Feb 6, 2026 · A collection of write-ups from the best hackers in the world on topics ranging from bug bounties and CTFs to vulnhub machines, hardware challenges and real life encounters.

Jul 20, 2025 · In this write-up, we’ll walk through how a $250 vulnerability in Lodash’s zipObjectDeep() method turned into a prototype poisoning problem, and how you can spot similar flaws in the wild.

Oct 2, 2024 · In this post, I’ll walk you through how I uncovered a prototype pollution vulnerability, leading to a $175 bounty. Let’s dive in! I’ve been hunting bugs for like 2 years, I usually target...

For 2026 I like to put the bar a bit higher for myself. While maintaining the realistic percentages I gained this year, I doubled the amount of bugs I would like to find.

In general, prototype pollution refers to vulnerabilities in a program that allow attackers to pollute properties on the prototype chain. However, in addition to pollution, the attacker must find a place …

In this video, I cover JavaScript Prototype Pollution, a useful gadget that can assist in exploiting vulnerabilies like XSS and CSRF on the client, whilst also potentially leading to RCE on the...

This learning path introduces you to prototype pollution vulnerabilities in JavaScript. You'll learn what prototype pollution is, how it can be exploited, and how to prevent it in your applications.