← back to site

Security research & writeups

Bug-bounty writeups, VAPT methodology deep-dives and notes from the field by Abhishek Bhaskar (Abhi HackZ).

Bug Bounty

Chaining an IDOR into Full Account Takeover

How a low-severity IDOR escalated into full account takeover during a private engagement.

Jan 20, 2026 · 6 min · read →
AI

Prompt Injection in Agentic Workflows

How tool-calling agents leak data and execute unintended actions — and how to test for it.

Jan 10, 2026 · 8 min · read →
Recon

Building a Recon Pipeline That Scales

From subdomain enumeration to live triage — the methodology behind my automation framework.

Dec 28, 2025 · 7 min · read →