PinnedHacking the University in a Few StepsEscalating a Wrong Date to Get Code ExecutionApr 18, 202210Apr 18, 202210
ExamSys — Multiple SQL InjectionsExamSys is an open source online exam system. During a routine scan through GitHub, this repository was found vulnerable to multiple SQL…Jan 14Jan 14
Till Breach Do Us Part: The Uninvited Guest at Your WeddingPicture this: you’ve just had the perfect wedding. The vows were spoken, the dance floor was packed, but something was wrong...Aug 5, 2023Aug 5, 2023
Published inInfoSec Write-upsClique Writeup — ångstromCTF 2022Mutation XSS in DOMPurify and markedMay 5, 2022May 5, 2022
Published inInfoSec Write-upsIntigriti — XSS Challenge 0621XSS via WebAssemblyJun 27, 2021Jun 27, 2021
Published inInfoSec Write-upsIntigriti — XSS Challenge 0321XSS with CSRF BypassMar 28, 20212Mar 28, 20212
Published inInfoSec Write-upsPost Office — DaVinciCTF — WriteupA conversation with a pirateMar 14, 2021Mar 14, 2021
Published inInfoSec Write-upsDaVinciCTF — Web Challenges — WriteupThis weekend, I had the pleasure to play the DaVinci CTF and score first place with my team FAUST. It was great fun and a good quality CTF…Mar 14, 2021Mar 14, 2021