This year, I was asked to write some Web challenges for the Serbian Cybersecurity Challenge Qualifications - it was a really fun experience hosting a CTF after a long time :)
-
posts
-
SCC2024 CTF Quals - Author Writeup
-
Nullcon HackIM CTF 2023 Web Writeups
Last week, I participated in the Nullcon HackIM CTF 2023 with
1/0
(formerly team zh3r0). -
Taking Over an Entire Organization - A Journey Through Multiple Bugs [Collab w/@Hacktus]
- This was a collaboration blog post, feel free to give it a read at Hacktus’s blog :)
-
Notes on (in)secure Java Deserialization
The goal of this writeup is to give a quick walkthrough of practical scenarios of Deserialization vulnerabilities that arise in many programming languages, specifically Java in our case, and how we can go from using a simple pre-built gadget chain to writing our own custom gadget chains and eventually gaining code execution on a target server.
-
Intigriti-0722 July XSS Challenge Writeup
The Intigriti July XSS challenge was a great challenge created by antonvroemans which included a quite funny bug de-escalation from an SQL injection to an XSS with a CSP bypass. Leaving that aside, it was a great chance to practice skills in multiple attack vectors and improve.
-
CVE-2021-32172 - Maian Cart RCE
This issue was found back in around november 2020 by me and my friend who would rather not come out publicly with his name, so let’s call him purpl3 (his wish :D).