Focus Areas
Independent security research targeting high-impact vulnerabilities in cloud infrastructure and identity systems.
Cloud Security — Cross-tenant isolation failures in Azure, GCP, and AWS managed services. Service account impersonation, confused deputy attacks, and control plane vulnerabilities.
Kubernetes — RBAC bypass, container escape, admission controller vulnerabilities, and privilege escalation in managed Kubernetes platforms.
Identity Systems — OAuth/OIDC implementation flaws, workload identity federation weaknesses, and token validation bypasses.
Coordinated Disclosure
All findings are reported through responsible disclosure. Critical vulnerabilities affecting multiple vendors are coordinated through CERT/CC VINCE for synchronized remediation timelines.
Research follows a 90-day disclosure policy with extensions granted only for documented remediation progress. See the Disclosure Policy for details.
Recognition
Vulnerabilities have been acknowledged by major cloud providers and coordinated through CERT/CC with assigned CVEs and VU# identifiers.