00·operator profile

xclow3n

breaks stuff for fun & profit.
also writes about it, sometimes.

research·writeups·ctf·web

handlexclow3nrolesr. content engineeratHack The Box

online· receiving

02·archive06 entries·since 2024·latest march 2026

grimoire

quickhacks, research, writeups.

filter:

latest2026.03·research

Testing AI for Vulnerability Research: 4 Approaches & Where I Failed→

Tested 4 AI-assisted approaches for finding vulnerabilities over one week. Found real bugs - 14 confirmed vulns in one target in 20 minutes. Also burned time on an approach that found nothing useful. Honest breakdown of what worked and what didn't.

#AI#Vulnerability Research#SAML#HTTP Smuggling#Security

2026.03·research

Breaking Pingora: HTTP Request Smuggling & Cache Poisoning in Cloudflare's Reverse Proxy

#HTTP Smuggling#Cache Poisoning#Cloudflare#Pingora+1

→

2024.11·research

xclow3n

grimoire

Testing AI for Vulnerability Research: 4 Approaches & Where I Failed→

Breaking Pingora: HTTP Request Smuggling & Cache Poisoning in Cloudflare's Reverse Proxy

HTML Sanitize Bypass Using MXSS

Email Parser Discrepancy in Nodemailer

Intergalactic Bounty - HTB University CTF 2024

EncoDecept - HTB University CTF 2024