Swissky's Lab
Swissky

Swissky's adventures into InfoSec World !

Write-ups/CTF & Bug Bounty
LeHack 2026 - Payload PLZ Reloaded

LeHack 2026 - Payload PLZ Reloaded

Another year, another great challenge from YesWeHack. It was the same rules as last year, find the shortest polyglot payload that triggers in the maximum contexts, but this time we had 22 contexts instead of the 13 of 2025. More than enough to melt my brain again 🤯…
·
LeHack 2026 - Payload PLZ Reloaded
LeHack 2025 - Payload PLZ

LeHack 2025 - Payload PLZ

Last weekend, I took part in the LeHack 2025 event in Paris. As always, the challenges hosted by YesWeHack were top-notch and full of valuable learning opportunities. This year's highlight was crafting a polyglot payload capable of triggering in 13 different contexts, including SQL injection, XSS, Bash command execution, and more…
·
LeHack 2025 - Payload PLZ
Pokemon Glitches

Anatomy of Pokemon glitches

Digging into the anatomy of Pokemon Yellow glitches, or how to impress your school friends during break time…
·
Anatomy of Pokemon glitches
SSRFmap - AXFR module

SSRFmap - Introducing the AXFR module

After reading a great blog post about a CTF challenge where you had to chain several SSRF to get the flag, I took some time to improve SSRFmap, fix the bugs and merge the Pull Requests. Then I implemented a new module called axfr to trigger a DNS zone transfer from the SSRF using the gopher protocol. This blog post is about my journey on implementing it…
·
SSRFmap - Introducing the AXFR module