CTF Writeups

CTF Notes And Writeups

This is the CTF section of the blog. Writeups are grouped by event or series, and public posts focus on methodology, root cause, and lessons learned. Flags are not published.

Wiz Series

Ultimate Cloud Security Championship Writeups

Ordered technical writeups only, focused on methodology, root cause, and lessons learned.

1 Perimeter Leak June 2025 · AWS / Data perimeter Spring Boot Actuator exposure, SSRF-style proxying, IMDSv2, S3 policy conditions 10 pts 2 Contain Me If You Can July 2025 · Containers / Linux / PostgreSQL Container enumeration, lateral movement, database execution, host filesystem escape 20 pts 3 Breaking The Barriers August 2025 · Azure / OAuth / Entra ID Service principal access, delegated permissions, guest invitation, dynamic group access 10 pts 4 Needle in a Haystack September 2025 · OSINT / Web / Client-side security GitHub OSINT, DNS clues, exposed app identifiers, client-side auth bypass 20 pts 5 Game of Pods October 2025 · Kubernetes / Privilege escalation RBAC limits, kubelet proxying, debug bridge abuse, service account token escalation 30 pts 6 Malware Busters! November 2025 · Reverse engineering / Malware Packed Go binary, corrupted UPX markers, config decryption, C2 protocol analysis 10 pts 7 State of Affairs December 2025 · Terraform / IaC security Terraform state poisoning, backend control, provider execution, automation abuse 20 pts 8 Confession Booth January 2026 · Web / Race condition Go web app source review, registration race, NULL handling, privilege escalation 30 pts 9 Trust Issues February 2026 · Incident response / Supply chain Compromised self-hosted runner, trojanized pytest, Fernet-encrypted exfiltration 20 pts 10 Happy Birthday March 2026 · AWS / S3 / SNS S3 account discovery, SNS subscription policy bypass, API Gateway path traversal 20 pts 11 Split Horizon April 2026 · Kubernetes / Cloud networking Node metadata, flannel VXLAN, Kubernetes DNS, hidden service discovery 30 pts

AI Odyssey

TryHackMe AI Odyssey Writeups

Public methodology notes for AI-security rooms. Challenge answers and flags are redacted.

1 Cypheron ML supply chain / n8n / container escape PyTorch artifact inspection, unsafe model loading, n8n file read, workflow command execution, host pivot AI 2 Injectus IX Prompt injection / model extraction / adversarial ML Tokenizer boundary bypass, black-box decision mapping, face-embedding adversarial input AI 3 Token City AI app security / SSRF / agent trust Feature-store poisoning, Electron malware recovery, local model SSRF, forged agent attestations AI 4 Vectara Agent security / prompt injection / stored XSS Agent transcript manipulation, provenance poisoning, tool-use abuse, callback exfiltration AI