Welcome !

└──╼ $ web exploitation / ctf / bug bounty hunting

[currently] Learning CWES

team: RootRunners

location: Cairo, Egypt

pgp: 0xDEADBEEF

read.blog() whoami

cat latest_posts.txt

Feb 9, 2026

ctfweb

TryHackMe — TakeOver Writeup

Subdomain enumeration challenge on TryHackMe. Finding a hidden subdomain via SSL certificate inspection to grab the flag.

Jan 26, 2026

ctfhardware

0xL4ugh CTF v5 — Cracking AES with a Multimeter: Side-Channel Analysis

Breaking AES-128 without touching the algorithm — Correlation Power Analysis on a black-box hardware target using power traces and Hamming weight correlation.

Jan 24, 2026

ctfweb

OliCyber — Dependency Hell: Racing SQLite Session Store

Exploiting a TOCTOU race condition in a SQLite-backed Express session store to bypass balance checks and chain key purchases to get the flag.

ls -la /blog

cat latest_notes.txt

Apr 6, 2026 [cwes] HTB Study Notes: OS Command Injection (CWE-78) Mar 31, 2026 [general] Back-End Servers & Stacks Mar 31, 2026 [general] Web Application Layout Mar 31, 2026 [general] Web Requests — GET, Basic Auth, Parameters Mar 31, 2026 [general] Access Control — Vertical, Horizontal & Context-Dependent

ls -la /notes