Writeup for the Invisible Ink challenge from 0xL4ugh CTF V5. An Easy Misc challenge involving stegonography using Unicode Tag Characters, Zlib decompression, and Ascii85 decoding.
Penetration test report for the CodePartTwo machine on Hack The Box. Exploiting a critical PySandbox escape in js2py and leveraging a config race condition for privilege escalation.
Penetration test report for the Conversor machine on Hack The Box. A Linux target involving arbitrary file write, cron job exploitation, and sudo privilege escalation.
Forensics challenge involving PCAP analysis, malware reverse engineering, and XOR decryption to recover exfiltrated files
Crypto challenge involving Mersenne Twister (MT19937) state recovery (untempering) to predict future dice rolls.
Crypto challenge involving a custom nonlinear filter generator (LFSR) broken via algebraic attack using Z3 solver.
A trilogy of Web Security challenges focusing on WAF bypasses, SQL Injection chains, and SSTI to achieve RCE without using quotes or periods.
