Abusing Resource-Based Constrained Delegation (RBCD) in Active DirectoryActive Directory delegation is one of those features that makes complete sense on paper and causes constant headaches in practice. It solves a real problem. It's also misconfigured in almost every envJul 3, 2026·11 min read
Exploiting an LFI Vulnerability and Forging a Signature in BugcrowdCTFIntroduction During Bugcrowd CTF at Black Hat USA 2025, I tackled a web challenge involving SecureFile Solutions, a document management system with a hidden Local File Inclusion (LFI) vulnerability in its index.php. This journey involved exploiting t...Aug 11, 2025·5 min read
CTF Challenge Writeup: Manipulating an ERC4626 VaultIntroduction Recently, I tackled a blockchain-based Capture The Flag (CTF) challenge that required exploiting the mechanics of an ERC4626 vault to meet a specific condition. The challenge revolved around smart contracts and demanded a solid grasp of ...Jul 9, 2025·5 min read
Cyber Apocalypse CTF 2025: Exploiting Rounding Errors in HeliosDEXOne of the blockchain challenges in Cyber Apocalypse CTF had the Solidity contract called HeliosDEX, a Solidity-based decentralized exchange allowing swaps of Ether for three ERC20 tokens (ELD, MAL, HLS) and a one-time refund of tokens for Ether. Loo...Mar 26, 2025·11 min read
Understanding Access Control Issues in Web2 and Web3Introduction Access control can be defined as a data security process that regulates who or what can view or use resources in a computing environment. It is a fundamental concept in security that is crucial for protecting sensitive data, preventing u...Jan 29, 2025·6 min read
4T$ CTF Writeup: Homelab ? More like Pwnlab !In this Capture The Flag (CTF) challenge, we were given access to two main targets: an SSH server running on a GoTTY shell and a NAS interface that allowed file uploads. My initial analysis revealed two key pieces of information. First, the SSH serve...Nov 11, 2024·2 min read
4T$ CTF Writeup: KittyKittyBankThe KittyKittyBank contract was written in Solidity, which allows users to send and withdraw ether (ETH) from the contract. In this blog post, I am providing a deep-dive into the details of the issue, and how it was exploited. Contract Overview Let's...Nov 11, 2024·6 min read