Some of my work

Can't disclose it all...

When possible I will try to provide more background information, yet this is not always possible due to disclosures. All these issues are fixed. I will never disclose unfixed issues.

Slack : Persistent Man in the Middle ‘fake’ login page

Razer US: Admin login page user retrieval & bruteforce

i3d.net: Checkout cart poisioning

Magento2: Admin backend XSS injection

Persgroep (ad.nl): CRM exploitation

rijksoverheid.nl: Non-protected analytics environment; bruteforceable, system analyse, data access and open for known CVE’s.

plus.nl XSS on citrix environment