3
Blog
Posts
2
Case
Studies
2
Languages
4+
Years
Hunting
[LATEST_POSTS]
VIEW_ALL →Writeup6 min read
When Protocol Parsing Leaks Into Application Logic
How I found a CRLF-based request header injection that let me poison the Host header and turn it into an open redirect on a GitLab instance.
12/27/2025READ_more →
Writeup8 min read
From Self-XSS to Reflected XSS: A CSRF Escalation Story
How I transformed a seemingly harmless self-XSS vulnerability into a critical reflected XSS by chaining it with CSRF, demonstrating the power of vulnerability escalation in bug bounty hunting.
11/10/2025READ_more →
Tutorial12 min read
How I Passed the BSCP After 4 Attempts
The BSCP was harder than I expected. Here's what actually worked for me after failing three times and what I'd do differently if I started over.
9/21/2025READ_more →