Hi, I'm JM Sanchez!

Ethical Hacker | Bug Bounty Hunter | CTF Player |
TryHackme Top 1%


18 years old, studying Mobile App and Web Development at STI Novaliches SHS. I've been doing Website Penetration Testing and Bug Bounty since 2020. Ask me anything!




Get In Touch

System.out.println("About me");

Things worth knowing about me:

  1. Lives at NCR, Philippines
  2. Male
  3. 18 y/o
  4. Likes to hack things legally
  5. Also likes to do photography
  6. My Favorite series is Mr. Robot
  7. DICT-NCERT HackForGov2 NCR Qualifiers 1st Runner Up

Codes HTML, CSS, JavaScript, PHP, MySQL, Python, Java

Education

Caloocan National Science and Technology High School

Junior High School 2017 - 2021

CodeStack.ph CyberSecurity & Ethical Hacking Training

Bootcamp 2020 | See Certificate

STI College Novaliches - IT in Mobile App and Web Development

Senior High School 2022 - Present

Certified AppSec Practicioner (CAP)

The SecOps Group Issued February 2023

Jr Penetration Tester Learning Path

TryHackMe Issued April 2023

Experiences

Bypassing Content Security Policy Leads to Open-Redirect and Iframe Scripting

Stripo Inc. - Hackerone 2021

Blind User-Agent SQL Injection to Blind Remote OS Command Execution at Sony

Sony Music - Hackerone 2021

Found XSS and IDOR Security Vulnerabilities - $$$

Chargezoom Integrated Payments Platform BBP 2021

Found Multiple Critical Payment System Vulnerabilities - $$$$

Chargezoom Integrated Payments Platform BBP 2022

Solved Intigriti's February XSS Challenge

Intigriti - Europe's #1 Bug Bounty Platform 2022

Blog

How I Escalated a Time-Based SQL Injection to RCE

Good day everyone! I hope all of you are doing well. Today, I will be sharing one of my report on Sony, a public program on Hackerone

Read More

Playing With iframes: Bypassing Content-Security-Policy

Today I'll be sharing how I found my first bug in a bug bounty program. I hope you'll learn something or at least be entertained about the story I will be telling in a few seconds.

Read More

Intigriti's February XSS Challenge Walkthrough

Today, I will be sharing my solution on Intigriti's February XSS Challenge 0222. It is titled XSS (eXtremely Short Scripting) Game. It hints that there might be some twists that require us to use as least as possible characters

Read More

Get in Touch