Welcome to my blog!!

Ideas, systems, and research, bug bounty, and more.

I'm 20 and I've been unofficially hunting bugs for as long as I can remember. What started as taking things apart to see how they work recently turned into official research.

Most of my time is spent between reverse engineering and chasing the kind of edge cases that shouldn't exist in production. This is where I post my notes and whatever systems I'm currently breaking.

Recent

Two easy ways to break phone verification
Nov 10, 2025
Same registration flow, same final impact, two different OTP bypasses.
···
- bug-bounty
- web-security
- otp
- business-logic
How an LLM helped me break a national newspaper paywall
Oct 15, 2025
How AI helped me move faster on a paywall bypass by turning frontend clues into the right API path.
···
- bug-bounty
- web-security
- api
- business-logic
Pre-Account Takeover: a simple bug that still works too often
Apr 16, 2025
A simple Pre-ATO caused by weak ownership checks across signup, SSO, and account recovery flows.
···
- bug-bounty
- web-security
- logic-error
- oauth
How I got on CodinGame's Hall of Fame with an HTML injection
Oct 1, 2024
First paid bounty: HTML in a profile bio that turned into a phishing surface on a real domain.
···
- bug-bounty
- web-security
- html-injection

Recent

Two easy ways to break phone verification

How an LLM helped me break a national newspaper paywall

Pre-Account Takeover: a simple bug that still works too often

How I got on CodinGame's Hall of Fame with an HTML injection