An exciting web challenge involving a file write vulnerability through upload functionality and authentication bypass using sha.js hash rewinding attack. A deep dive into exploiting CVE-2025-9288 in sha.js library.

In Dumbledore's absence, Harry's memory fades, leaving crucial words lost. Delve into the arcane world, harness the power of JSON, and unveil the hidden spell to restore his recollection. Can you help harry yo find path to salvation?

This app contains some unique keys. Can you get one?

A secret lies hidden, protected by layers of logic and scattered clues. Your task is to uncover these fragments, piece them together, and solve the mystery. It’s a challenge of patience, creativity, and determination. Can you reveal the secret?

Bypassing root detection and TLS verification in a Flutter Android app to intercept HTTPS traffic - a mobile security CTF challenge walkthrough

This is a writeup for one of the CTF challenges I participated in. Interesting RCE with custom crafted POC to workaround child_process

A detailed breakdown of Account Takeover — from initial recon to exploiting a critical security misconfiguration that led to full admin access.