Xeunwa
2024
HacktheNorth.ph / TCon7CTF
geosint,osint-leaks,php8.1.0-dev
Huntress CTF 2024
PyYAML, ZipSlip, SQLi to pickleRCE, Timing Attack
NahamCon CTF 2024
WebDav, A lot of Brute-forcing + Wordpress whitebox
TBTL CTF 2024
indexedDB, LFI, CSV, Boolean-based Neo4j Injection
UMDCTF 2024
Abusing API business logic to get rich
UMassCTF 2024
CMD injection, HTTP, Header injection
b01lers CTF 2024
Bash jails, Blind XSS & CMD injection, etc.
osu!gaming CTF 2024 - osint/time-traveler
OSINT, IDOR + Binary Search
2023
pingCTF 2023
User-Agent, Path Traversal, Blind XSS
cakeCTF 2023 - web/CountryDB
SQLi through length validation
Hack the Boo 2023
Basic SSRF and Go SSTI + LFI
HSCTF10 - web/Very Secure
Brute-force flask token, Lack of complexity
picoCTF 2023
SQLi/sqlite and Java Code Review