Spread operator leading to XSS
Writeup for the Web Utils chall in DiceCTF 2021.
Posts by Tag
- CTF 15
- VULNCON CTF 2020 11
- Web 5
- Misc 3
- Memory Forensic 3
- Linux 3
- Kernel 3
- Docker 2
- OOP 2
- Node.js 2
- Forensic 2
- QEMU 2
- Android 1
- Hacker101 1
- Express.js 1
- Javascript 1
- TypeScript 1
- tsc 1
- SQL Injection 1
- CTFLearn 1
- Data Science 1
- Machine Learning 1
- Data Analysis 1
- Classification 1
- Regression 1
- Car Hacking 1
- OSINT 1
- Cryptography 1
- SOLID 1
- Portugues 1
- PHP 1
- TetCTF 2021 1
- Malware 1
- DiceCTF 2021 1
CTF
Reading files in PHP without numbers, quotes, spaces and most other symbols
Writeup for the HPNY Web chall from TetCTF 2021.
VULNCON CTF 2020 - Phishy Email writeup
Writeup for the Phishy Email chall from VULNCON CTF 2020.
VULNCON CTF 2020 - USB Device writeup
Writeup for the USB Device chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Game Over writeup
Writeup for the Game Over chall from VULNCON CTF 2020.
VULNCON CTF 2020 - can_you_c_the_password? writeup
Writeup for the can_you_c_the_password? chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Compromise writeup
Writeup for the Compromise chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Attack writeup
Writeup for the Attack chall from VULNCON CTF 2020.
VULNCON CTF 2020 - T1G3R writeup
Writeup for the T1G3R chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Pcaped writeup
Writeup for the Pcaped chall from VULNCON CTF 2020.
VULNCON CTF 2020 - All I know was zip writeup
Writeup for the All I know was zip chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Find the Coin writeup
Writeup for the Find the Coin chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Maze writeup
Writeup for the Maze chall from VULNCON CTF 2020.
CTFLearn Inj3ction Time Writeup
SQL Injection challenge from CTFLearn. This challenge consists of a forms that is vulnerable to SQL injection.
Hacker101 Oauthbreaker Writeup
Android challenge from the Hacker101 CTF. This challenge consists of an application with a simple Oauth authentication using WebViews.
VULNCON CTF 2020
VULNCON CTF 2020 - Phishy Email writeup
Writeup for the Phishy Email chall from VULNCON CTF 2020.
VULNCON CTF 2020 - USB Device writeup
Writeup for the USB Device chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Game Over writeup
Writeup for the Game Over chall from VULNCON CTF 2020.
VULNCON CTF 2020 - can_you_c_the_password? writeup
Writeup for the can_you_c_the_password? chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Compromise writeup
Writeup for the Compromise chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Attack writeup
Writeup for the Attack chall from VULNCON CTF 2020.
VULNCON CTF 2020 - T1G3R writeup
Writeup for the T1G3R chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Pcaped writeup
Writeup for the Pcaped chall from VULNCON CTF 2020.
VULNCON CTF 2020 - All I know was zip writeup
Writeup for the All I know was zip chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Find the Coin writeup
Writeup for the Find the Coin chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Maze writeup
Writeup for the Maze chall from VULNCON CTF 2020.
Web
Spread operator leading to XSS
Writeup for the Web Utils chall in DiceCTF 2021.
Analyzing a malicious redirect in a Brazilian university website
University of São Paulo website was redirecting visitors to a malicious page. Here is how I analyzed it.
Reading files in PHP without numbers, quotes, spaces and most other symbols
Writeup for the HPNY Web chall from TetCTF 2021.
VULNCON CTF 2020 - Maze writeup
Writeup for the Maze chall from VULNCON CTF 2020.
CTFLearn Inj3ction Time Writeup
SQL Injection challenge from CTFLearn. This challenge consists of a forms that is vulnerable to SQL injection.
Misc
VULNCON CTF 2020 - T1G3R writeup
Writeup for the T1G3R chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Pcaped writeup
Writeup for the Pcaped chall from VULNCON CTF 2020.
VULNCON CTF 2020 - All I know was zip writeup
Writeup for the All I know was zip chall from VULNCON CTF 2020.
Memory Forensic
VULNCON CTF 2020 - Phishy Email writeup
Writeup for the Phishy Email chall from VULNCON CTF 2020.
VULNCON CTF 2020 - USB Device writeup
Writeup for the USB Device chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Game Over writeup
Writeup for the Game Over chall from VULNCON CTF 2020.
Linux
Creating my own /dev/null
How I implemented a very simple /dev/null for learning about device drivers
Linux kernel QEMU setup
Compiling your own Linux kernel and running it on QEMU.
Linux Kernel stuck in QEMU: Decompressing Linux… Parsing ELF… forever
Decompressing Linux… Parsing ELF… And nothing happens! What to do when a Linux Kernel does not work in QEMU.
Kernel
Creating my own /dev/null
How I implemented a very simple /dev/null for learning about device drivers
Linux kernel QEMU setup
Compiling your own Linux kernel and running it on QEMU.
Linux Kernel stuck in QEMU: Decompressing Linux… Parsing ELF… forever
Decompressing Linux… Parsing ELF… And nothing happens! What to do when a Linux Kernel does not work in QEMU.
Docker
Docker volumes consuming a lot of space
Use the –rm flag to stop Docker from keeping useless volumes from your containers.
How to stop Docker exposing your containers to the world
See how to avoid exposing you container’s ports and secure your applications from external access.
OOP
Princípio da Responsabilidade Única
Uma rápida introdução ao S do S.O.L.I.D.
Do I need so many gets and sets in my class?
People prefer things that are easy to use. Use abstractions to hide the hard stuff from the users and allow everyone to enjoy what you create.
Node.js
IDOR vulnerability in a personal project API
The REST API I am building as a personal project had an IDOR vulnerability. Here is what I learned from it.
Express.js router error ‘Cannot GET /something’
How I fixed this simple error when implementing an MVC architecture in Node.js
Forensic
VULNCON CTF 2020 - Compromise writeup
Writeup for the Compromise chall from VULNCON CTF 2020.
VULNCON CTF 2020 - Attack writeup
Writeup for the Attack chall from VULNCON CTF 2020.
QEMU
Linux kernel QEMU setup
Compiling your own Linux kernel and running it on QEMU.
Linux Kernel stuck in QEMU: Decompressing Linux… Parsing ELF… forever
Decompressing Linux… Parsing ELF… And nothing happens! What to do when a Linux Kernel does not work in QEMU.
Android
Hacker101 Oauthbreaker Writeup
Android challenge from the Hacker101 CTF. This challenge consists of an application with a simple Oauth authentication using WebViews.
Hacker101
Hacker101 Oauthbreaker Writeup
Android challenge from the Hacker101 CTF. This challenge consists of an application with a simple Oauth authentication using WebViews.
Express.js
Express.js router error ‘Cannot GET /something’
How I fixed this simple error when implementing an MVC architecture in Node.js
Javascript
IDOR vulnerability in a personal project API
The REST API I am building as a personal project had an IDOR vulnerability. Here is what I learned from it.
TypeScript
tsc: How to copy non-TypeScript files when building
tsc does not provide a way to copy non-TypeScript files during build. Here is how to set up a script to do this in a Node.js project.
tsc
tsc: How to copy non-TypeScript files when building
tsc does not provide a way to copy non-TypeScript files during build. Here is how to set up a script to do this in a Node.js project.
SQL Injection
CTFLearn Inj3ction Time Writeup
SQL Injection challenge from CTFLearn. This challenge consists of a forms that is vulnerable to SQL injection.
CTFLearn
CTFLearn Inj3ction Time Writeup
SQL Injection challenge from CTFLearn. This challenge consists of a forms that is vulnerable to SQL injection.
Data Science
Campus Recruitment
Data science project for the Campus Recruitment problem - How to choose the best MBA and land a great job?
Machine Learning
Campus Recruitment
Data science project for the Campus Recruitment problem - How to choose the best MBA and land a great job?
Data Analysis
Campus Recruitment
Data science project for the Campus Recruitment problem - How to choose the best MBA and land a great job?
Classification
Campus Recruitment
Data science project for the Campus Recruitment problem - How to choose the best MBA and land a great job?
Regression
Campus Recruitment
Data science project for the Campus Recruitment problem - How to choose the best MBA and land a great job?
Car Hacking
Car Hacking
An overview of the car hacking scenario in the last decade.
OSINT
VULNCON CTF 2020 - Find the Coin writeup
Writeup for the Find the Coin chall from VULNCON CTF 2020.
Cryptography
VULNCON CTF 2020 - can_you_c_the_password? writeup
Writeup for the can_you_c_the_password? chall from VULNCON CTF 2020.
SOLID
Princípio da Responsabilidade Única
Uma rápida introdução ao S do S.O.L.I.D.
Portugues
Princípio da Responsabilidade Única
Uma rápida introdução ao S do S.O.L.I.D.
PHP
Reading files in PHP without numbers, quotes, spaces and most other symbols
Writeup for the HPNY Web chall from TetCTF 2021.
TetCTF 2021
Reading files in PHP without numbers, quotes, spaces and most other symbols
Writeup for the HPNY Web chall from TetCTF 2021.
Malware
Analyzing a malicious redirect in a Brazilian university website
University of São Paulo website was redirecting visitors to a malicious page. Here is how I analyzed it.
DiceCTF 2021
Spread operator leading to XSS
Writeup for the Web Utils chall in DiceCTF 2021.