2 min read
TryHackMe — TakeOver Writeup
Subdomain enumeration challenge on TryHackMe. Finding a hidden subdomain via SSL certificate inspection to grab the flag.
filter by tag:
5 posts found
4 min read
0xL4ugh CTF v5 — Cracking AES with a Multimeter: Side-Channel Analysis
Breaking AES-128 without touching the algorithm — Correlation Power Analysis on a black-box hardware target using power traces and Hamming weight correlation.
3 min read
OliCyber — Dependency Hell: Racing SQLite Session Store
Exploiting a TOCTOU race condition in a SQLite-backed Express session store to bypass balance checks and chain key purchases to get the flag.
2 min read
HackerDNA — Hack the Cookie: Insecure Session Management
Privilege escalation from guest to admin by decoding and modifying an unsigned Base64 session cookie. A classic case of client-side trust gone wrong.
3 min read
TAMU CTF 2025 — pittrap: Black-Box ONNX Neural Network Optimization
Solving a black-box neural network challenge at TAMU CTF (gigem) by treating the ONNX model as an oracle and applying simulated annealing to find the winning input.