Recent posts

AWAE Course and OSWE Exam Review

8 minute read

Introduction This is a review of the Advanced Web Attacks and Exploitation (WEB-300) course and its OSWE exam by Offensive-Security. I’ve taken this course b...

Smuggling an (Un)exploitable XSS

3 minute read

Smuggling an (Un)exploitable XSS This is the story about how I’ve chained a seemingly uninteresting request smuggling vulnerability with an even more uninte...

Bug Bounty Platforms vs. GDPR: A Case Study

19 minute read

What Do Bug Bounty Platforms Store About Their Hackers? I do care a lot about data protection and privacy things. I’ve also been in the situation, where a bu...