Blog
10/11/25
DQL Injection & SOME Attack
SMS v2 Challenge | CyCTF 2025
09/11/25
SROP, Stack Pivot & FSOP
Pwn Challenges | CyCTF 2025
24/09/25
Linux Command Injection
Official Writeup: Mushroom Hates Letters | IEEE Finals 2025
20/09/25
CSP Bypass via XSS
Official Writeup: Disapproved | IEEE 2025
18/09/25
Chaining 6 Bugs to RCE
Official Writeup: Full Stack Disaster | ConnectorsCTF 2025
18/09/25
Data Exfiltration via DNS
Official Writeup: cat flag.png | ConnectorsCTF 2025
13/09/25
SQL Injection & JWT Exploitation
Official Writeup: The Promotion | ConnectorsCTF 2025
12/09/25
OSINT Investigation Techniques
Official Writeup | ConnectorsCTF 2025
12/09/25
Command Injection via Source Review
Official Writeup: Flags in the Air | ConnectorsCTF 2025
21/08/25
CSS Injection & Command Injection
Official Writeup: Stylish Boss | CAT CTF 2025
03/08/25
SQL Injection & Git Exposure
Unseen Path | ASC Cyber WarGames
29/04/25
SSTI, SQLi & Path Traversal
5 Web Challenges | CIT CTF 2025
20/04/25
React Router Tricks & Source Review
Web Challenges | b01lersCTF 2025
03/03/25
SSRF, GraphQL & Cache Deception
7 Web Challenges | Fawazeer Cyber 2025
01/03/25
API Race Conditions & Wireshark
Methodology Walkthrough | ApoorvCTF 2025
20/02/25
JWT Alg Confusion & Race Condition
2FA Bypass | NextGen Defence CTF 2025
16/12/24
JWK Forgery & OTP Bypass
Breaking Bank | HTB University CTF 2024
03/11/24
SQL Injection via PHP Filter Chains
SMS Challenge | CyCTF 2024
03/11/24
Command Injection
Vending Machine | CyCTF 2024
05/10/24
Request Smuggling, SSRF & Git
Web Challenge Collection | Iron CTF 2024
12/09/24
S3 Bucket Versioning Exploitation
BucketWars | CSAW CTF 2024