Swissky's adventures into InfoSec World !
Write-ups/CTF & Bug Bounty
LeHack 2026 - Payload PLZ Reloaded
Another year, another great challenge from YesWeHack. It was the same rules as last year, find the shortest polyglot payload that triggers in the maximum contexts, but this time we had 22 contexts instead of the 13 of 2025. More than enough to melt my brain again 🤯…
·
LeHack 2026 - Payload PLZ Reloaded
LeHack 2025 - Payload PLZ
Last weekend, I took part in the LeHack 2025 event in Paris. As always, the challenges hosted by YesWeHack were top-notch and full of valuable learning opportunities. This year's highlight was crafting a polyglot payload capable of triggering in 13 different contexts, including SQL injection, XSS, Bash command execution, and more…
·
LeHack 2025 - Payload PLZ
Anatomy of Pokemon glitches
Digging into the anatomy of Pokemon Yellow glitches, or how to impress your school friends during break time…
·
Anatomy of Pokemon glitches
SSRFmap - Introducing the AXFR module
After reading a great blog post about a CTF challenge where you had to chain several SSRF to get the flag, I took some time to improve SSRFmap, fix the bugs and merge the Pull Requests. Then I implemented a new module called axfr to trigger a DNS zone transfer from the SSRF using the gopher protocol. This blog post is about my journey on implementing it…
·
SSRFmap - Introducing the AXFR module