Hey there, I'm Matei Buzdea (also known as "mtib"), a wannabe security researcher. These are some of the most interesting (at least for me) security issues I've found or read about over the years.
Bypassing misconfigured Auth0 MFA implementations
Some time ago, I was searching for bugs in a web application running Auth0. And because Auth0 is a popular OAuth provider (and implicitly very secure), I started looking deeper into its inner workings. The result was a bypass of a custom MFA implementation, which could have allowed an attacker full long-term access to any user’s account.
Breaking through AWS API Gateways - TFC CTF 2025
On 30 August 2025 we organized the fifth - and the largest - edition of TFC CTF. And because over the past year I’ve been messing a lot with AWS, I decided to create a challenge combining some of the most interesting security issues that can be found in AWS API Gateway, especially regarding Lambda Authorizers and Mapping Templates. In...
When email injection becomes a problem
Many websites take security seriously and use a lot of filters and sanitizers to prevent any sort of injection in common user-controlled fields, such as the username, address, etc. However, when it comes to emails, it looks like most developers don’t even think that they can be exploited.