HACKERBADGER
Breaking things. Writing it down.
Visual_ID: HACKERBADGER
Latest Research
Sokudo: GraphQL Authorization Bypass via Introspection-Off Field Suggestions
2026.06.17
BugForge
easy
GraphQL Authorization Bypass
Part 1: Pentest Report
FurHire: Client-Side Path Traversal to Account Takeover
2026.06.15
BugForge
hard
Client-Side Path Traversal to Account Takeover
Part 1: Pentest Report
CopyPasta: API Token Name Confusion to Cross-User Impersonation
2026.06.15
BugForge
easy
Token-Name Identity Confusion
Part 1: Pentest Report
CopyPasta: IDOR Snippet Delete (Broken Object-Level Authorization)
2026.06.12
BugForge
easy
IDOR / Broken Object-Level Authorization
Vaultly: Account Takeover via Unbound Password-Reset Token
2026.06.10
BugForge
hard
Password-Reset Account Takeover
Shady Oaks Financial: UNION-based SQL Injection
2026.06.10
BugForge
easy
UNION-based SQL Injection
analytics
Activity Log
[2026.06.17]
New writeup published: Sokudo: GraphQL Authorization Bypass via Introspection-Off Field Suggestions
[2026.06.15]
New writeup published: FurHire: Client-Side Path Traversal to Account Takeover
[2026.06.15]
New writeup published: CopyPasta: API Token Name Confusion to Cross-User Impersonation
[2026.06.12]
New writeup published: CopyPasta: IDOR Snippet Delete (Broken Object-Level Authorization)
[2026.06.10]
New writeup published: Vaultly: Account Takeover via Unbound Password-Reset Token
construction
Toolkit
v0.3.0
Caido Workbench
SQLi and JWT workbench plugin for Caido proxy.
v1.2.0
Race
HTTP/2 single-packet race condition testing.
v1.0.0
JWTForge
JWT creation, modification, and signing tool.
More Coming
Additional tools in development.