web

A collection of 10 posts

ctf

SekaiCTF'24 htmlsandbox - Author Writeup

HTML parsing differentials are fun!

research

Cookie Bugs - Smuggling & Injection

Research on how browsers encode & send cookies, how they are parsed by various web frameworks, and some bugs

ctf

SECCON CTF 2022 Finals

Winning SECCON Finals, writeups, and some Tokyo pictures.

ctf

DiceCTF 2023 writeups

writeups for the challenges I wrote for dicectf 2023

research

Overlong Sec-Required-CSP header: CVE-2021-37989

abusing long http headers for cache probing

research

The Closed Shadow DOM

a bit of research on security of the shadow DOM

web

PlaidCTF 2021 - wowza - web (350pt)

race condition + prototype pollution + SSRF via fetch() redirect

writeups

DragonCTF 2020 - Scratchpad (web)

Error-Based XS Leak

web

CSAW CTF Finals 2019 - easiest crackme - Web (100,300,300 pt)

Exploiting a chrome extension that allows you to debug binaries via RPC

web

Pwning PHP CTF Challenges

Short list and collection of links to learn about vulns used in PHP CTF Challenges