I chase impact bugs — account takeovers, RCE, privilege escalation, business-logic flaws, IDORs that leak every user's data. I split my time between automation that maps attack surface at scale and manual hunting where the high-severity work actually lives.
- PA-Pentest_Automation — automated pentest pipeline (host header injection, broken-link hijacking, backup-file discovery, SSL audit, JS secret hunting, request smuggling)
- Mass-XSS — bash pipeline that takes a subdomain list, harvests URLs from gau / waybackurls / katana / hakrawler, and sprays XSS payloads via airixss
- prototype-polluter — Go tool to scan URL lists for client-side prototype pollution
- SeBackup-Privilege — local + remote abuse paths for the Windows
SeBackupPrivilege(CTF/AD focused)
