Exploiting Integer Underflows in SolidityIn the world of blockchain security and Capture The Flag (CTF) challenges, vulnerabilities in smart contracts often stem from subtle arithmetic issues, especially in older Solidity versions (pre-0.8.0), where unchecked operations could lead to overfl...Nov 25, 2025·11 min read
Cyber Apocalypse CTF 2025: Exploiting Rounding Errors in HeliosDEXOne of the blockchain challenges in Cyber Apocalypse CTF had the Solidity contract called HeliosDEX, a Solidity-based decentralized exchange allowing swaps of Ether for three ERC20 tokens (ELD, MAL, HLS) and a one-time refund of tokens for Ether. Loo...Mar 26, 2025·11 min read
Understanding Access Control Issues in Web2 and Web3Introduction Access control can be defined as a data security process that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that is crucial for protecting sensitive data, preventing u...Jan 29, 2025·6 min read
4T$ CTF Writeup: Homelab ? More like Pwnlab !In this Capture The Flag (CTF) challenge, we were given access to two main targets: an SSH server running on a GoTTY shell and a NAS interface that allowed file uploads. My initial analysis revealed two key pieces of information. First, the SSH serve...Nov 11, 2024·2 min read
4T$ CTF Writeup: KittyKittyBankThe KittyKittyBank contract was written in Solidity, which allows users to send and withdraw ether (ETH) from the contract. In this blog post, I am providing a deep-dive into the details of the issue, and how it was exploited. Contract Overview Let's...Nov 11, 2024·6 min read
Messed up storage solutions for AWS EKSSo, this is the continuity story of me handling the CTF deployment for Pentester Nepal's 11th Anniversary. During the deployment, I provisioned the EKS cluster and added the addon for the EBS CSI driver as I had done similar previously too. I first s...Aug 4, 2024·3 min read
Proxying Minikube Kubernetes APIMinikube: Introduction Minikube is a lightweight Kubernetes implementation for quickly setting up a single-node Kubernetes cluster. We can deploy the cluster as a VM, or a container. This is only for educational purposes only and if you forget to set...Jan 3, 2024·3 min read
