Xeunwa

Huntress CTF 2024 - writeups PyYAML, ZipSlip, SQLi to pickleRCE, Timing Attack

NahamCon CTF 2024 - writeups WebDav, A lot of Brute-forcing + Wordpress whitebox

TBTL CTF 2024 - web(4x) writeups indexedDB, LFI, CSV, Boolean-based Neo4j Injection

UMDCTF 2024 - web(2x) writeups Abusing API business logic to get rich

UMassCTF 2024 - web(3x) writeups CMD injection, HTTP, Header injection

b01lers CTF 2024 - writeups Bash jails, Blind XSS & CMD injection, etc.

osu!gaming CTF 2024 - osint/time-traveler OSINT, IDOR + Binary Search

pingCTF 2023 - web(4x) writeups User-Agent, Path Traversal, Blind XSS

cakeCTF 2023 - web/CountryDB SQLi through length validation

Hack the Boo 2023 - web(2x) writeups Basic SSRF and Go SSTI + LFI

HSCTF10 - web/Very Secure Brute-force flask token, Lack of complexity

picoCTF 2023 - web(2x) writeups SQLi/sqlite and Java Code Review