A PHP web challenge exploiting an error-handling flaw in md5()

JWT authentication bypass challenge

Extracted the flag by analyzing console errors showing failed fetch requests

A web exploitation challenge involving enumeration and cryptography.

misconfigured S3 buckets can expose flag

Recon This challenge was part of a web-based CTF event, and the name itself, “SuperFastAPI,” hinted that it was related to an API. Upon visiting the provided URL, the page displayed a simple JSON ...

Review the source code to identify vulnerabilities that may allow bypassing the XSS blocklist.

Exploited a simple file upload vulnerability to gain a reverse shell and used SUID to escalate privileges