Sitemap

A list of all the posts and pages found on the site. For you robots out there is an XML version available for digesting as well.

Posts

A web cache deception chained to a CSRF, the recipe

7 minute read

Published: October 25, 2023

Recently, I received a bounty for a vulnerability discovered on an e-commerce site allowing the personal information — including the delivery address — of a user to be changed. Let’s talk about it!

XSS Intigriti challenge 0523

8 minute read

Published: May 30, 2023

Let me explain how did I overcome this XSS challenge set up by the bug bounty platform Intigriti. It may be a source of inspiration for some of you during your research.

DOS via cache poisoning on Mozilla

11 minute read

Published: May 17, 2023

Let’s take a closer look at how cache poisoning works and how I was able to exploit this vulnerability to get a DOS on the home page of a large company.

A successful prototype pollution chained to a DOM XSS

7 minute read

Published: April 10, 2023

Today I decided to share with you my last little discovery and to explain a little more in detail how prototype pollution work.

portfolio

Bug bounty, feedback, strategy and alchemy

Published: June 30, 2025

Honey attracts bees, and like many others who occasionally share moments of success, I often get asked recurring questions about bug bounty hunting: how I got started, what advice I’d give, what roadmap to follow, and so on. I figured it might be worthwhile to put some of my thoughts, experiences, and perspectives into writing for anyone curious about the subject.