Writing
Writeups, notes and research.
CTF writeups, web and wireless exploitation, reconnaissance, and the occasional build log.

CTF web challenge writeups for Ignite Islamabad 24 regional round
Writeups for all web related challenges from Ignite 2024 regional round of Islamabad

BlackhatMEA 2024 CTF Writeups for all web challenges (Qualifiers)
Writeups for all web related challenges from Blackhat MEA 2024 CTF

Setup Fake (Rogue) Access Point WiFi using HostAPD
A detailed guide on how to setup a rogue or fake access point wifi network using hostapdo

WPA(2) PMKID Hash Cracking (MIC) Process Explained
A guide on what the MIC is and how the actual WPA(2) cracking happens at lower level

Writeups for Web challenges from HTB Cyber Apocalypse CTF 2024
This blog post contains the writeups for the web challenges that i solved from HTB Cyber Apocalypse 2024

Writeups for Web challenges from PCC 23
These are the writeups for web challenges from PCC 23 held at Air University Islamabad
Blackhat MEA CTF Qualifiers Web Authy and Warm Me Up Writeup
Writeups for 2 of web challenges from Blackhat MEA Qualifier CTF Round namely Authy and Warm Me Up

Deploy a Django Application on Ubuntu 22.04 with Gunicorn & NGINX
A Detailed walkthrough of the process of deploying a django application on a ubuntu server from scratch. This guide covers the deployment stages with Gunicorn, NGINX and Postgresql.

Web Sanity Writeup AmateursCTF 2023 DOM Clobbering and Prototype Pollution
A complete writeup of sanity web challenge from AmateursCTF 2023. It covers the use of the Sanitizer API in browsers, DOM Clobbering, Parameter Pollution and XSS.

A Guide to Zone Transfer, DNS Zone Takeover and Subdomain Takeover
In this guide, we will be looking over vulnerabilites associated with a domain normally occured due to the negligence from the develper team. The terms we will see are Zone Transfer, DNS Zone Takeover and Subdomain Takeover.

BSidesTLV CTF 2023 Browselicious (Misc) Writeup
Writeup for Browselicious challenge (Misc) from BsidesTLV CTF 2023

Google CTF 2023 Under Construction (Web) Writeup
Writeup for under construction challenge from google ctf 2023

SSTI Bypass using HTTP Request Referer and Cookie headers - My First App Writeup
This is solution for My First App challenge from UofTCTF 23. It covers initial JWT cracking and then escalating it to SSTI. And then bypassing filters by using the request object attributes