My first two valid and rewarded Web Cache Deceptions, earning $2250

Basic HTTP Authentication Risk: Uncovering pyspider Vulnerabilities

CSRF Bypass Using Domain Confusion Leads To ATO

Vulnerabilities in Homepage Dashboard

Gotta cache 'em all: bending the rules of web cache exploitation

Splitting the email atom: exploiting parsers to bypass access controls