Skip to content
View prasanna8585's full-sized avatar
  • 05:17 (UTC +05:30)

Block or report prasanna8585

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
prasanna8585/README.md

Hi there, I'm Prasanna Dabi πŸ‘‹

πŸ›‘οΈ Cybersecurity Practitioner | Cloud Security Architect

Specializing in cloud infrastructure hardening and advanced threat detection.


πŸ† Featured Security Discovery: CVE-2026-46602

  • Project: Go Core Image Packages (golang.org/x/image/tiff)
  • Vulnerability: Unbounded Memory Allocation / Resource Exhaustion - CVSS 7.5
  • Official Advisory: GO-2026-5062 | GHSA-pwfv-328h-75x9
  • Impact: Identified a resource validation flaw where processing maliciously crafted tiled TIFF images forces immediate Out of Memory (OOM) errors and Denial of Service (DoS).

πŸ† Featured Security Discovery: CVE-2026-12681

  • Project: Google go-attestation Library
  • Vulnerability: Improper Input Validation / TPM Hash Injection - CVSS 8.9
  • Official Advisory: GHSA-9r4w-jg96-92mv
  • Impact: Discovered a critical logic flaw in parseEfiSignatureList() where a crafted TPM event log can inject arbitrary SHA256 hashes into a verifier's trusted database, causing a compromised boot state to be falsely accepted.

πŸ† Featured Security Discovery: CVE-2026-25212

  • Project: Percona Monitoring and Management (PMM)
  • Vulnerability: Authenticated Remote Code Execution (RCE) - CVSS 9.9
  • Official Advisory: GHSA-hm6f-x2ww-p497
  • Impact: Identified a critical flaw allowing full host compromise via reverse shell.

πŸš€ Notable Security Discovery: Go SSH Client Terminal Escape Sequence Injection

  • Project: Go Extended Cryptography Library (golang/go / x/crypto)
  • Vulnerability: Improper Input Sanitization / ANSI Escape Sequence Injection
  • Official Advisory: Issue #80302
  • Impact: Discovered a vulnerability in the ssh.BannerDisplayStderr() helper function where pre-authentication SSH banners were streamed directly to os.Stderr without data sanitization. A malicious or compromised server could inject arbitrary ANSI escape codes to execute terminal spoofing, manipulate clipboards, or potentially exploit underlying terminal emulator vulnerabilities on the client side.

πŸš€ Notable Security Discovery: gVisor Mount Isolation Bypass

  • Project: Google gVisor Container Sandbox (google/gvisor)
  • Vulnerability: Mount Namespace Security / Container Isolation Bypass
  • Official Advisory: Issue #13481 | Pull Request #13482
  • Impact: Discovered a sandbox isolation flaw where open_tree(OPEN_TREE_CLONE) incorrectly succeeded on MNT_DETACH unmounted paths (which strictly returns EINVAL on native Linux). This allowed a user with container root privileges to clone and re-attach an intentionally isolated filesystem via move_mount(2), completely breaking container containment boundaries.

πŸš€ Notable Security Discovery: xpub Change-Index Amplification

  • Project: Trezor Blockbook Service
  • Vulnerability: Unauthenticated Resource Exhaustion (DoS)
  • Official Advisory: Trezor Security
  • Impact: Identified an amplification flaw where uncapped change indexes in xpub descriptors forced excessive database lookups and address derivations, filling a global in-memory cache and forcing a complete Out-of-Memory (OOM) server crash.

πŸš€ Notable Security Discovery: Unauthenticated Remote Memory Exhaustion

  • Project: Trezor Blockbook Service
  • Vulnerability: Denial of Service (DoS) via Unbounded Timestamp Array
  • Official Advisory: Trezor Security
  • Impact: Found a flaw in the historical price API allowing unauthenticated remote attackers to pass massive, unbounded timestamp arrays to trigger rapid server memory exhaustion.

πŸš€ Notable Security Discovery: eBPF DDoS Mitigation Logic Failure

  • Project: PowerDNS dnsdist
  • Vulnerability: Logic Flaw / Denial of Service (DoS) Mitigation Bypass
  • Official Advisory: Pull Request #17287
  • Impact: Discovered a critical logic error in bpf-filter.cc where range-based subnet evaluation queries incorrectly triggered a runtime error, completely breaking active eBPF-based blocking mechanisms and leaving the DNS infrastructure exposed during traffic spikes.

πŸš€ Notable Security Discovery: REST API Permission Boundary Bypass

  • Project: PowerDNS dnsdist
  • Vulnerability: Authorization Bypass / Improper Access Control
  • Official Advisory: Pull Request #17291
  • Impact: Identified a security boundary issue where restricted "Read-Only" API tokens could bypass endpoint separation rules to execute unintended state-changing memory actions (such as purging the global packet cache and exploiting CORS misconfigurations), breaking the isolation between read and write access keys.

Bug Bounty Terminal Dashboard

πŸ› οΈ Technical Stack


πŸ“« Let's Connect


"Securing the cloud, one exploit at a time."

prasanna8585

Bug Bounty Target Radar

Popular repositories Loading

  1. fifty-bird fifty-bird Public

    Forked from games50/fifty-bird

    Lua

  2. portscanner portscanner Public

    It displays the ports open for multiple target .

    Python

  3. zero-to-mastery-ml zero-to-mastery-ml Public

    Forked from mrdbourke/zero-to-mastery-ml

    All course materials for the Zero to Mastery Machine Learning and Data Science course.

    Jupyter Notebook

  4. Numpy Numpy Public

    Numpy Practice and exercise

    Jupyter Notebook

  5. Matplotlib Matplotlib Public

    Matplotlib practice and exercise

    Jupyter Notebook

  6. freecodecamp_Scientific_computing freecodecamp_Scientific_computing Public

    this problems are solved from freecodecamp scientific Computing

    Python