Writing

Writeups, notes and research.

CTF writeups, web and wireless exploitation, reconnaissance, and the occasional build log.

7 min read

CTF web challenge writeups for Ignite Islamabad 24 regional round

Writeups for all web related challenges from Ignite 2024 regional round of Islamabad

9 min read

BlackhatMEA 2024 CTF Writeups for all web challenges (Qualifiers)

Writeups for all web related challenges from Blackhat MEA 2024 CTF

8 min read

Setup Fake (Rogue) Access Point WiFi using HostAPD

A detailed guide on how to setup a rogue or fake access point wifi network using hostapdo

6 min read

WPA(2) PMKID Hash Cracking (MIC) Process Explained

A guide on what the MIC is and how the actual WPA(2) cracking happens at lower level

6 min read

Writeups for Web challenges from HTB Cyber Apocalypse CTF 2024

This blog post contains the writeups for the web challenges that i solved from HTB Cyber Apocalypse 2024

5 min read

Writeups for Web challenges from PCC 23

These are the writeups for web challenges from PCC 23 held at Air University Islamabad

3 min read

Blackhat MEA CTF Qualifiers Web Authy and Warm Me Up Writeup

Writeups for 2 of web challenges from Blackhat MEA Qualifier CTF Round namely Authy and Warm Me Up

9 min read

Deploy a Django Application on Ubuntu 22.04 with Gunicorn & NGINX

A Detailed walkthrough of the process of deploying a django application on a ubuntu server from scratch. This guide covers the deployment stages with Gunicorn, NGINX and Postgresql.

6 min read

Web Sanity Writeup AmateursCTF 2023 DOM Clobbering and Prototype Pollution

A complete writeup of sanity web challenge from AmateursCTF 2023. It covers the use of the Sanitizer API in browsers, DOM Clobbering, Parameter Pollution and XSS.

6 min read

A Guide to Zone Transfer, DNS Zone Takeover and Subdomain Takeover

In this guide, we will be looking over vulnerabilites associated with a domain normally occured due to the negligence from the develper team. The terms we will see are Zone Transfer, DNS Zone Takeover and Subdomain Takeover.

3 min read

BSidesTLV CTF 2023 Browselicious (Misc) Writeup

Writeup for Browselicious challenge (Misc) from BsidesTLV CTF 2023

2 min read

Google CTF 2023 Under Construction (Web) Writeup

Writeup for under construction challenge from google ctf 2023

1 min read

SSTI Bypass using HTTP Request Referer and Cookie headers - My First App Writeup

This is solution for My First App challenge from UofTCTF 23. It covers initial JWT cracking and then escalating it to SSTI. And then bypassing filters by using the request object attributes