Independent security researcher

Cloud infrastructure and Kubernetes security

GNA-119 GCVE Authority
☁️

Cloud Security

Azure, GCP, AWS

Kubernetes

RBAC, Escape, Controllers

🔐

Identity

OAuth, OIDC, Federation

📋

Disclosure

Responsible, Direct

Research covered by

Kim Zetter Investigative Journalist The Register Tech News BleepingComputer Security News

Featured Research

Google Cloud

ConfigConfusion: GCP IAM Takeover

Any Kubernetes namespace user can escalate to GCP Organization Owner. Google said "Nice catch!" then left it unpatched.

CVSS 10.0 CWE-441
Covered by The Register
Microsoft Azure

Azure Backup AKS Privilege Escalation

CERT/CC validated critical confused deputy vulnerability. Microsoft silently patched without CVE or customer notification.

CVSS 9.9 VU#284781 CWE-441
Covered by Kim Zetter, BleepingComputer

Latest

Playbook

OIDC Issuer Hijacking

Attack patterns for OIDC workload identity systems across GCP, Azure, and AWS.
Playbook

Confused Deputy Hunting Framework

Systematic methodology for finding CWE-441 vulnerabilities in cloud infrastructure.
Authority

GCVE Numbering Authority

GNA-119. Independent vulnerability identification when vendors refuse CVEs.