2020 AVideo < 8.9 Privilege Escalation and File Inclusion that led to RCE Careem AWS S3 Bucket Takeover Moodle DOM Stored XSS to RCE Intigriti Easter XSS Challenge Write-up myClock XSS Challenge Solution Write-Up
2018 Take Advantage of Out-of-Scope Domains in Bug Bounty Programs Obtaining WordPress CSRF Tokens for Fun, $1337 bounty, and CVE-2017-5489
2016 Hijack Vimeo Private Videos using Flash Hack.me XSS Challenge | Solution Vine Re-auth Bypass [Twitter Bug Bounty] Medium 1-Click Full Account Takeover How I Hacked Oculus, eBay, and IBM OAuth
2015 Cloudflare WAF XSS One Payload to XSS Them All! Blind SQL Injection in Hootsuite Learning Platform