Google CTF 2024 Grand Prix Heaven
This is my solution for Grand Prix Heaven from Google 2024 CTF. I particularly enjoyed this challenge because of its detail level; multiple little vulnerabilities had to be chained together to achieve XSS on the target.
I will start with the exploit, then follow up with the notes which may help explain why the exploit does what it does.
Exploit import requests import json import re import exif import warnings warnings.
Solving Web: Bad Challenge from Arab Security War Games 2024
In this writeup, I will explain how I solved Bad, an interesting web challenge written by the amazing Abdelhamid Ghazy as part of the recent Arab Security Conference War Games (ASCWG) 2024. ASCWG had four web challenges. I cleared the first three early in the competition before spending the next 16 hours on Bad, submitting only 30 minutes before the end of the CTF.
- What are we up to? Title Author Solves Bad Abdelhamid Ghazy 3 The challenge was initially black-box but the author decided to open it under pressure from a now-desperate audience.
BOM Sniffing to XSS
In this post, we will learn about text encoding, how browsers determine content encoding, talk about BOM and finally how we can bypass DOM sanitizers by just playing around with input encoding.
For those interested, this post is based on an interesting challenge called Secure Notes which was authored by @13x1 and have appeared in the recent GPN 2024 CTF.
We are given 16 lines of source code and access to an admin bot.
Apexsurvive Writeup (HTB Cyber Apocalypse 2024)
Chapter 0: Introduction Hey there👋. I am Adham Elmosalamy, a Computer Engineering student, and in this post I will walk you through my solution of Apexsurvive from Hack The Box 2024 Cyber Apocalypse CTF, a beautiful challenge that costed me three days of research, experimentation and sweat to take down.
This is a beginner-friendly writeup where I explain how web challenges like this could be approached: going over methodology, mindset and research.
Google CTF 2023 And How It Almost Backfired
I wanted to introduce a group of students to cybersecurity. They showed passion and willingness to learn.
I thought there would be no better introduction than inviting them to a Capture the Flag (CTF) competition. That way they would get exposed to the field while having a fun experience.
CTFs require teamwork, showcase the diverse requirements (and goals) of cybersecurity, offer hands-on practice, and demand a security research mindset. In fact, many professionals jumpstarted their security careers via CTFs.
Javascript Basics: Arrays!
Hey👋 there, in this mini-tutorial we are going to go through what is an array, how to create one, learn how to grab items from it, learn how to add items to it and much more! Stay tuned!
I highly advise you to follow along, Javascript is a browser language, and you can follow along right here! In your browser! To do that: Right click anywhere on this page, then click “Inspect”, on the side panel that appears, find the “»” arrow icon, then click “Console”, this is where you can type Javascript code!
Tribute to freeCodeCamp!
I started on the 21st of August 2019, It took me 321 days which is equivalent to 10 month and 16 days to run through the whole freeCodeCamp curriculum, It was a great journey, well worth it, it’s kinda longer than it should’ve been, but I had some obstacles i.e. examinations along the way and I followed a strategy of intermittent learning, where I would do challenges for a couple of days then stop and follow a tutorial/build a project on the same topic for another couple of days, so I was actually learning a lot outside FCC, now a couple of you people on track or coming recently to FCC might be wondering: “How exactly did freeCodeCamp help you?
Say Hello with Flask!
In this post, I am going to introduce you to an interesting Python framework…
The popular web development microframework: Flask.
A framework basically controls how your code is built and deployed. A framework isn’t a library. Your code calls library functions and methods; on the other hand, A framework calls your code and deploys it.
Flask is called a microframework because it is considered low-level compared to other web frameworks like Django; Flask provides you with the core functions and its up to you how you combine them together to create larger applications, This makes Flask very versatile and extensible.
Python List Comprehensions!
What’s up everybody! In this post I am going to show you an interesting tip which I rarely see young Pythonistas use, it’s List Comprehensions. If you dabbled a little with Python you probably had some problems where you had to iterate over a list and perform functions to its elements on-the-run, I know. I make no sense. To clear things up let me start with a simple task. Given a list of numbers, return a list containing the squares of the original list’s numbers, You might think: “Well, That’s easy!
Linux into the scene!
Hello everyone,
Recently, while watching a video, I came across a guy using Linux on his machine, It looked really clean and neat and I wanted to try it!
At the start it just looked cool and I thought why not download it? It is free and open-source. I looked up for Linux and found it have what is known as “distros”.
Basically distros or distributions are a different variations of Linux, with every distro having its own look and settings - think of it as ice cream flavours - It can be different File manager or different interface, terminal and so on.