Xeunwa
2024
Huntress CTF 2024 - writeups
PyYAML, ZipSlip, SQLi to pickleRCE, Timing Attack
NahamCon CTF 2024 - writeups
WebDav, A lot of Brute-forcing + Wordpress whitebox
TBTL CTF 2024 - web(4x) writeups
indexedDB, LFI, CSV, Boolean-based Neo4j Injection
UMDCTF 2024 - web(2x) writeups
Abusing API business logic to get rich
UMassCTF 2024 - web(3x) writeups
CMD injection, HTTP, Header injection
b01lers CTF 2024 - writeups
Bash jails, Blind XSS & CMD injection, etc.
osu!gaming CTF 2024 - osint/time-traveler
OSINT, IDOR + Binary Search
2023
pingCTF 2023 - web(4x) writeups
User-Agent, Path Traversal, Blind XSS
cakeCTF 2023 - web/CountryDB
SQLi through length validation
Hack the Boo 2023 - web(2x) writeups
Basic SSRF and Go SSTI + LFI
HSCTF10 - web/Very Secure
Brute-force flask token, Lack of complexity
picoCTF 2023 - web(2x) writeups
SQLi/sqlite and Java Code Review