JG

Jeroen Gui

Cybersecurity Professional

Security professional, bug hunter & entrepreneur.

I find vulnerabilities, take down phishing at scale, and build security tooling. Studying Computer Science & Information Management at KU Leuven. Based in Belgium.

Read the Blog About Me

Recent Articles

Two Input Paths, One Security Check: File Read in LookyLoo's PlaywrightCapture

How LookyLoo's document capture mode bypassed its own SSRF protections, and how the fix uses Playwright route handlers to filter secondary requests.

vulnerability-researchSSRFLookyLooGCVE

When Auth Key Reset Skips the Privilege Check: A MISP Access Control Bug

A look at how an incomplete fix from 2019 left MISP's auth key reset endpoint vulnerable to privilege escalation, and what the patch looks like.

vulnerability-researchaccess-controlMISPCVE

Sorting Gone Wrong: SQL Injection in MISP's ORDER BY Handling

How I found and reported a blind SQL injection in MISP's event and shadow attribute listing endpoints through unsanitized ordering parameters.

vulnerability-researchsql-injectionMISPCVE

View all articles →