Archive

Knowledge Base & Writeups

Góc nhỏ lưu lại hành trình học tập và những kinh nghiệm mình đúc kết được. Nơi đây tập hợp các bài write-up giải CTF và nhật ký khai thác trên các nền tảng như HackTheBox, TryHackMe, Proving Grounds.

38 Bài viết

Cập nhật: 05/2026

CTF Categories

Web Crypto Pwn Reverse Engineering Pentest Cloud BugBounty Malware

Platforms

HackTheBox TryHackMe PortSwigger

CTF Writeups

Web

May 17, 2026

HTTP Request Smuggling: Deep Dive into Detection and Exploitation

#http-request-smuggling #web-security

April 07, 2026

[KashiCTF-2026] SecureNotes - IDOR + JWT Cache Bypass

#web #kashictf #idor #jwt #token-cache

April 07, 2026

[KashiCTF-2026] Nexus 2 - SSTI Jinja2, bypass filter bằng hex encoding

#web #ssti #python #flask #kashictf #rce #jinja2

April 07, 2026

[RITSEC-CTF-2026] Monitor Breaker - Command Injection qua Client-Side Filter

#web #command-injection #ritsec #client-side-bypass

April 07, 2026

[KashiCTF-2026] Evidence Lab - ExifTool RCE qua CVE-2021-22204

#web #forensics #kashictf #cve-2021-22204 #exiftool #rce

February 10, 2026

[Writeup] NullCon-2025 - Pasty (Crypto/Web)

#nullcon #custom-crypto #signature-forgery #bit-flipping #sha256

February 10, 2026

[Writeup] LA CTF 2026 - Narnes and Bobles (Web)

#lactf #web #logic-error #mass-assignment #sqlite #nodejs

February 10, 2026

[Writeup] LA CTF 2026 - Job Board (Web)

#lactf #web #xss #stored-xss #filter-bypass #xs-leak

February 10, 2026

[Writeup] LA CTF 2026 - Invoice Generator (Web)

#lactf #web #xss #ssrf #html-injection #pdf-generation

January 29, 2026

[Writeup] UofTCTF-2026 - NoQuotes & The SUID Escape

#sqli #ssti #suid #privesc #f-string

January 29, 2026

[Writeup] HCMUTE-CTF-2026 - Qualification Round

#hcmute #web #javascript #client-side

January 29, 2026

[Writeup] HCMUTE-CTF-2026 - Greeting (SSTI)

#hcmute #ssti #jinja2 #rce #python

January 29, 2026

[Writeup] HCMUTE-CTF-2026 - FinTrack (Blind SQLi)

#hcmute #sqli #blind-sqli #python #automation

January 06, 2026

[Writeup] Silent Snow CTF 2025 - WordPress Privilege Escalation

#wordpress #authentication #bypass #privilege-escalation

January 04, 2026

[Advent of CTF] Multifactorial - Writeup

#totp #brute-force #idor #webauthn

Crypto

February 10, 2026

[Writeup] NullCon-2025 - Pasty (Crypto/Web)

#nullcon #custom-crypto #signature-forgery #bit-flipping #sha256

January 31, 2026

[Writeup] HCMUTE-CTF-2026 - Shamir's Secret Sharing (Crypto)

#hcmute #shamir #secret-sharing #rsa #aes #crypto #steganography

January 29, 2026

[Writeup] UTECTF 2026 - What is a secret (Crypto)

#utectf #rsa #diffie-hellman #aes #multi-prime #gcd-attack

January 29, 2026

[Writeup] HCMUTE-CTF-2026 - Power Tower (Crypto)

#hcmute #rsa #modular-arithmetic #euler #python

January 29, 2026

[Writeup] HCMUTE-CTF-2026 - Mirror Split Secrets (Crypto)

#hcmute #rsa #lattice #lll #coppersmith #acd

Pwn

January 29, 2026

[Writeup] HCMUTE-CTF-2026 - Gau (Socket Automation)

#hcmute #pwn #socket #python #pwntools

January 29, 2026

[Writeup] HCMUTE-CTF-2026 - ezpwn (Format String & Buffer Overflow)

#hcmute #pwn #format string #buffer overflow #rop

Reverse engineering

January 29, 2026

[Writeup] HCMUTE-CTF-2026 - XiDach (Reverse Engineering)

#hcmute #reverse #python #pyinstaller #decomplie

Meta

January 01, 2025

Hello World – My Security Writeups

#intro

Advent of ctf

January 04, 2026

[Advent of CTF] Multifactorial - Writeup

#totp #brute-force #idor #webauthn

Machines & Platforms

HackTheBox Machines

Apr 27, 2026

Silentium Machine - HTB