Hey 馃憢

This is Max鈥檚 (aka w2w) blog dedicated to security research and white hat hacking.

Redacted bugs #3: Hunting for bugs worth $7,750 in an adult content platform

A security research describing 6 subscription-based adult content app-related vulnerabilities resulted in a $7,750 total bounty.

February 13, 2025 路 7 min 路 1357 words

Gift cards security research

A security research describing 9 gift card-related security vulnerabilities resulted in a $6,500 total bounty.

January 11, 2025 路 9 min 路 1778 words

Redacted bugs #2: Privilege escalation during the OAuth app installation

May 31, 2023 路 4 min 路 837 words

Redacted bugs #1: Chaining linear growth of brute force attempts, no OTP correlation, and other OTP bugs to achieve 2 ATOs

January 19, 2023 路 10 min 路 2001 words

MFA security testing and possible bypasses

This post describes 11 ways of bypassing multi-factor authentication.

January 9, 2020 路 16 min 路 3365 words

Exploitaiton of Cookie-Based XSS vulnerabilities

A guide on how to exploit Cookie-Based XSS bugs

July 17, 2019 路 9 min 路 1715 words

Disclosure of 5 million private Telegram chat links and the possibility of editing any article on Telegra.ph

March 29, 2018 路 9 min 路 1889 words

Hacking cryptocurrency-related companies for $60,000

A story of 7 vulnerabilities in cryptocurrency-related services

December 21, 2017 路 12 min 路 2361 words