Skip to content
View the0x-pwn's full-sized avatar
๐Ÿ‡ฎ๐Ÿ‡ถ
๐Ÿ‡ฎ๐Ÿ‡ถ

Block or report the0x-pwn

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please donโ€™t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this userโ€™s behavior. Learn more about reporting abuse.

Report abuse
the0x-pwn/README.md
Typing SVG

ย ๐Ÿ‡ฎ๐Ÿ‡ถ Iraq



Twitter LinkedIn HackTheBox TryHackMe


๐Ÿ›ก๏ธ whoami

the0x@arch ~ % whoami --verbose
[+] Role        : Cyber Security Researcher / Web Penetration Tester
[+] Based in    : ๐Ÿ‡ฎ๐Ÿ‡ถ Iraq
[+] OS Religion : Arch Linux (btw)
[+] Status      : Breaking apps responsibly, one request at a time
[+] Addiction   : CTF challenges & bug bounty hunting
[+] Mindset     : "If it's not tested, it's not secure"

๐ŸŽฏ Specialization

๐Ÿ”ญ Currently working on    : Web Application Penetration Testing
๐ŸŒฑ Currently learning      : Advanced Privilege Escalation & Access Control techniques
๐Ÿ‘ฏ Looking to collaborate  : CTF teams & Bug Bounty projects
๐Ÿค” Looking for help with   : Advanced research in Vertical/Horizontal BAC
๐Ÿ’ฌ Ask me about            : SQLi, XSS, IDOR, BAC, CTF Writeups
โšก Fun fact                : I don't trust any user input โ€” not even my own ๐Ÿ˜„

๐Ÿงจ Exploitation Expertise

๐Ÿ” Access Control & Auth

  • Broken Access Control (BAC)
  • Vertical / Horizontal BAC
  • Context-Based BAC
  • Authentication Bypass (AUTH BYPASS)
  • Insecure Direct Object Reference (IDOR)
  • Privilege Escalation

๐Ÿ’‰ Injection Attacks

  • SQL Injection โ€” Union-Based
  • SQL Injection โ€” Error-Based
  • Blind SQLi โ€” Boolean-Based
  • Blind SQLi โ€” Time-Based
  • Second-Order SQL Injection

๐Ÿงฌ Client-Side Attacks

  • Cross-Site Scripting (Reflected)
  • Cross-Site Scripting (Stored)
  • DOM-Based XSS
  • Cross-Site Request Forgery (CSRF)

๐Ÿ“ File-Based Attacks

  • Unrestricted File Upload
  • File Upload RCE Chains

โš™๏ธ Tech Arsenal โ€” Languages & Technologies

Proficiency levels are based on my own self-assessment ๐ŸŽฏ

PHP 85%
Laravel 80%
Python 90%
Go 65%
SQL 88%
MySQL 85%
JavaScript 78%
HTML 95%
CSS 90%
Bootstrap 85%
Tailwind 80%
Bash Script 60%

๐Ÿ–ฅ๏ธ Operating Systems

Arch Linux Windows

Arch Linux is my one true love โ€” full control or nothing ๐Ÿ–ค


๐Ÿ“Š GitHub Stats



๐Ÿšฉ CTF & Bug Bounty

[*] Categories  : Web Exploitation | Network Pentest | Misc
[*] Mentality   : "Every app has a flaw, the only question is when you'll find it"
[*] Currently   : Hunting bugs & solving boxes

Popular repositories Loading

  1. ghostdir ghostdir Public

    Python 2

  2. sql_injection sql_injection Public

    PHP 2

  3. Bash-Scripting Bash-Scripting Public

    Shell

  4. lab-xss lab-xss Public

    9 XSS challenges covering Reflected, DOM-Based, and Filter Bypass โ€” Easy to Hard

    HTML

  5. lab-CSRF lab-CSRF Public

    PHP

  6. the0x-pwn the0x-pwn Public