Writeup for Append Note from LA CTF 2026. A Web challenge involving Reflected XSS, Prefix Oracle, and CORS misconfiguration.
Writeup for Blogler from LA CTF 2026. A Web challenge involving YAML anchor aliasing and post-validation mutation.
Writeup for Bobles and Narnes from LA CTF 2026. A Web challenge involving Bun SQL bulk insert injection and type confusion.
Writeup for Clawcha from LA CTF 2026. A Web challenge involving cookie-parser deserialization and identity confusion.
Writeup for Glotq from LA CTF 2026. A Web challenge involving Go JSON vs YAML parser differentials.
Writeup for Narnes and Bobles from LA CTF 2026. A Web challenge involving JavaScript type coercion and string concatenation vulnerability.
Writeup for Invoice Generator from LA CTF 2026. A Web challenge involving PDF generation and SSRF via XSS.
Writeup for The Clock from LA CTF 2026. A Crypto challenge involving Diffie-Hellman over a clock group and Pohlig-Hellman attack.
