Blog posts
Bug bounties
Getting any Facebook user's friend list and partial payment card details
Read moreBug bounties
Taking over Facebook accounts using Free Basics partner portal
Read moreBug bounties
Hacking Facebook accounts using CSRF in Oculus-Facebook integration
Read moreBug bounties
Stealing Facebook access_tokens using CSRF in device login flow
Read moreBug bounties
Race conditions on the web
Read moreBug bounties
Facebook CSRF leading to full account takeover (fixed)
Read moreBug bounties
The easiest bug bounties I have ever won
Read more on archived blogBug bounties
Race conditions on Facebook, DigitalOcean and others (fixed)
Read more on archived blogBug bounties
Reading local files from Facebook's server (fixed)
Read more on archived blogBug bounties
Step-by-step: exploiting SQL injection(s) in Oculus' website
Read more on archived blogBug bounties
Secondary damage bugs on Facebook - one report leads to more bugs
Read more on archived blogBug bounties
SQL injections on Nokia sites
Read more on archived blogBug bounties
How I found my way into Instagram's Ganglia, and a bug with Facebook likes
Read more on archived blogBug bounties