// Security Research & CTF

Hack. Break. Document.

In-depth CTF writeups, vulnerability research, and exploit development. Every challenge broken down step by step — from recon to root.

Browse Writeups About Me

Coverage

Topics and techniques documented across all writeups

Web Pwn Crypto Reversing Mobile SQL Injection SSTI JWT Attacks Path Traversal Phar Deserialization SSRF ROP Chains Format String Stack Pivoting Canary Brute-Force Cache Poisoning XSS Class Pollution Gröbner Basis Custom ISA Android Forensics

Latest Writeups

Most recently published

Roulette

CRYPTO Retired Insane

Custom MT19937-variant (N=128, M=30) outputs mod 32. Recover 4096 state bits via GF(2) Gaussian elimination over 768 observed spins, predict all future rolls, win 10 trillion coins.

Read Writeup →

ApexSurvive

WEB Retired Insane

Race condition on email verification → CSS injection leaks admin CSRF token → DOM clobbering hijacks service worker → admin cookie exfiltrated → PDF path traversal writes uwsgi.ini → RCE.

Read Writeup →

Last Resort

PWN Retired Insane

Sort comparator function used as a code-pointer oracle to leak PIE, then swapped for printf to leak libc + canary, then scanf overwrites stack with ROP chain to achieve shell via stack pivot.

Read Writeup →

View All Writeups →