Blog posts

Bug bounties

Getting any Facebook user's friend list and partial payment card details

Read more

Bug bounties

Taking over Facebook accounts using Free Basics partner portal

Read more

Bug bounties

Hacking Facebook accounts using CSRF in Oculus-Facebook integration

Read more

Bug bounties

Stealing Facebook access_tokens using CSRF in device login flow

Read more

Bug bounties

Race conditions on the web

Read more

Bug bounties

Facebook CSRF leading to full account takeover (fixed)

Read more

Bug bounties

How I found my way into Instagram's Ganglia, and a bug with Facebook likes

Read more on archived blog

Bug bounties

Google.com cross site scripting and privilege escalation in Consumer Surveys

Read more on archived blog