Intigriti March 2026 XSS Challenge: Full WriteupDOM Clobbering + JSONP Callback Injection via DOMPurify MisconfigurationApr 13, 2026·8 min read
CTF Challenge Writeup: Manipulating an ERC4626 VaultIntroduction Recently, I tackled a blockchain-based Capture The Flag (CTF) challenge that required exploiting the mechanics of an ERC4626 vault to meet a specific condition. The challenge revolved around smart contracts and demanded a solid grasp of ...Jul 9, 2025·5 min read
Cyber Apocalypse CTF 2025: Exploiting Rounding Errors in HeliosDEXOne of the blockchain challenges in Cyber Apocalypse CTF had the Solidity contract called HeliosDEX, a Solidity-based decentralized exchange allowing swaps of Ether for three ERC20 tokens (ELD, MAL, HLS) and a one-time refund of tokens for Ether. Loo...Mar 26, 2025·11 min read
Understanding Access Control Issues in Web2 and Web3Introduction Access control can be defined as a data security process that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that is crucial for protecting sensitive data, preventing u...Jan 29, 2025·6 min read
4T$ CTF Writeup: Homelab ? More like Pwnlab !In this Capture The Flag (CTF) challenge, we were given access to two main targets: an SSH server running on a GoTTY shell and a NAS interface that allowed file uploads. My initial analysis revealed two key pieces of information. First, the SSH serve...Nov 11, 2024·2 min read
4T$ CTF Writeup: KittyKittyBankThe KittyKittyBank contract was written in Solidity, which allows users to send and withdraw ether (ETH) from the contract. In this blog post, I am providing a deep-dive into the details of the issue, and how it was exploited. Contract Overview Let's...Nov 11, 2024·6 min read
Messed up storage solutions for AWS EKSSo, this is the continuity story of me handling the CTF deployment for Pentester Nepal's 11th Anniversary. During the deployment, I provisioned the EKS cluster and added the addon for the EBS CSI driver as I had done similar previously too. I first s...Aug 4, 2024·3 min read
