Deanonymizing Users at Scale: When Blocking Becomes an Oracle

In this post I will show how, by combining two regular features, it was possible to figure out the phone number of almost any user on a large social media platform with millions of users. Context:...

Nov 18, 2025 Security, Bug-Bounty, Web-Security

A University Web Audit

During my final degree project, I audited several web applications from my university, the Universidad Politécnica de Madrid, and identified hundreds of vulnerabilities, many of which had a critica...

Oct 6, 2025 Security, Web-Security

Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover

Recently, while auditing the main application of a private bug bounty program, I discovered a Client-Side Path Traversal (CSPT) and a Cache Deception vulnerability. Individually, these issues were ...

Aug 18, 2025 Security, Bug-Bounty, Web-Security

Deanonymizing Users at Scale: When Blocking Becomes an Oracle

A University Web Audit

Cache Deception + CSPT: Turning Non Impactful Findings into Account Takeover

Trending Tags