Internal domain names: What are you hiding and what are you leaking?Incorrect configuration of your corporate domains may lead to information disclosure.Sep 23, 2022Sep 23, 2022
HTB Business CTF 2022 — TradeAWS access key compromise, 2FA circumvention, and DynamoDB injection in a single challenge.Jul 22, 2022Jul 22, 2022
HTB Cyber Apocalypse 2021 — emoji votingThis was a 2-star challenge in the web category of the Cyber Apocalypse 2021 CTF. Also serves as an introduction to blind SQL injection.Apr 24, 2021Apr 24, 2021
HTB Cyber Apocalypse 2021 — SoulCrabberSoulCrabber and SoulCrabber 2 were related challenges in the crypto category of the Cyber Apocalypse 2021 CTF, organised by Hack The Box…Apr 24, 2021Apr 24, 2021
Docker breakout: SINCON 2020 Wonderland CTFThink twice before sharing namespaces and granting additional capabilities to Docker containers.Jan 3, 2021Jan 3, 2021
Stealing Bob’s ideaThis is another writeup of one of the challenges in GovTech CSG’s STACK the Flags CTF. This one appeared to be relatively easy once the…Dec 9, 2020Dec 9, 2020
Reverse engineering an invitationOver the last weekend I had the opportunity to take part in the STACK the Flags CTF organised by the GovTech Cyber Security Group…Dec 8, 2020Dec 8, 2020