Writeup for Bank Heist from BITSCTF 2026. A hard blockchain challenge exploiting missing program_id checks in CPI verification.
Writeup for SafePaste from BITSCTF 2026. A hard web challenge escaping DOMPurify via server-side mXSS and String.prototype.replace() template injection.
Writeup for No JS from Daily Alpacahack 2026 #28. A Hard Web challenge involving CSP bypass using Dangling Markup.
Writeup for ToyPQC from Daily Alpacahack 2026 #27. A Hard Crypto challenge involving LWE with small error space vulnerable to brute-force.
Writeup for the SpiralFloat challenge from 0xL4ugh CTF V5. A Hard Crypto challenge involving chaotic map inversion using Interval Arithmetic and Depth-First Search (DFS).
A detailed writeup for the House of Illusions challenge from 0xL4ugh CTF V5. A Hard Blockchain/Smart Contract Security challenge involving proxy patterns, ABI encoding exploits, and compiler differences.
