January 22, 2026 • –––viewsWhen Self-XSS Isn’t Self Anymore: Escalating to Account Takeoverbug-bountyWriteupWebATOXSSHow chaining a self‑XSS with email HTML injection resulted in account takeover.
November 22, 2025 • –––viewsCTF - Intigriti Challenge 1125WriteupWebCTFRCESSTIJWTCTF - Intigriti Challenge 1125: JWT tampering to gain admin access, then Jinja2 SSTI for RCE and flag recovery.
August 5, 2025 • –––viewsWhen the Price Goes Wrong: $9K from 2 Price Manipulationbug-bountyWriteupWeb2 price manipulation bugs turned into a $9,000 bounty by breaking the application's core logic.