XSS Explained Simply: The Three Types and How to Test Them
Cross-site scripting confuses people because there are three flavors that behave differently. A plain-English breakdown with test cases for each.
CTF writeups, bug bounty methodology, and security research notes.
Cross-site scripting confuses people because there are three flavors that behave differently. A plain-English breakdown with test cases for each.
After grinding privesc rooms, the techniques start to rhyme. The checklist I run after landing a low-privilege shell on a Linux box.
IDOR is simple, common, and high-impact — and automated scanners almost never find it. A practical guide to hunting it by hand.
You don't need to be a pentester to test for the most common web vulnerabilities. The OWASP Top 10, reframed as test cases a QA engineer can run.
Burp Suite has a hundred features and a beginner needs about five. The minimal workflow I use to test a web app, in order.
How I went from knowing nothing about offensive security to landing in the top 3% globally on TryHackMe — the rooms, the mindset, and the grind.

My first national-level security competition — the nerves, the format, the challenges, and the lessons that shaped how I compete now.
Detailed walkthrough of the challenges I solved at RIOT Center FlagHunt 2022, where I placed 7th nationally.
