Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Posts

CTF - Intigriti - 0825

6 minute read

Published: August 26, 2025

After a long break from challenges and CTFs, I felt it was time to start training again. The urge came earlier this month, following some introspection on how little I had been dedicating to such exercises, a realization that left me with a sense of.. guilt? I then visited the Intigriti Discord server, hoping to find an ongoing challenge, but nothing was happening at that time. So, I was eagerly awaiting this one, let’s dive in.

A web cache deception chained to a CSRF, the recipe

7 minute read

Published: October 25, 2023

Recently, I received a bounty for a vulnerability discovered on an e-commerce site allowing the personal information — including the delivery address — of a user to be changed. Let’s talk about it!

XSS Intigriti challenge 0523

8 minute read

Published: May 30, 2023

Let me explain how did I overcome this XSS challenge set up by the bug bounty platform Intigriti. It may be a source of inspiration for some of you during your research.

DOS via cache poisoning on Mozilla

11 minute read

Published: May 17, 2023

Let’s take a closer look at how cache poisoning works and how I was able to exploit this vulnerability to get a DOS on the home page of a large company.

portfolio

Bug bounty, feedback, strategy and alchemy

Published: June 30, 2025

Honey attracts bees, and like many others who occasionally share moments of success, I often get asked recurring questions about bug bounty hunting: how I got started, what advice I’d give, what roadmap to follow, and so on. I figured it might be worthwhile to put some of my thoughts, experiences, and perspectives into writing for anyone curious about the subject.

Draft of a night walk: the diagnosis of a researcher’s quest for success

Published: January 24, 2026

I’m coming back from a long nighttime walk with a friend, during which we had several interesting discussions. One of them seemed relevant enough to turn into the short draft you’re reading now. This friend has been training in offensive web security for almost a year. He’s an intelligent and particularly studious person, yet despite that, he’s struggling to find his first vulnerability during his bug bounty sessions, and we were trying to identify the potential reasons behind it.