Featured Research
Bypassing Input Filters to Land Reflected XSS via URL Encoding
A client-side input filter on a fleet management portal's search function looked solid — until I encoded the payload. A walkthrough of how Google dorking, a filter bypass, and an obscure event handler combined into a confirmed reflected XSS.
Security Researcher & Consultant
Independent security researcher focused on web applications, APIs, and network-exposed services. All research is conducted ethically within authorized bug bounty programs. Read more →