bounty Redacted Dec 10, 2024 12 min read

Trello PowerUp Integration — Accessing Other Users' Private External Data

Any board member can view, pull, attach, and remove another user's private third-party data through a Trello PowerUp integration. Three attack vectors chain broken access control with private information disclosure. $1,200 bounty — details redacted while unresolved.

DP
Deev Pal
Read more

// Latest Posts

View all posts
Bug Bounty
Atlassian

Trello Workspace Self-Join Bypass via Slack

Bypassing "Invite Only" workspace restriction through the Slack integration's joinTeam callback. $1,200 bounty.

Mar 17, 2025 16 min
Bug Bounty
Atlassian

Trello Board Deletion Bypass via Board Move API

Bypassing Trello Premium's board deletion restrictions by moving the board to an attacker-controlled workspace. $1,200 bounty.

Dec 16, 2024 14 min
Bug Bounty
Atlassian

Trello Butler — Executing Another User's Private Buttons

Any board member can trigger another user's private Butler automation via the powerup-run-command API. $300 bounty.

Dec 10, 2024 18 min

// Research Areas

AI / LLM Security

Prompt injection, agent exploitation, model supply chain attacks, guardrail bypass

Web Application Security

SSRF, SQLi, XSS, IDOR, authentication bypass, API vulnerabilities

Bug Bounty

Detailed writeups from real programs — methodology, tooling, and full attack chains

Offensive Tooling

Custom exploits, automation scripts, recon workflows, and open-source security tools

Stay in the loop.

New writeup notifications, research drops, and security insights. No spam, just signal.

Follow on X