About Me
My name’s Enis, and I break things for a living, on purpose. I’m a security consultant who tests how apps, websites, and systems can be hacked. Recently, I’ve been identifying security vulnerabilities in large language models and AI agents.
Recent Blog Posts
Prompt Injection, but Make It Invisible
6 min read
AI SecurityHidden UnicodeBug Bounty
How a Shared Folder Led to Full Account Access in Nextcloud
5 min read
Web SecurityNextcloudBusiness Logic Error
From Folder Sharing to Data Exposure
4 min read
Web SecurityNextcloudBusiness Logic Error
Nextcloud Workflows Remote Code Execution
5 min read
Web SecurityNextcloudOS Command Injection