Archives
- 30 Aug TFC CTF 2025 Write Up
- 24 Aug Hitcon 2025 Note Write Up
- 16 Aug Sekai 2025 Write Up
- 03 Aug JustCTF 2025 Positive Players Write Up
- 15 Apr CSS Exfiltration via attr() + image-set() from Chrome 133
- 14 Sep ($10,890) What is XSS in the ML/AI ecosystem, not only web3.0?
- 05 Aug 0-Day, Copy and Paste ReDoS in github.com
- 26 Mar Line CTF 2023 Write Up
- 24 Mar HTB apocalypse CTF 2023 spybug Write Up
- 20 Mar b01lers CTF 2023 Write Up
- 19 Dec Express, RCE via File Extension Confusing ≤ V4.18.2
- 20 Nov Express, Querystring parameter limit of req.query
- 25 Sep CCE 2022 Write Up
- 23 Aug SSTF 2022 JWT Decoder Write Up
- 06 Jun Outlook, XSS Sanitizer flaw
- 16 May Dreamhack, Leak all write ups via IDOR
- 02 Apr 0-Day, Cross-Site Scripting via markdown syntax (Vditor)
- 27 Mar Line CTF 2022 Write Up
- 22 Mar Spring GoN Open Qual CTF 2022 Write Up
- 05 Mar Total.js CMS, Cross-Site Scripting
- 01 Mar Codegate 2022 Write Up
- 19 Feb NASA, Remote Code Excution (0-Day Exploit)
- 14 Feb Hayyim CTF 2022 Write Up
- 25 Jan Real World CTF 4th Hack into Skynet Write Up
- 30 Nov 0-Day, Prototype Pollution in utils.js
- 27 Sep DownUnderCTF 2021 Write Up
- 27 Sep CCE 2021 GS 25 Write Up
- 13 Sep Whitehat Contest 2021 Write Up
- 17 Aug InCTF 2021 Notepad 1.5 - Arthur's Article Write Up
- 05 Aug UIU CTF 2021 yana Write Up
- 01 Jun pwn2win CTF Illusion Write Up
- 18 May 3k CTF 2021 online_compiler Write Up
- 22 Mar Line CTF 2021 diveinternal Write Up
- 15 Mar UTCTF 2021 Tar Inspector Write Up
- 09 Mar zer0pts CTF 2021 Baby SQLi Write Up
- 01 Mar Trust CTF 2021 Write Up
- 09 Feb Dice CTF 2021 Write Up