This blog post contains writeups for PHP-Redis (SSRF) and AJAX Amsterdam (Broken Access Control)
A writeup about how XSS can lead to RCE and how desktop apps can be vulnerable to XSS too
Writeup on a unique SSRF challenge in Reunion CTF 2026
This blog post details my research on XS-Leaks using Chrome 0-day.