Hi, I'm Jay, also known as 0SPwn, a 17-year-old cybersecurity enthusiast from the UK. I hold certifications in eJPT and eCPPTv2, and work as a security consultant (Penetration Tester). Currently, I'm a contracted Offensive Security Web Application Trainer with Hack The Box EU and have had the honor of speaking at BSides Cymru 2023.
My expertise lies in identifying and exploiting web application vulnerabilities, and I actively participate in bug bounty programs and Vulnerability Disclosure Programs (VDPs) for major organizations such as Yahoo, Verizon, AT&T, the Department of Defense, System76, and Instagram, among others.
I am passionate about both offensive and defensive security, and I enjoy sharing my knowledge through blogging, and YouTube content creation.
Mentoring, Penetration Testing
CVE-2022-24785 Description Moment.js is a JavaScript date library for parsing, validating, manipulating, and formatting dates. A path traversal vulnerability impacts npm (server) users of Moment.js between versions 1.0.1 and 2.29.1, especially if a u...

Initial Discovery We commenced our investigation by identifying a Satellite Ingest System that appeared to serve as a pivotal point in the town's internet connectivity infrastructure. Our curiosity was piqued by the absence of authentication measures...
