PGP
HackerOne
Yogosha
YesWeHack
TryHackMe
HackTheBox
CodeWars
Buy Me a Coffee
HackerNight 2024: my first live hacking event
Review of my experience at the HackerNight live hacking event in RootedCON and how I got the first blood on one of the customers.
Recent Posts
VulNyx: Diff3r3ntS3c
Writeup of the machine Diff3r3ntS3c from VulNyx.
VulNyx: HackingStation
Writeup of the machine HackingStation from VulNyx.
Human 1 - sqlmap 0: defeating automation through manual exploitation
Partial disclosure of a bug bounty report: human 1 - sqlmap 0: defeating automation through manual exploitation.
Reflected XSS bypassing hidden input tag and auto-submit script in a form
Partial disclosure of a bug bounty report: reflected XSS bypassing hidden input tag and auto-submit script in a form.
Subdomain takeover via unclaimed Azure VM
Partial disclosure of a bug bounty report: subdomain takeover via unclaimed Azure VM.
Reflected XSS through POST request in a login form
Partial disclosure of a bug bounty report: reflected XSS through POST request in a login form.
Reflected XSS in search filter clear button in an e-commerce website
Partial disclosure of a bug bounty report: reflected XSS in search filter clear button in an e-commerce website.
TE.TE HTTP request smuggling obfuscating the TE header
Partial disclosure of a bug bounty report: TE.TE HTTP request smuggling obfuscating the TE header.
Reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls
Partial disclosure of a bug bounty report: reflected XSS bypassing a 302 Security Redirect due to the presence of Javascript function calls.