things I do

Vulnerabilities

I work as an ML Engineer in Risk Analytics at a bank. During a recent security assessment, I discovered some vulnerabilities, including an XSS that gave me access to other people’s accounts through our chatbot.

What surprised me was how the attack was pulled off only by chaining together multiple small issues, each one not seriously dangerous on its own, but using them together required knowledge across frontend, backend, and infrastructure to even recognize as exploitable.

I’m usually in awe at expert security researchers when they find crazy vulnerabilities, but being able to use them in a practical attack require some of the broadest knowledge in the business.