Case Files / Public Index
Field Notes from the Paywall
Bug bounty write-ups, reverse engineering walkthroughs, and security postmortems. Each story is a self-contained read on a specific trust boundary that quietly failed.
Stories
02
Trying to Secure Your App Paywalls? Don’t Do What Flighty Did
Why “the response looks encrypted” almost never means the app is secure — and a step-by-step walkthrough of reconstructing Flighty’s protobuf schema from a Mach-O binary and rewriting subscription state in transit.
Read case file
01
Authorization Bypass Let Free Users Reach Premium Hinge Features Through the API
A redacted write-up about a subscription boundary that existed in the interface, but not where it mattered most: backend authorization.
Read case file