My Cybersecurity Writeups

Here you can read about technical writeups of vulnerabilities I found and CTFs I solved. I try to get as in depth as possible on the topics I cover, but if you still have any questions, feel free to reach out through my socials.

If you'd like to work together, check out Koi Security Consulting, my cybersecurity firm specializing in cloud consultancy services.

Recent Posts

• 2Cool4School Writeup - Kalmar CTF 2023

  18 Jun, 2023

  A writeup for the web challenge 2Cool4School from Kalmar CTF 2023. This writeup examines hidden APIs discovered through Swagger documentation, finding a CSRF in the profile picture upload functionality of a website, and taking advantage of an HTTP parameter injection in a faulty SSO flow.

• ZeroTrust Writeup - LA CTF 2023

  15 Feb, 2023

  A writeup for the web challenge ZeroTrust from LA CTF 2023. This writeup details how to exploit a misconfigured AES GCM rolling cipher to modify an authentication cookie and read the contents of the flag.

• jsss Writeup - AsiaCTF 2021

  26 Dec, 2021

  A writeup for the web challenge jsss from AsiaCTF 2021. This writeup touches on type juggling in JavaScript, escaping the sandbox of the vm2 module, and taking advantage of race conditions and the /proc filesystem in order to bypass restrictions on file names.