Write-up for YesWeHack Dojo 45 - Chainfection.

Certificate is a hard Windows machine that had a very interesting technique for bypassing file uploads using a double loaded ZIP file. This allowed us to write PHP code to the web server and gained our initial foothold. One of the password hashes in the local MySQL database can be cracked, and after logging on to the machine as this user, we discover a pcap file in their Documents directory. We'll extract AS REQ packets from this pcap to crack and pivot to another user that is an Enrollment Agent, allowing us to perform ESC3 to request certificates on behalf of another user. We'll target a user that has SeManageVolumePrivilege permissions, and abuse it to extract the CA's private key to forge a certificate as the administrator to escalate to domain admin.

Puppy is a medium difficulty windows box. It's an assumed breach scenario and it starts off with misconfigured group permissions that lets us add ourselves to the Developers group and access a share that has KeePass files. This gives us credentials to a user that can ForceChangePassword for another user to give us the user flag. From there, we'll find hardcoded credentials on the box and extract DPAPI secrets to escalate privileges to domain admin.

I shared how you can write your own Burp extension for testing APIs that require request signing.

Write-up for ThankYou Next web challenge from ASEAN OPEN CTF 2025.

Code is an easy Linux box that hosts an online Python code interpreter. A filter bypass in the website gives us code execution on the box. We then obtain and crack the user's password from the local SQLite database. Finally, we escalate privileges to root by exploiting a path traversal in the backup script that the user can execute as root.

I ran a web security workshop at CSLU'25 @ UTM

Solutions for some challenges from NahamCon 2025 CTF.

Our team USM Biawaks, consisting of me and my 2 juniors (@naomitham and @selinatan) played our first on-site CTF at BlackBerry CCoE Anniversary CTF and we ranked 6th. Here's our writeups for some of the challenges from the event.

Writeups for challenges that our team, USM Biawaks solved from the UMCS CTF 2025 Preliminary round.