// Bug Bounty

Vulnerability Research

When I have time to hunt bugs.

Bugcrowd

1 P1 finding on YNAB. Hall of Fame #14.

  • Blind time-based SQLi & blind stored XSS YNAB P1 Write-up →
Profile →

HackerOne

1 report to GitLab (SSRF, duplicate).

  • Blind SSRF through repository import GitLab Medium (duplicate)
Profile →

Intigriti

1 medium finding on Combell program.

  • Open SMTP relay Combell Medium
Profile →
// Wargames

Always-On Platforms

Permanent CTF platforms I practice on.

HackTheBox

Online platform with vulnerable machines and challenges.

HackTheBox badge
Profile →

Root Me

Challenges and virtual environments to practice hacking.

Profile →

Hacker101

Free web security training. Earned 3 invitations to private programs.

Platform →
// Events

CTF Competitions

Online CTF events I've participated in.

HacktivityCon 2020 CTF

2020

Finished 282 of 3663 players (top 8%) with 960 points.

CTFtime →

Yogosha Entry Test

July 2020

Finished 31 of 155 players (top 20%).

Intigriti CTF

January 2019

Didn't manage to get the flag, but learned a lot.

Write-up →
// Challenges

Standalone Challenges

Individual security challenges and write-ups.

Intigriti XSS Challenge

XSS challenge from Intigriti.

Write-up →

Intigriti 5k Followers XSS

XSS challenge celebrating 5k followers.

Write-up →

Intigriti Easter XSS

Easter-themed XSS challenge from Intigriti.