A privilege escalation challenge exploiting PATH hijacking through sudo's secure_path misconfiguration to execute a restricted script by replacing system commands.

A cloud security challenge auditing Azure storage accounts to identify publicly accessible blob containers exposing sensitive credentials due to misconfigured access controls.

Day 1 of Advent of Cyber 2025 introducing Linux command line fundamentals through investigating a compromised server, analyzing logs, and uncovering hidden clues through file analysis, git history, and GPG decryption.

Recovered an unsaved Notepad note from Notepad TabState .bin backups by decoding UTF-16-LE and locating the Huntress CTF flag.

A warm-up web challenge from Huntress CTF 2025 involving RFC 9309 and discovering a hidden flag within a robots.txt file.

A web challenge exploiting timing-based vulnerabilities to extract a flag character by character, bypassing rate limiting through IP spoofing on an exposed Flask application.

A web challenge exploiting Server-Side Template Injection (SSTI) in an Express.js application using EJS templates to achieve remote code execution and extract the flag.

A web challenge exploiting a regex misconfiguration in a terminal-style web application to bypass command whitelisting and extract the flag through newline injection.

A medium-difficulty Linux machine exploiting a Laravel environment variable vulnerability (CVE-2024-52301) for initial access, followed by GPG decryption for lateral movement and BASH_ENV exploitation for privilege escalation.

An easy-difficulty Linux machine exploiting Grafana command injection (CVE-2024-9264) to obtain initial access, followed by SSH tunneling and cronjob manipulation for privilege escalation.