web

A collection of 8 posts

ctf

SECCON CTF 2022 Finals

Winning SECCON Finals, writeups, and some Tokyo pictures.

ctf

DiceCTF 2023 writeups

writeups for the challenges I wrote for dicectf 2023

research

Overlong Sec-Required-CSP header: CVE-2021-37989

abusing long http headers for cache probing

research

The Closed Shadow DOM

a bit of research on security of the shadow DOM

web

PlaidCTF 2021 - wowza - web (350pt)

race condition + prototype pollution + SSRF via fetch() redirect

writeups

DragonCTF 2020 - Scratchpad (web)

Error-Based XS Leak

web

CSAW CTF Finals 2019 - easiest crackme - Web (100,300,300 pt)

Exploiting a chrome extension that allows you to debug binaries via RPC

web

Pwning PHP CTF Challenges

Short list and collection of links to learn about vulns used in PHP CTF Challenges