Security research · est. 2025

rgjny.

Bug-bounty hunter chasing the gap between how a system should work and what it really does.

rgjny
Currently hunting

Mostly private programs, mostly the bugs that take a second look to notice. The ones with a story behind them get written up here.

01 Web & APIs Broken access control, IDOR, SSRF, injection.
02 Auth & Logic Privilege escalation, session and flow abuse.
03 Mobile Android and iOS clients, the traffic behind them.
04 Cloud Misconfig, metadata, and trust between services.

Index

Field notes