Skip to main content
Nico Waisman

Nico Waisman

CISO | XBOW @ XBOW

LinkedInXGitHub
BlogSecurity Research
CVE-2025-27888: Server-Side Request Forgery via URL Parsing Confusion in Apache Druid Proxy Endpoint

CVE-2025-27888: Server-Side Request Forgery via URL Parsing Confusion in Apache Druid Proxy Endpoint

Nico Waisman
BlogCompany News
XBOW on HackerOne: What’s Next

XBOW on HackerOne: What’s Next

Nico Waisman
BlogCompany News
Black Hat & DEF CON: Running XBOW Live, Presentation Slides, and The Talk You Didn’t Miss

Black Hat & DEF CON: Running XBOW Live, Presentation Slides, and The Talk You Didn’t Miss

Nico Waisman
BlogSecurity Research
The Campaign Is Not Available in Your Country: XBOW Discovered an SQLi While Attempting to Bypass Geolocation Restrictions.

The Campaign Is Not Available in Your Country: XBOW Discovered an SQLi While Attempting to Bypass Geolocation Restrictions.

Nico Waisman
BlogTechnical Deep Dive
How XBOW Turned a JavaScript Hint Into a Working File Inclusion

How XBOW Turned a JavaScript Hint Into a Working File Inclusion

Nico Waisman
BlogCompany News
The Road to Top 1: How XBOW Did It

The Road to Top 1: How XBOW Did It

Nico Waisman
BlogSecurity Research
The Nightmare Before Christmas: An Arbitrary File Download on Zoo-Project

The Nightmare Before Christmas: An Arbitrary File Download on Zoo-Project

Nico Waisman
BlogSecurity Research
SSRF & URI Validation Bypass in 2FAuth

SSRF & URI Validation Bypass in 2FAuth

Nico Waisman
BlogSecurity Research
How XBOW Found a Scoold Authentication Bypass

How XBOW Found a Scoold Authentication Bypass

Nico Waisman