CTF Writeups & Security Challenges

Happy Birthday S3 CTF Challenge Writeup

2026-04-14 12:00:00 18 min read

Multi-service AWS exploitation chain: account ID enumeration via s3recon, SNS StringLike policy bypass, and os.path.join path traversal to read the flag from a private S3 bucket.

Trust Issues CTF: Supply Chain Attack on a GitHub Actions Runner

2026-02-25 12:00:00 15 min read

Trust Issues CTF writeup: incident response tracing a trojanized pytest package exfiltrating secrets from a GitHub Actions self-hosted runner via Fernet-encrypted dead drops.

Wiz Cloud Security Championship - Cracked the Top 30

2026-02-14 12:00:00

Climbed from page 5 to #30 on the Wiz Cloud Security Championship leaderboard with 8 of 12 challenges solved and 137 points. Up from 3 challenges in September.

Wiz Cloud Security Championship - Cracked the Top 30

Confession Booth CTF: Race Condition Privilege Escalation

2026-01-28 12:00:00 15 min read

Confession Booth CTF writeup: race condition exploit between user registration and permission assignment.

State of Affairs CTF Challenge Writeup

2026-01-06 12:00:00 12 min read

State of Affairs CTF writeup: Terraform state poisoning via TF_DATA_DIR and malicious provider injection.

Malware Busters CTF Challenge Writeup

2025-12-21 12:00:00 18 min read

Malware Busters CTF writeup: Go binary reverse engineering with UPX, garble obfuscation, and AES-CBC.

Game of Pods CTF Challenge Writeup

2025-12-10 12:00:00 15 min read

Game of Pods CTF writeup: Kubernetes privilege escalation via SSRF, path traversal, and nodes/proxy.

Needle in a Haystack CTF Challenge Writeup

2025-10-07 12:00:00 10 min read

Needle in a Haystack CTF writeup: client-side bypass and GitHub OSINT to exploit exposed API secrets.

Wiz Cloud Security Championship - Maximum Points!

2025-09-17 14:00:00

Reached maximum points in the Wiz Cloud Security Championship with 3 challenges completed.

Wiz Cloud Security Championship - Maximum Points!

Azure OAuth CTF Challenge Writeup

2025-09-07 12:00:00 12 min read

Breaking The Barriers CTF writeup: Azure OAuth privilege escalation via dynamic groups and guest invitations.

▲