Offensive Security
Remmy9
Offensive security research, exploits, and tradecraft. Real findings, real chains, real impact.
There's always a way in. The only question is how many layers you're willing to peel back. — Remmy
>_ Posts
view all → >_
Bypassing WAF, 403, and OTP to Exploit SQL Injection Bypassing WAF, 403 Forbidden, and OTP restrictions to exploit a blind SQL injection on a VDP program.
>_ My Therapist Said Tiny Problems Don’t Matter. These Vulnerability Chains Proved Me Wrong. Chaining multiple low-severity IDORs, broken access control, and token exhaustion into a data exfiltration chain.
>_ From alert(origin) to ATO, an XSS Story How a simple XSS discovery escalated to full account takeover through response manipulation and creative payload crafting.
>_ 403 Forbidden? No Problem, Here’s a POST XSS Bypassing 403 forbidden restrictions to deliver a POST-based XSS payload that led to a Bugcrowd bounty.