Master SECThe beauty of chaining client-side bugsThis is part of a report of a bug that I sent back in 2020, changing of course the program name for obvious reasons.10 min read·May 28, 2021----
Master SECWeaponizing BURP to work as an evil SSRF Confluence Server.I was doing bounty on a private H1 program that interacts with various external services one of them was Atlassian Confluence and Jira.3 min read·Dec 14, 2019----
Master SECBypass Uppercase filters like a PRO (XSS Advanced Methods)While we are not working on Pentesting for companies, we love to Bug Hunting on Hackerone.4 min read·Oct 11, 2019--2--2