Articles & Write-ups

In-depth security analysis, cyber secruity write-ups, and technical documentation

CTF Write-up

4 Vulnerabilities Exploited

CTF Write-up Security

CloudSek Hiring CTF - Round 2

December 2025

Comprehensive write-up covering four security challenges: NITRO automation, XXE injection, PHP type confusion in MFA, and Android APK reverse engineering with JWT forgery.

XXE JWT Type Confusion Mobile Security
Read Full Write-up

CTF Write-up

Complete System Takeover

CTF Write-up SSTI

Boot Sequence - CloudSek Hiring CTF

December 2025

Deep dive into exploiting an orbital relay system through JWT forgery, privilege escalation, and Server-Side Template Injection leading to Remote Code Execution.

SSTI JWT Cracking RCE Jinja2
Read Full Write-up

CTF Write-up

Client-Side Bypass

CTF Write-up Web Security Medium

Fool's Mate — Client-Side Validation Bypass

2025

A chess web app blocks the winning move using client-side JavaScript. By intercepting browser fetch calls and communicating with the API directly, the UI restriction is bypassed entirely and the flag extracted.

Client-Side Bypass Fetch API JavaScript
Read on Medium

CTF Write-up

Server-Side Bypass

CTF Write-up Web Security Medium

Fool's Mate Revenge — Query String Injection

2025

Same puzzle, harder gate. The server withholds the flag behind a session property check. After ruling out mass assignment and prototype pollution, a query string parameter injected into the move endpoint unlocks the reward.

Query Injection Session Bypass Mass Assignment
Read on Medium

Security Research

HTTP Security

Security Research Medium

Cookie Headers

2025

An exploration of HTTP cookie header fields—how they work and best practices for secure session implementation.

HTTP Cookies Session Security
Read on Medium

Security Research

Traffic Interception

Security Research Mobile Medium

How to Capture Mobile Traffic

2025

A guide on intercepting and analyzing mobile app network requests using tools like Burp Suite.

Burp Suite Traffic Analysis Mobile Security
Read on Medium

Security Research

Device Control

Security Research Android Medium

Android Debug Bridge

2025

A walkthrough of using Android Debug Bridge shell commands to access and control Android devices for debugging and development.

ADB Android Shell Commands
Read on Medium

More Articles Coming Soon!

I'm constantly working on new security research, CTF challenges, and technical write-ups. Stay tuned for more in-depth analysis and educational content.

Subscribe for Updates