Security research & writeups
Bug-bounty writeups, VAPT methodology deep-dives and notes from the field by Abhishek Bhaskar (Abhi HackZ).
Bug Bounty
Chaining an IDOR into Full Account Takeover
How a low-severity IDOR escalated into full account takeover during a private engagement.
Jan 20, 2026 · 6 min · read →
AIPrompt Injection in Agentic Workflows
How tool-calling agents leak data and execute unintended actions — and how to test for it.
Jan 10, 2026 · 8 min · read →
ReconBuilding a Recon Pipeline That Scales
From subdomain enumeration to live triage — the methodology behind my automation framework.
Dec 28, 2025 · 7 min · read →