Full CTF Writeup (Web: CorpMail, The Soldier of God Rick | Misc: JinJail | Forensics: Log, Tattletale | Reverse: Bunaken | Blockchain: tge, Convergence, Nexus)
Stored XSS and Critical Information Disclosure via Laravel Debug Mode
Static 64-bit binary abusing a hidden ROP chain in the .data section, stack pivot via lea rsp, chained gadgets for flag validation, and full reverse engineering of a static ELF.
Full Web Exploitation Writeup (SSRF → HAProxy Bypass → MongoDB Wire Protocol → Neo4j Cypher Injection → Command Injection → RCE)
Stored XSS exploitation via polyglot WAV file upload, strict CSP bypass using script-src self, Puppeteer admin bot abuse, and flag exfiltration through agent-controlled fields.