Five CVEs disclosed in Tryton ERP through responsible disclosure -- stored XSS that escalates to unauthenticated via email, access control bypasses on data exports, and stack traces handed to any logged-in user. All patched, all basic, all in production for years.
Security researcher focused on web application vulnerabilities, exploit development,
and responsible disclosure. Currently seeking internship opportunities in offensive security.