Writeups

A walkthrough of the HackTheBox Keeper machine covering initial enumeration, exploiting default credentials in Request Tracker, and leveraging a KeePass memory dump for privilege escalation.

A breakdown of the most common access control failures encountered during security assessments, from IDOR vulnerabilities to missing function-level authorization checks.

How I built a modular Python pipeline to automate the repetitive parts of bug bounty reconnaissance while keeping the manual analysis where it matters most.