Writeup for SafePaste from BITSCTF 2026. A hard web challenge escaping DOMPurify via server-side mXSS and String.prototype.replace() template injection.
Writeup for Super DES from BITSCTF 2026. An easy crypto challenge involving a triple DES implementation vulnerability.
Writeup for Breathing Void from EHAX CTF 2026. A miscellanious forensics challenge involving isolating covert timing channels from huge pcap noise.
