Mar,25 2025
At HTB Cyber Apocalypse 2025, I chained multiple exploits—from web SSRF and header injection to stored XSS and PostgreSQL RCE—to gain full remote code execution. This post details both the unintended and intended approaches.
Feb,17 2025
ETag reuse and Firefox’s 304 caching flaw enable a CSP sandbox bypass
Feb,16 2025
NGINX reverse proxy cache deception, normalization bypass, and mass assignment
Feb,16 2025
This is the first writeup i wrote back in 2022, just after the RomHack CTF.