Skip to content
View skraft9's full-sized avatar

Block or report skraft9

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
skraft9/README.md

πŸ‘‹ Hi β€” I'm Seth

Full-time cybersecurity engineer in the financial sector and part-time independent cybersecurity researcher.


πŸ” Cybersecurity Research Highlights

  • 🎯 CVE-2025-29471 – Stored XSS + Privilege Escalation in Nagios Log Server πŸ’₯PoC Code | ▢️ PoC Demo | πŸ“° Featured

  • 🧨 Nagios Log Server – Elasticsearch DoS πŸ’₯PoC Code | ▢️ PoC Demo

  • πŸ”‘ Nagios Log Server – API Key Exposure πŸ’₯PoC Code | ▢️ PoC Demo

  • πŸ•΅οΈ Sensitive Data Exfiltration – Exfiltrated 300+ customer policy documents from a misconfigured system at a Fortune 500 financial services provider.

  • πŸ“‚ S3 Bucket Discovery – Located sensitive files exposed via public S3 buckets.

  • πŸ’³ CORS Misconfiguration – Identified credit card token leakage via overly permissive CORS headers on a LATAM-based food delivery service.

  • 🧾 Privacy Issues – Discovered misconfigurations impacting user privacy and exposing PII through metadata from API endpoints on a widely used digital content platform.

Disclaimer: All findings were identified through independent research and disclosed responsibly to the affected vendors. Details have been intentionally withheld in accordance with program restrictions. This work was conducted outside of my employment and reflects my personal efforts in cybersecurity research.


πŸ›  Tools & Scripts

cybersecurity-research-tools


πŸ“œ My CVE Publications

cve-publications


🀝 Let's connect

Pinned Loading

  1. CVE-2025-29471 Public

  2. clickhouse-security-research Public

  3. pfsense-security-research Public

    9

  4. nagios-log-server-dos Public

  5. cve-publications Public

  6. cybersecurity-research-tools Public

    Shell 1