A portfolio/services page by security auditor Kiki showcasing 50+ smart contract audits and 15+ bug bounties across DeFi protocols, with client testimonials and links to published audit reports, primarily for lending/staking/perpetual trading protocols.
A collection of blockchain security research and bug reports covering vulnerabilities in Oasys L2 blockchain, Eco's lockup contracts, and hybrid NFT attacks on Ocean Protocol. Multiple issues were identified and reported through Immunefi's bug bounty program.
A High Severity vulnerability was discovered in Across V3, a cross-chain optimistic bridge, that could allow malicious relayers to steal the full value of certain transactions from users by exploiting the relayer fulfillment mechanism prior to UMA Optimistic Oracle validation.
A security researcher describes discovering and exploiting a Server-Side Request Forgery (SSRF) vulnerability using DNS rebinding techniques to bypass IP filtering, access AWS metadata endpoints, enumerate internal ports, and discover a buffer overread vulnerability in a Monit admin interface. The writeup details the exploitation chain and introduces dnsFookup, a GUI tool for automating DNS rebinding attacks.
Security researcher Josip Franjković discovered four SQL injection vulnerabilities across multiple Nokia domains (www4.nokia.de, a PHP site, and nokia.es subdomain), including blind SQL injection via User-Agent headers and time-based injection attacks, which Nokia's incident response team patched rapidly in April 2013. The researcher detailed advanced exploitation techniques such as using UNION-based subqueries with CASE statements to extract data from INSERT queries and bypass error-based detection.
MySQL clients can be abused via the LOAD DATA LOCAL INFILE feature to exfiltrate arbitrary files from the client machine by setting up a fake MySQL server that bypasses authentication and sends malicious payloads. This exploitation technique works because MySQL clients trust server-sent commands after authentication, allowing attackers to read sensitive files like /etc/hosts from compromised systems.
A subdomain takeover vulnerability was discovered on Starbucks where an unclaimed CNAME pointing to a non-existent Azure Traffic Manager subdomain (s00149tmppcrpt.trafficmanager.net) could be hijacked by registering the Traffic Manager profile without domain ownership verification. The researcher was awarded a $2,000 bounty for this finding.