Phuc Quan

Background

I’m a security student with a focus on offensive security through competitive hacking and hands-on labs. This blog documents my learning journey in security-research, CTF challenges, and penetration-testing.

Current Focus

  • Competitive Hacking — CTF competitions (web, crypto, misc)
  • penetration-testing — Web application assessments
  • Cloud Security — AWS and cloud infrastructure security
  • Cryptography — Algorithm analysis and implementation flaws
  • Reverse Engineering — Binary analysis basics

Skills

Programming Languages & Frameworks:

  • Software Engineering — Full-stack development with React, Node.js, Java Spring Boot
  • Python — Advanced (scripts, exploitation, automation)
  • Bash/Shell — Advanced (scripting, reconnaissance)
  • JavaScript — Advanced (Web vulnerabilities, React development)
  • HTML/CSS — Expert (Web structure and styling)
  • SQL — Advanced (Database security, injection)
  • Java — Intermediate (Spring Boot development)
  • C++ — Intermediate (Systems programming)
  • PHP — Beginner (Server-side vulnerabilities)
  • Ruby — Beginner
  • Go — Beginner

Tools & Platforms:

  • Burp Suite, Wireshark, Nmap, Metasploit
  • TryHackMe, HackTheBox, CTFtime
  • Ghidra, IDA Pro (basics)

Technical Knowledge:

  • Web vulnerabilities (OWASP Top 10)
  • Authentication and authorization bypasses
  • Cryptographic concepts and flaws
  • Network protocols and analysis
  • Linux system administration

Learning Path

Completed

  • ✅ TryHackMe security fundamentals
  • ✅ Multiple CTF competitions
  • ✅ OWASP Top 10 deep dive
  • ✅ Basic cryptography concepts

In Progress

  • 🔄 Advanced web exploitation
  • 🔄 Cryptography challenges
  • 🔄 AWS security assessments

Planned

  • 🎯 Reverse engineering (advanced)
  • 🎯 Privilege escalation techniques
  • 🎯 Malware analysis
  • 🎯 Bug bounty programs

About This Blog

Each writeup includes:

  • Challenge Information — Difficulty, category, platform
  • Reconnaissance — My initial exploration approach
  • Analysis — Technical deep-dive into the vulnerability
  • Exploitation — Step-by-step exploitation walkthrough
  • Lessons Learned — Key takeaways and prevention strategies
  • References — Tools and resources used

Disclaimer: All writeups are based on public CTF challenges and authorized lab environments. Content is for educational purposes only.

Contact & Links

Last updated: May 31, 2026