root@adham : ~ $ ./welcome
Welcome !
└──╼ $ web exploitation / ctf / bug bounty hunting
[currently]Learning CWES
[open to]CTF team trials / mentorship / collabs
catlatest_posts.txt
ls -la /blog →2026.05.315 min read
BYUCTF: Power Tower
Multi-prime RSA where every factor is ≤ 2^16 and the exponent is a 25-high right-associative power tower. Factoring is trivial trial division; the real trick is inverting the tower via Euler's theorem applied recursively. The whole modulus chain stays 2^16-smooth.
2026.05.314 min read
BYUCTF: Mixed Signals
Two Go binaries: a process that turns 15 OS signals into VM opcodes via signal.Notify, and a driver that sends it 1817 signals. Recover the ISA from the dispatch, scrape the unrolled signal list, and since the VM is straight-line, let z3 hand you the flag.
2026.05.315 min read
BYUCTF: Angr Management
The name baits you toward symbolic execution. But a 'maze of gotos' built from literal cmp-imm → jmp edges is a static CFG. Parse the disassembly, BFS room 0 to the win room, replay 72 moves. No SMT, instant.
catlatest_notes.txt
ls -la /notes → 2026.04.06 [cwes] HTB Study Notes: OS Command Injection (CWE-78) → 2026.03.31 [general] Back-End Servers & Stacks → 2026.03.31 [general] Web Application Layout → 2026.03.31 [general] Access Control — Vertical, Horizontal & Context-Dependent → 2026.03.31 [general] Web Requests — GET, Basic Auth, Parameters →