things I do

Vulnerabilities

I work as an ML Engineer in Risk Analytics at a bank. During a recent security assessment, I discovered some vulnerabilities, including an XSS that gave me access to other people’s accounts through our chatbot.

What surprised me was how the attack was pulled off only by chaining together multiple small issues, each one seemingly not too dangerous on its own, but using them together required knowledge across frontend, backend, and infrastructure to even recognize as exploitable.

I was quite interested in how knowing a vulnerability and transforming it into an attack was not as straightforward as I initially thought.