devd

✶ self-taught back-end developer, with a commitment for security.
✶ network & security researcher.
✶ node~python~.net~golang
✶ freelance spanish translator.
✶ loves indie & alternative music.

projects / achievements / acknowledgements


my discord

danceparty

danceparty is an open-source project, made to recreate the just dance services.
the remade services include:
✶ just dance 2016-2018 (old & new-gen consoles, ubiart framework)
✶ just dance now (ios, android, web & unity)
✶ just dance: vitality school (ios, android, unity)

one of my achievements with ubisoft involve a security/breach targeting the just dance infrastructure.in november 2021, a few friends and myself discovered an open proxy port that allowed us to access the entirety of the ubisoft internal network. there we were able to access the gitlab for current and future projects, as well as their aws services.

i found a vulnerability with the just dance now user system.by reverse engineering the login system, this vulnerability allowed me to login into any user's just dance now account by only using their dancer card id. this allowed me to use their vip subscription, coins, modify their profile, and play songs like a normal user would.this vulnerability was not patched, and it is unlikely that it will be patched since this would require changing all user's ids.