Writeup for Stateless Auth from Daily Alpacahack 2026 #25. A Medium Web challenge involving Flask, Information Disclosure of JWT secrets, and Token Forgery.
Detailed writeup for the 4llD4y challenge from 0xL4ugh CTF V5. A Medium Web challenge involving Prototype Pollution (CVE-2023-26135), happy-dom configuration override, and VM sandbox escape.
Writeup for the HashCashSlash challenge from 0xL4ugh CTF V5. A Medium Misc challenge involving restricted shell escape and local privilege escalation via hidden socat service.
