Code Review
2024
NahamCon CTF 2024 - writeups
WebDav, A lot of Brute-forcing + Wordpress whitebox
TBTL CTF 2024 - web(4x) writeups
indexedDB, LFI, CSV, Boolean-based Neo4j Injection
UMassCTF 2024 - web(3x) writeups
CMD injection, HTTP, Header injection
b01lers CTF 2024 - writeups
Bash jails, Blind XSS & CMD injection, etc.
2023
BackdoorCTF - web/Too Many Admins
PHP Hash Cracking and Brute Force
pingCTF 2023 - web(4x) writeups
User-Agent, Path Traversal, Blind XSS
cakeCTF 2023 - web/CountryDB
SQLi through length validation
Hack the Boo 2023 - web(2x) writeups
Basic SSRF and Go SSTI + LFI
TryHackMe - Glitch
API Fuzzing to RCE (NodeJS)
TryHackMe - Cyborg
Borg Backups, some Bash Code Review
TryHackMe - Mother's Secret
ExpressJS Code Review
TryHackMe - Tokyo Ghoul
File Analysis, Path Traversal, privesc:Python Jail
HSCTF10 - web/Very Secure
Brute-force flask token, Lack of complexity
TryHackMe - Git Happens
Password exposure in git commit
picoCTF 2023 - web(2x) writeups
SQLi/sqlite and Java Code Review