Who I Am

I’m Youssef Elsayyad — a Software Engineering student at McMaster University (B.Eng, class of 2028) and an active bug bounty hunter since 2021. I go by agentgeneric on HackerOne and TryHackMe.

I focus on web application security — finding and responsibly disclosing vulnerabilities in real-world production apps. My work spans XSS (stored and reflected), SQL injection, IDOR, CSRF, LFI/RFI, authentication bypass, business logic errors, and privilege escalation.

Beyond web, I’ve been expanding into Android application security through dedicated coursework and hands-on research.

What You’ll Find Here

  • Bug bounty writeups — detailed breakdowns of vulnerabilities I’ve reported through HackerOne, published after resolution and disclosure approval
  • Methodology posts — how I approach recon, manual testing, and exploitation
  • CTF writeups — solutions to challenges from TryHackMe and other platforms
  • Tools & techniques — anything useful I’ve picked up along the way

Technical Background

  • Offensive Security: XSS (stored/reflected), SQLi, CSRF, IDOR, LFI/RFI, authentication bypass, business logic flaws, privilege escalation
  • Reconnaissance: Nmap, Burp Suite, directory/subdomain fuzzing, OSINT
  • Exploitation & Testing: Burp Suite, Metasploit, Netcat, Hydra
  • Languages: Java, C#, Python, Bash
  • Frameworks/APIs: GraphQL, REST, SOAP
  • Environments: Kali Linux, Debian, Windows

Projects

Ultrasonic Obstacle Detection System — Designed and prototyped an Arduino-based assistive navigation device using ultrasonic sensing for real-time haptic feedback, built with a collaborative engineering team at McMaster.

Contact

This blog is built with Hugo + PaperMod and hosted on GitHub Pages.