A picoCTF web challenge focused on weak client-side authentication, where the valid credentials are exposed in a JavaScript file.

A picoCTF web challenge where exposed session data allows us to replace our cookie with an admin session and access the flag.

A picoCTF web challenge that demonstrates server-side template injection in a Flask application and leads to file disclosure through template execution.

A quick picoCTF web challenge where the flag is hidden inside a JavaScript bookmarklet and can be recovered by understanding the client-side decryption logic.

A beginner-friendly picoCTF web challenge where the flag is hidden in page source as Base64-encoded data.

An OSINT challenge writeup that traces a real Interpol Red Notice subject through public company records to identify a last known 2015 address.

A simple TryHackMe writeup for Operation Takeover covering Nmap, UDP discovery, SNMP enumeration, and reading the root flag through the NET-SNMP-EXTEND feature.

A simple Hack The Box writeup for Cap covering Nmap enumeration, an IDOR issue in PCAP snapshots, credential recovery from FTP traffic, SSH access, and privilege escalation through Linux capabilities.