About Me

I am a cybersecurity enthusiast and bug bounty hunter with hands-on experience in finding and exploiting real-world web application vulnerabilities. I focus on understanding how applications work internally and how small logic flaws can turn into critical security issues.

My approach is heavily manual-testing oriented. Instead of relying only on automated scanners, I analyze application logic, authentication flows, authorization checks, and backend behavior to uncover vulnerabilities that are often missed.

What I Do

  • Web Application Security Testing
  • Bug Bounty Hunting on real-world targets
  • Deep analysis of application logic & workflows

Vulnerabilities I Focus On

  • AI Hacking (Prompt Injection & Model Extraction)
  • IDOR (Insecure Direct Object Reference)
  • SQL Injection (including WAF bypass techniques)
  • Cross-Site Scripting (XSS)
  • Race Conditions
  • CORS Misconfigurations
  • Authentication & Authorization Issues
  • OTP & Business Logic Bypass

Technical Skills

  • Manual testing using Burp Suite
  • HTTP request & response analysis
  • Parameter tampering and access control testing
  • Business logic vulnerability discovery
  • Basic scripting & automation with Python
  • Web scraping and testing using Selenium
  • Understanding of REST APIs, sessions, and tokens

Mindset

I believe effective hacking is not about tools — it’s about breaking assumptions and thinking like the backend. I continuously improve my skills by testing real applications, studying vulnerability write-ups, and building my own proof-of-concepts.

"Always learning. Always testing. Always breaking logic."