blog.
Writeups, notes on security research, and DevOps adventures.
DownUnderCTF 2025 — Down To Modulate Frequencies! (100 pts) Sep 1, 2025 Decoding DTMF tones from a UDP audio stream to retrieve the flag. DownUnderCTF 2025 — Fishy Website (112 pts) Sep 1, 2025 Chaining a fake TLS client implementation against a suspicious server to extract the flag. DownUnderCTF 2025 — Mary had a little lambda (154 pts) Sep 1, 2025 Exploiting exposed AWS credentials to escalate privileges via IAM role assumption and retrieve secrets from SSM Parameter Store. DownUnderCTF 2025 — rocky (100 pts) Sep 1, 2025 Reversing a simple transformation on a given input to recover the flag. DownUnderCTF 2025 — YoDawg (147 pts) Sep 1, 2025 Bypassing nested Docker container restrictions to escape to the host. DownUnderCTF 2025 — zeus (100 pts) Sep 1, 2025 A beginner-level miscellaneous challenge from DownUnderCTF 2025. The Anatomy of a "Paste n Run" Phishing Attack Jan 1, 2025 How attackers weaponize fake CAPTCHA pages to trick users into running malicious PowerShell commands — and what happens next. Wargames.MY CTF 2024 — Forensic: I Cant Manipulate People (50 pts) Dec 15, 2024 Extracting hidden data from ICMP ping packets by reading the last byte of each ping payload. Wargames.MY CTF 2024 — Forensic: Oh Man (445 pts) Dec 15, 2024 Decrypting SMB3 traffic by cracking NTLM credentials with John the Ripper, then using nanodump and pypykatz to extract secrets. Wargames.MY CTF 2024 — Forensic: Tricky Malware (481 pts) Dec 15, 2024 Hunting a C2 connection in a memory dump and network capture to find a Pastebin-hosted malicious PowerShell script. Wargames.MY CTF 2024 — Forensic: Unwanted Meow (328 pts) Dec 15, 2024 Repairing a corrupted JPEG file by removing injected 'meow' strings to reveal the hidden flag. Wargames.MY CTF 2024 — Misc: Invisible Ink (388 pts) Dec 15, 2024 Finding hidden GIF frames using StegSolve and revealing the flag with random colour map filters. Wargames.MY CTF 2024 — Misc: The DCM Meta (310 pts) Dec 15, 2024 Extracting hidden characters from a DICOM file and reordering them using provided indices to recover the flag. Cyber Jawara International 2024 — Misc: Stone Game (100 pts) Nov 1, 2024 Solving a Nim game theory challenge by computing XOR sums to always put the opponent in a losing position. Indonesia's Personal Data Protection Law (UU PDP) Oct 17, 2024 A plain-language breakdown of UU 27/2022 — what it covers, why it matters, and what companies need to do before the deadline. HTB University CTF 2023 — BioBundle (medium) Dec 1, 2023 Extracting and decrypting an in-memory ELF library loaded via memfd_create and XOR-obfuscated with 0x37. HTB University CTF 2023 — RiseFromTheDead (hard) Dec 1, 2023 Recovering a shuffled flag from a core dump by extracting random indices used in the shuffle algorithm. HTB University CTF 2023 — WindowsOfOpportunity (easy) Dec 1, 2023 Reverse engineering a flag checker that validates input by summing consecutive pairs against a hardcoded array.