Documenting real-world security vulnerabilities

Technical analysis of real-world security vulnerabilities discovered in live applications.

Case Studies

Authentication 04/2026

The Login Page That Logged Me In Without Logging In

Session fixation in healthcare portal allowing unauthorized access to patient medical records.

Cloud Misconfiguration 01/2026

From Hospital Dashboard to AWS Credentials

Open Cognito signup chained into AWS identity access with S3 and DynamoDB write permissions.

Broken Access Control 01/2026

From /etc/passwd to Admin Panel

How a misconfigured file read turned into Supabase access and full administrative control.

Information Disclosure 11/2025

The Dump That Almost Killed a Unicorn

Heapdump exposure leaking production database credentials.

Access Control Failure 09/2025

Guess Who's Admin Now

Authentication bypass allowing arbitrary role assignment during account creation.

Mission

DefStackHQ is an independent research project focused on identifying and documenting critical security flaws.

This platform serves as a technical portfolio for my work in vulnerability research and cloud security, shared to help build a more resilient web. Only issues that provide meaningful technical insight are published, and only after appropriate disclosure has taken place.

Contact

[email protected]