KENT APOSTOL

While still a student in 2022, Elosoft offered a regular security consultant position after identifying and reporting critical vulnerabilities in their web application and assisting with full remediation.

Discovered a CRLF Injection vulnerability in BASF systems. The Germany-based chemical giant recognized the contribution by adding the name to their official Security Researcher Hall of Fame — "Heroes of BASF."

Reported a Cross-Origin Resource Sharing (CORS) vulnerability in Informatica's systems. The Redwood City-based software company acknowledged the responsible disclosure by listing the name in their Hall of Fame.

Discovered an exposed server-status page, exploiting it to monitor incoming requests and access sensitive endpoints used by clients. Liquid Pixels awarded a bug bounty of $250 for this finding.

Successfully executed a subdomain takeover attack against the Tampa, Florida-based hosting company Hivelocity. Rewarded with a $50 bug bounty for the responsible disclosure.

Found an Insecure Direct Object Reference (IDOR) vulnerability in Tecno Mobile's application. The Shenzhen-based smartphone manufacturer awarded the Safe Keeper badge in recognition.

Successfully took over one of MicroStrategy's domains, contributing to the security of the Tysons Corner-based software company. Rewarded with a bug bounty for the discovery.

Discovered and reported a SQL injection vulnerability in the Singapore-based global payments platform 2C2P. Received an official letter of appreciation from the company.

Responsibly disclosed a vulnerability to Het Waterschapshuis (CERT-WM), the central IT organization for Dutch water authorities. Listed in their Security Researcher Hall of Fame.

Discovered and responsibly disclosed a vulnerability in NASA's digital infrastructure. Recognized in NASA's Security Researcher Hall of Fame and received a personal letter of appreciation from one of the world's most respected organizations.