2023-08-01
In February 2023, I got hired to do a whitebox pentest of a PHP web app. The redacted report can be found here [PDF].
2023-08-01
In February 2023, I got hired to do a whitebox pentest of a PHP web app. The redacted report can be found here [PDF].
2024-04-07
In March 2023, I got the opportunity to identify and report a stored XSS vulnerability in Apache Archiva 2.2.9. The vulnerability got awarded CVE-2023-28158.
A zero-day web challenge for hxp CTF 2022 targeting Apache Archiva 2.2.9. The challenge is based on a vulnerability I discovered which was assigned CVE-2023-28158. [challenge, writeup]
A challenge for hxp CTF 2022 using the prototype pollution discussed in the challenge 2linenodejs as a way to obfuscate NodeJS code. [challenge, writeup]
A web challenge for hxp CTF 2022 focusing on a insecure design choice in sqlite-web leading to remote code execution. Remains unfixed. [challenge, writeup]
A web challenge for hxp CTF 2022 exploring ejs 3.1.8 after CVE-2022-29078 was fixed. [challenge, short writeup, extended writeup]
A misc challenge for hxp CTF 2021 inspired by baba is you written in C for Gameboy. [challenge, scoreboard, source, writeup]
A gameboy challenge for hxp CTF 2020 written in C. Reverse the game and find the chicken. [challenge, scoreboard, source, solution run]
My writeup to a challenge from Insomni'hack 2022 about breaking PDF signatures using JavaScript.
My writeup to a python sandbox escape from 0CTF 2021 Quals.
My writeup for a PHP sandbox escape from 0CTF 2020 Quals.
My totally serious guide of how to "hack hex with hyx" solving a challenge of PlaidCTF 2020.
My writeup for a challenge at Teaser Dragon CTF 2019 about reversing a PCAP to find pressed buttons of an XBOX controller.
Don't like the style of my website? Redesign it yourself!