Concurrent Session Restriction Bypass via Improper Client-Side Device Binding
Case study on trusting client-supplied device identity for concurrent session enforcement—and how that breaks under reverse engineering.
Read →Portfolio
Security writing
Application security case studies
Technical case studies and notes on AppSec, mobile reverse engineering, and defensive design.
Writing
Series can be read in order or on their own. Everything else lives under standalone articles.
Series
MITM exploit
Multi-part write-up on proxy-assisted manipulation of trusted clients—one vulnerability arc split across several posts.
1 published · 4 parts planned
-
Part 1 / 4 May 7, 2026