Selected Findings

Real impact issues with clear validation paths

Every finding below is anonymized but rooted in practical offensive testing. Focus is always exploitability, business impact, and responsible remediation.

Case Archive

Reverse Engineering

POS executable leaked hardcoded SQL credentials

Reverse engineered a VB-based cloud-sync binary and extracted embedded SQL credentials, then validated database access path.

Sensitive billing and customer data at risk
Vendor rotated credentials and patched code

WebSocket Exposure

University socket channels leaked student records

Hidden endpoints discovered during recon leaked student data over WebSocket streams.

Leak manually verified with reproducible request flow
Extended parameter analysis exposed broader weakness

Business Logic

Payment parameters enabled unauthorized price outcomes

Tampered pricing parameters were accepted while backend produced valid payment success states.

Server-side trust model weakness in checkout logic
Fix plan provided with validation guardrails

Interactive Attack Surface Graph

Explore how architectural components map to vulnerability classes and real findings. Click any node to trace exposure paths.