How We Owned Every FantaSanremo Account in 2 HTTP Requests
A NoSQL injection in AppFactory's shared auth code hit the entire Fanta suite: FantaSanremo, FantaMasterChef, FantaOlimpiadi, FantaGiro. Any account, any platform, 0-click.
How We Broke McDonald's Italy From the Inside Out
An in-depth write-up on automating the anniversary Snake game, reversing client-side validation, and uncovering major auth and WebView bridge flaws.
Fix 'Failed to Open \efi\ubuntu\' GRUB Error on Linux Mint
Step-by-step guide to resolve GRUB bootloader failures on older Linux Mint systems by reinstalling without UEFI Secure Boot.
The Magic Behind ShowHiddenChannels: How Discord Accidentally Reveals Everything
ShowHiddenChannels works because Discord sends all channels to your client by default. A simple permission override reveals them all.
How to get your Genshin Impact UID without opening the game
Retrieve your UID directly from the browser using developer tools without needing to launch the full game client.
Free Nuggets
How a team reverse-engineered a fast-food game, exploited client-side logic for immortal runs, and still won a year of free nuggets.