Independent security researcher
Cloud infrastructure and Kubernetes security
GNA-119
GCVE Authority
Cloud Security
Azure, GCP, AWS
Kubernetes
RBAC, Escape, Controllers
Identity
OAuth, OIDC, Federation
Disclosure
Responsible, Direct
Research covered by
Featured Research
Google Cloud
ConfigConfusion: GCP IAM Takeover
Any Kubernetes namespace user can escalate to GCP Organization Owner. Google said "Nice catch!" then left it unpatched.
Covered by The Register
Microsoft Azure
Azure Backup AKS Privilege Escalation
CERT/CC validated critical confused deputy vulnerability. Microsoft silently patched without CVE or customer notification.
Covered by Kim Zetter, BleepingComputer
Latest
Playbook
OIDC Issuer Hijacking
Attack patterns for OIDC workload identity systems across GCP, Azure, and AWS.
Playbook
Confused Deputy Hunting Framework
Systematic methodology for finding CWE-441 vulnerabilities in cloud infrastructure.
Authority
GCVE Numbering Authority
GNA-119. Independent vulnerability identification when vendors refuse CVEs.