# CTF Writeups

- [CTF Writeups](/writeups/ctf-writeups/ctf-writeups.md): A collection of interesting challenges that I solved in various CTFs.
- [BackDoorCTF 2025](/writeups/ctf-writeups/ctf-writeups/backdoorctf-2025.md)
- [Trust Issues](/writeups/ctf-writeups/ctf-writeups/backdoorctf-2025/trust-issues.md)
- [HeroCTF 2025](/writeups/ctf-writeups/ctf-writeups/heroctf-2025.md)
- [SpringDrive](/writeups/ctf-writeups/ctf-writeups/heroctf-2025/springdrive.md): Hash Collision? + SSRF to Redis RCE
- [BuckeyeCTF 2025](/writeups/ctf-writeups/ctf-writeups/buckeyectf-2025.md)
- [Authman](/writeups/ctf-writeups/ctf-writeups/buckeyectf-2025/authman.md): passwords won't save you now NOTE: remote can only connect to ports 80/443
- [nu1l CTF 25](/writeups/ctf-writeups/ctf-writeups/nu1l-ctf-25.md)
- [eezzjs](/writeups/ctf-writeups/ctf-writeups/nu1l-ctf-25/eezzjs.md)
- [Sunshine CTF 25](/writeups/ctf-writeups/ctf-writeups/sunshine-ctf-25.md)
- [Intergalactic Webhook Service](/writeups/ctf-writeups/ctf-writeups/sunshine-ctf-25/intergalactic-webhook-service.md): DNS Rebinding
- [Greyhats Welcome CTF 25](/writeups/ctf-writeups/ctf-writeups/greyhats-welcome-ctf-25.md): Some pwn challenges
- [Blast From The Past](/writeups/ctf-writeups/ctf-writeups/greyhats-welcome-ctf-25/blast-from-the-past.md): Ret2Shellcode + push rsp gadget
- [EchoCrash](/writeups/ctf-writeups/ctf-writeups/greyhats-welcome-ctf-25/echocrash.md): GOT overwrite with negative indexing
- [Sunshine Factory](/writeups/ctf-writeups/ctf-writeups/greyhats-welcome-ctf-25/sunshine-factory.md): Buffer Overflow + Partial Overwrite
- [USCTF 2024](/writeups/ctf-writeups/ctf-writeups/usctf-2024.md)
- [Spooky Query Leaks](/writeups/ctf-writeups/ctf-writeups/usctf-2024/spooky-query-leaks.md): INSERT Query SQLi
- [HackTheVote](/writeups/ctf-writeups/ctf-writeups/hackthevote.md)
- [Comma-Club (Revenge)](/writeups/ctf-writeups/ctf-writeups/hackthevote/comma-club-revenge.md): One-Byte Overwrite over Function Pointer
- [HeroCTF 2024](/writeups/ctf-writeups/ctf-writeups/heroctf-2024.md)
- [Heappie](/writeups/ctf-writeups/ctf-writeups/heroctf-2024/heappie.md): Ret2win in Heap
- [Buckeye 2024](/writeups/ctf-writeups/ctf-writeups/buckeye-2024.md)
- [No-Handouts](/writeups/ctf-writeups/ctf-writeups/buckeye-2024/no-handouts.md): Ret2Libc except no shell L
- [TetCTF 2024](/writeups/ctf-writeups/ctf-writeups/tetctf-2024.md)
- [TET & 4N6](/writeups/ctf-writeups/ctf-writeups/tetctf-2024/tet-and-4n6.md): A good forensics challenge that was cheesed
- [PatriotCTF 2023](/writeups/ctf-writeups/ctf-writeups/patriotctf-2023.md)
- [ML Pyjail](/writeups/ctf-writeups/ctf-writeups/patriotctf-2023/ml-pyjail.md): Python Jail with a twist.
- [Breakfast Club](/writeups/ctf-writeups/ctf-writeups/patriotctf-2023/breakfast-club.md): Hash Cracking with a caveat
- [Authored Challenges](/writeups/ctf-writeups/authored-challenges.md): Hopefully the list grows longer as time goes on
- [Team Rocket](/writeups/ctf-writeups/authored-challenges/team-rocket.md): Team Rocket is looking for new members to join their global conquest! They have set up a new system to recruit new members. Can you infiltrate their system and find out what they are up to?
- [Portal](/writeups/ctf-writeups/authored-challenges/portal.md): My company vibecoded a portal for viewing websites, wonder what can go wrong
- [Upsolves](/writeups/ctf-writeups/upsolves.md): Challenges I try to learn from in preparation for CTFs
- [Go Touch Grass](/writeups/ctf-writeups/upsolves/go-touch-grass.md): Scroll-To-Text-Fragment with DNS Prefetch
- [Secure Blob Runner](/writeups/ctf-writeups/upsolves/secure-blob-runner.md): Shellcode with ROP via fs\_base leak
- [HAKKShop](/writeups/ctf-writeups/upsolves/hakkshop.md): logic bugs + verb tampering?
- [Trading-API](/writeups/ctf-writeups/upsolves/trading-api.md): hacklu-ctf 2021