I am a security engineer at Salesforce, leading the global internal Offensive Security team. I am also a passionate MX racer.
RacerOne was a social GPS based iOS/watchOS/web application designed for motocross athletes. 2016-2023.
RacerOne.mx has been the most successful product I've created, with 3,177 users and 1,541 tracks from all over the world. Users of RacerOne logged over 1.9 million track sessions! RacerOne led me to many opportunities, and I met many friends from developing and running this product.
See the archived preview of the RacerOne.mx marketing landing page, and the screenshot dumps: iOS, Web UI, watchOS.
ZerodayMarketplace.com was a bug bounty style web application, with a twist. 2015-2016.
PentestMonster.com was a traditional bug bounty style web application. This project was successful, though I had other interests. 2014-2016.
To date, I have discovered high or critical risk security vulnerabilities in products from many well known vendors including Adobe, Cisco, Oracle, Foxit, Sun, HP, PHP, Novell, Symantec, Trend Micro, McAfee, and Microsoft. Majority of these were released through vulnerability disclosure programs such as the ZDI.
I have also participated bug bounty programs (including Google's), and have been credited with the discovery of multiple vulnerabilities.
The more recent vulnerabilities I have publicly reported through vulnerability disclosure programs, and at times opt to remain anonymous. A subset of the older vulnerabilities I have found are listed below.