Hacktus

@Hacktus

Website

I hunt for bugs and cacti sometimes :)

Joined January 2023

About

Hey! I'm a 24-year-old security researcher.

Available for

Nothing here yet.

Hacktus's blogs

Hacktushackt.us14 posts

Articles Comments

Recently published

HHacktushackt.usApr 21 · 8 min read

Full Account Takeover on an MCP OAuth Proxy: Why PKCE Can't Save You

TL;DR: Got an MCP OAuth proxy to hand me real production access tokens for any user who clicked one link. No fake login page. No cert warning. No MFA bypass. The victim actually signs in at the real S

0

HHacktushackt.usApr 14 · 18 min read

From Tomcat JMX Proxy to RCE via AccessLogValve Injection

Disclaimer: This research is published for educational and authorized security testing purposes only. The techniques described here should only be used against systems you own or have explicit written permission to test. The author is not responsible...

1

HHacktushackt.usFeb 7 · 8 min read

How I Tricked an AI Into Thinking I Owned Your Data

In this blog post, I'll walk you through one of the most unusual and creative bugs I've ever found. This isn't your typical IDOR or privilege escalation. This is a story about how an AI agent, designed to protect data, became the very thing that leak...

0

HHacktushackt.usJan 23 · 3 min read

What Can You Do With a Leaked Cognito Identity Pool ID?

Leaking a Cognito Identity Pool ID is often dismissed as a low-impact information disclosure. But when the IAM policy attached to the unauthenticated role is misconfigured, that "low-impact" leak becomes a direct path into the cloud infrastructure. W...

0

HHacktushackt.usDec 21, 2025 · 4 min read

Can you compromise a multi-billion dollar company via /health?

We all have those endpoints we instantly ignore in our HTTP history. You see GET /favicon.ico, you ignore it. You see GET /assets/logo.png, you ignore it. And usually, when you see GET /health, you ignore that too. Why? Because 99.9% of the time, the...

1

T

Hacktus

About

Available for

Hacktus's blogs

Recently published

Full Account Takeover on an MCP OAuth Proxy: Why PKCE Can't Save You

From Tomcat JMX Proxy to RCE via AccessLogValve Injection

How I Tricked an AI Into Thinking I Owned Your Data

What Can You Do With a Leaked Cognito Identity Pool ID?

Can you compromise a multi-billion dollar company via /health?

Search Hashnode

Hacktus

About

Available for

Hacktus's blogs

Recently published

Full Account Takeover on an MCP OAuth Proxy: Why PKCE Can't Save You

From Tomcat JMX Proxy to RCE via AccessLogValve Injection

How I Tricked an AI Into Thinking I Owned Your Data

What Can You Do With a Leaked Cognito Identity Pool ID?

Can you compromise a multi-billion dollar company via /health?