🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Earlier this month I found a nice auth bypass in GCP IAM API allowing me to list service accounts in any given project. With that I figured out a way to exploit it further to gather a list of lots of GCP projects' IDs. Here's the technical write-up: ezequiel.tech/2020/08/leakin…

Finally, the Most awaited write-up is here , SSRF (Server Side Request Forgery) worth $4,913 | My Highest Bounty Ever! Kudos to TechFenix Red team for helping me throughout the research Retweet if you like it.🙂 #bugbounty medium.com/techfenix/ssrf…

My bug bounty writeup - 31k$ from Google VRP (Google Bug Hunters) - SSRF in Google Cloud Monitoring, which led to project metadata exposure. nechudav.blogspot.com/2020/11/31k-ss… #BugBounty #bugbountytips #bugbountytip

I got an an offer from Facebook as a security analyst for Whitehat! I hope to begin working for their London office in January or February next year.

security.googleblog.com/2021/03/announ… Congratulations to the winners! And thanks Google VRP (Google Bug Hunters) for an amazing bug bounty program! Best of luck to everyone for the 2021 GCP Prize! I hope these write-ups help people perform further research into GCP.

Hacking into Google's Network for $133,337 🏆 It was a pleasure to talk to Ezequiel Pereira about his bug bounty research into Google Cloud. It was really fascinating to hear about the Google internals and crazy tricks he knew. youtube.com/watch?v=g-JgA1…

Looking for motivation to do some cloud security research? ☁️🔒 Let us remind you of the $313,337 we'll be giving out in total prizes this year to the top 6 bug reports in GCP. More details: security.googleblog.com/2021/03/announ…

Today has been my last day working as a security analyst at Meta. I got to work with really amazing and talented people, I learned so much about how their bug bounty program works, and I think they try and do an outstanding job with it!

I am really happy that next Monday I will be joining Google Cloud as an Information Security Engineer! Can't wait to see all the work being done there, especially after many years of me myself targeting Google Cloud's security and finding several vulnerabilities!

We have open positions for Cloud Vulnerability Research at Google! Ping me if you're interested!

I love the part of this video where LiveOverflow 🔴 explains really well what security research is: youtu.be/jJuDP7Rz2hE?t=…

High schoolers, lawyers, IT professionals, hobbyists — meet our bug hunters. Their backgrounds vary, but their job is the same: find undiscovered vulnerabilities by trying to hack Google. Watch EP004 of the HACKING GOOGLE series ↓ youtube.com/watch?v=IoXiXl…

github.com/google/securit… Our research on the deep mines of the JPX standard is now public. I had the pleasure and the privilege to work with Simon Scannell , Anthony Weems and Ezequiel Pereira on this one. Pretty interesting client side info leak vector :)

Very excited to present this with Anthony Weems! See you in Berlin! (Ezequiel Pereira and 那个火饺🦆(JJ)) were also working on that project and will also be there :)

Excited to share this blog post about server-side memory corruption that my team exploited in production. Shout-out to Simon Scannell, Ezequiel Pereira, and 那个饺子🦆(JJ) - this was a very fun project. :-) bughunters.google.com/blog/622075742…

🔒 Exploiting memory corruption bugs in server-side software is no easy feat, especially when you're working blind without source code or binaries. See how we used a technique dubbed "Conditional Corruption" to achieve this. bughunters.google.com/blog/622075742…

Learn how Google CVR could have potentially exfiltrated Gemini 1.0 Pro before launch last year. We describe the vulnz, the fix, and tips for bughunters. Also, shout-out to Ezequiel Pereira for teaming up to adapt this work to another cloud provider. bughunters.google.com/blog/567986357…

We are happy to announce the launch of the Google Cloud Vulnerability Reward Program! The Cloud VRP is specifically dedicated to products and services that are part of Google Cloud. ☁️ 🐞 🤑 cloud.google.com/blog/products/…

We're sending a HUGE thank you to our incredible community of bughunters ! 🙏 Your passion for finding vulnerabilities keeps our users safe 🔒 To show our appreciation, we awarded over $380,000 in bounties this week, including the largest reward ever given in Google VRP history!

linkedin.com/pulse/proud-da…