4-day longest streak
Jun 2025
2930
Jul 2025
12345678910111213141516171819202122232425262728293031
Aug 2025
12345678910111213141516171819202122232425262728293031
Sep 2025
123456789101112131415161718192021222324252627282930
Oct 2025
12345678910111213141516171819202122232425262728293031
Nov 2025
123456789101112131415161718192021222324252627282930
Dec 2025
12345678910111213141516171819202122232425262728293031
Jan 2026
12345678910111213141516171819202122232425262728293031
Feb 2026
12345678910111213141516171819202122232425262728
Mar 2026
12345678910111213141516171819202122232425262728293031
Apr 2026
123456789101112131415161718192021222324252627282930
May 2026
12345678910111213141516171819202122232425262728293031
Jun 2026
123456789101112131415161718192021222324252627282930
Jul 2026
1234
👋 Hi, I'm savi0r Security researcher with hands-on experience in web security, bug bounty and offensive security fundamentals. Focused on understanding systems, attack surfaces and real-world exploitation paths. --- 🔍…
👋 Hi, I'm savi0r
Security researcher with hands-on experience in web security, bug bounty and offensive security fundamentals.
Focused on understanding systems, attack surfaces and real-world exploitation paths.
---
🔍 Areas of Focus
- Web Security & Business Logic Flaws
- Server-Side Vulnerabilities (SSRF, IDOR, Auth issues)
- Client-Side Attacks (DOM-based XSS, postMessage, race conditions)
- Network & Infrastructure Exposure
- Red Team fundamentals & attack chains
🧠 Technical Skills
Web & Backend
- XSS (reflected, DOM-based, postMessage)
- SSRF (internal recon, metadata exposure)
- Authentication & Authorization bypasses
- JWT weaknesses
- Logic flaws in payments & workflows
Infrastructure & Networking
- HTTP / DNS / TCP-IP fundamentals
- SMB enumeration & misconfigurations
- Cloud storage exposure (S3, backups, archives)
- Internal service discovery
---
🧰 Tooling
- Burp Suite
- Nmap
- ffuf / gobuster
- curl / httpx
- smbclient / enum4linux
- Wireshark
- Git & GitHub
📂 Portfolio Highlights
- Medium-severity SSRF (network segmentation bypass)
- Internal service exposure via mod_status reconnaissance
- JWT confusion → SSTI → RCE (CTF case study)
- Internal service exposure & data leaks
- CTF challenges focused on realistic exploitation
- Recon → exploitation → reporting workflow
---
📜 Certifications & Programs
- Bug Bounty Research (Intigriti / HackerOne)
- CTF challenges (web & infra focused)
-
iamsavi0r ★ PINNED
No description.
★ 1 4mo agoExplain → -
ejpt-roadmap ★ PINNED ⑂
This repository contains a roadmap for preparing for the EJPTv2 exam.
★ 0 1y agoExplain → -
ATLAS
🌍 ATLAS (Accessible Training Labs for Active-directory Security)
HCL ★ 4 4d agoExplain → -
rcectf
RCE PAYLOAD FOR CTF INTIGRITI
PHP ★ 0 9mo agoExplain →
No repos match these filters.