2026
Writeup No JS | AlpacaHack Solving 'No JS' web challenge in AlpacaHack, the challenge involves client-side attack AlpacaHackwebmedium@00xcanelo
Writeup The Curator's Exit Solving the OSINT challenge from CTF@CIT 2026 — cracking a password-protected PDF, performing username enumeration, and investigating target profiles across Twitter, LinkedIn, PCPartPicker, and OpenStreetMap. CTF@CITosinthard@babayaga0x01
Writeup Toxique Osint Challenge hi there, it 0x2face with another osint challenge , but this time as challenge author for the knights of the fury ctf competition. Toxique CTFosinthard@abdelrahman_a996
Writeup bytes pwn challenge from CyCTF Luxor (How to make exit syscall leak from memory) If you want to download the challenge and try to solve it by yourself this is the link for the challenge: https://github.com/k45w4ra/bytes-challenge Analysis First I make checksec to check the mitigations on the binary [*] '/home/ahmed/file CyCTFpwnmedium@k45w4ra
Writeup CyCTF Luxor 2026 | web Finals Solving 'Season' web challenge in CyCTF Luxor CTF 2026 Finals, the challenge involves bypassing weak XXE validation and uploading a shell in php for rce CyCTFwebmedium@00xcanelo
Writeup CAT CTF 26 — Entry Level Solving all web challenges for CAT CTF 26 — Entry Level, covering bugs like LFI, SSTI, DOMPurify bypass, lfi2rce, and SSRF via EC2 metadata service. CAT Reloaded CTFwebeasy@00xcanelo
Writeup CAT CTF 26 Jail/misc/crypto Challenges it is 0x2face with another writeup , this one will be about the linux jails , mic challenges , crypto challenges i created in CAT CTF entry Level CTF 26 , lets start with the first challenges which are the linux jails. CAT Reloaded CTFcryptomedium@abdelrahman_a996
Writeup CAT Entry Level CTF 26 OSINT Challenges it’s 0x2face with another cool osint writeup , but this time as a challenge Author , i am happy to contribute to CAT Reloaded entry level CTF AS An Author this year, i wrote 4 osint challenges , 3 crypto challenges , 3 misc challenges , 2 l CAT Reloaded CTFosintmedium@abdelrahman_a996
Writeup CyCTF Luxor 2026 | Mobile Writeup Solving the Android track of CyCTF Luxor — extracting a token from exported SharedPreferences, recovering an AES-ECB key from the signing cert, and forging a Binder IPC transaction to bypass UID-based access control. CyCTFmobilehard@0xspongee
Writeup CyCTF Luxor web Qualifications Solving all web challenges in CyCTF Luxor Qualifications, covering a mix of Next.js, race condition, and CRLF issues. CyCTFwebhard@00xcanelo
Writeup bil pwn challenge from CyCTF Luxor Analysis First I made checksec to check the mitigations on the binary checksec ./app_patched Arch: amd64-64-little RELRO: Full RELRO Stack: No canary found NX: NX enabled PIE: No PIE (0x3fa000) RUNPATH: b'.' SHSTK: Enabled IBT: Enabled Stri CyCTFpwnmedium@k45w4ra
Writeup 0xfun osint challenges hi there hackers, it’s 0x2face with another Osint ctf writeup , this time it’s from 0xfun ctf , i am proud to share that our team M0nt5ab El2hwa secured 9th place out of 2300+ teams worldwide : in this writeup i will discuss the osint chall 0xfun CTFosintmedium@abdelrahman_a996
Writeup 0xL4ugh CTF — Smol Web Smol Web بسم الله الرحمن الرحيم Hello Hackers, I’m #!/bin/bash , back again with some web challenges from 0xl4ugh ctf 2025 edition. 0xL4ugh CTFwebmedium@binbash_is_hacker
Writeup Clowns_APT | 0xL4ugh CTF 2026 An OSINT investigation starting from a single ransom image left on a Node.js developer machine. Trace the attacker across all platforms to uncover an attack via a malicious npm package. 0xL4ugh CTFosinthard@babayaga0x01
Writeup Egypt National Cybersecurity CTF 2025 | Tick Tock Malware Reverse Engineering Write up 1- Challenge Idea The Program TickTock.exe does the following: Builds an array of numbers from 1 to 105 (as bytes) Randomly selects 32 bytes from it → this becomes the AES Key (256-bit) Randomly selects 16 bytes from it → This becomes AES I Egypt National Cybersecurity CTFreversemedium@k45w4ra
Writeup SSRF via Content-Type in Apache — Auditor Solving “Auditor” challenge from FahemSec, where SSRF was achieved through Apache Content-Type/header injection to reach an internal Flask service and retrieve the flag. FahemSecwebmedium@agn4by
Writeup 0xL4ugh CTF V5 OSINT Challenges hi there hackers, it 0x2face with another osint write-up , this time it is 0xl4ugh CTF V5 , the ctf was challenging , amazing and i had great experience from it. 0xL4ugh CTFosintmedium@abdelrahman_a996
Writeup pdf.exe | 0xL4ugh v5 CTF Solving 'pdf.exe' Insane web from 0xl4ugh v5 CTF, featuring two 0days: a Next.js SSRF and a PDFKit file-read vulnerability. 0xL4ugh CTFwebinsane@00xcanelo
Writeup GDG BENHA CORE-TEAM CTF hi there, back after a while , but this time as an author not a player 😁 i am happy to be an author for the GDG Benha core team ctf competition , this comptetion was amazing , shoutout to all the people who participated. GDG BENHA CTFosintmedium@abdelrahman_a996
2025
Writeup Night at the Museum Chaining a path-traversal in an admin bot's QR-scan handler with an over-trusted promote endpoint to escalate a normal user to admin and reach the flag room. FahemSecwebmedium@0xspongee
Writeup BugZzzz | Fahemsec Solving 'BugZzzz' challenge from Fahemsec, where you can only register with @fahmsec.ctf but the problem you are provided with mail @example.com so you can receive the confirm mail for the user@fahemsec.ctf — solving it involves bypassing access control using email address parsing research. FahemSecwebmedium@00xcanelo
Writeup Neurogrid HTB CTF — 3/4 DFIR Solves and a Lot of Lessons Here we will be solving 3/4 DFIR for HTB CTF it was a solo one and I ranked 74# not the best but I focused more on Forensics so lets start Manual (very easy) Challenge description: When a courier is found ash-faced on the cedar road, Shiori Hack The Box CTFforensicsmedium@mhmoud1230
Writeup HTB — Neurogrid CTF يَا أَيُّهَا النَّاسُ أَنتُمُ الْفُقَرَاءُ إِلَى اللَّهِ وَاللَّهُ هُوَ الْغَنِيُّ الْحَمِيدُ اللهم صلي و سلم و بارك علي سيدنا محمد. Hack The Box CTFreversemedium@binbash_is_hacker
Writeup OhMyPP Web challenge | PWNSEC CTF 2025 Solving a web challenge exploiting prototype pollution to achieve the intended goal. PWNSEC CTFwebhard@00xcanelo
Writeup CyCTF 2025 Quals — DFIR Write-up This year I played CyCTF 2025 Quals and managed to solve two DFIR challenges. CyCTFforensicsmedium@mhmoud1230
Writeup Connectors CTF Finals 2025 | Reverse Challenges Solving all rev challenges Connectors CTFreversemedium@abdelrahman9969
Writeup IEEE Mansoura CTF Qualifications 2025 Solving three web challenges from IEEE Mansoura CTF Qualifications 2025, featuring exploitation techniques such as XSS, CSP bypass, admin bot abuse, and Bottle cookie deserialization/RCE. IEEE Mansoura CTFwebhard@agn4by
Writeup IEEE Mansoura Qualifications 2025 Solving three web challenges from IEEE Mansoura CTF Qualifications 2025, featuring exploitation techniques such as XSS, CSP bypass, admin bot abuse, and Bottle cookie deserialization/RCE. IEEE Mansoura CTFwebhard@agn4by
Writeup All Web & MISC Challenges IEEE CTF 2025 Solving all web challenges from IEEE CTF Qualifications 2025, covering XSS CSP bypass, RCE via Pickle deserialization, XSS through prototype pollution, blind SQLi unintended solutions, and misc stego/commit investigation. IEEE Mansoura CTFwebhard@00xcanelo
Writeup cat flag.png Solving the web challenge 'cat flag.png' from Connectors CTF 2025 — exploiting command injection to exfiltrate a hidden flag image via hex-encoded binary data over DNS queries using Interactsh. Connectors CTFwebmedium@babayaga0x01
Writeup [Tob] WEB challenge Bypassing a broken XSS filter in a context using JavaScript hoisting to defeat a ReferenceError guard, then exfiltrating the admin bot's cookies via Burp Collaborator. Helwan CTFwebhard@0xspongee
Writeup Connectors' CTF RE writeup Starwars2 and Rusty challengs writeup from Connectors CTF finals. Connectors CTFreversemedium@rekka_1165
Writeup All Web Challenges Connectors CTF | منتخب القهوة Solving all web challenges from Connectors CTF Qualifications, which includes bugs like logical bugs, XSS via PDF, etc. Connectors CTFwebhard@00xcanelo
Writeup All Web Challenges Connectors CTF| منتخب القهوة Solving all web challenges from Connectors CTF Qualifications, which includes bugs like Logical bugs, XSS via PDF,etc... Connectors CTFwebhard@00xcanelo
Writeup CONCTF 25 QUALS OSINT ChALLENGES hi there , this is me abdelrahman ahmed (aka 0x2face ) , and i play osint / steganagoraphy / web challenges in ctfs , but in this ctf my main focus was osint challenges and i successfully solved all of them. Connectors CTFosintmedium@abdelrahman_a996
Writeup CAT CTF 25 DFIR Write-up Hey folks, Today, we’ll be walking through the Forensics challenges I’ve tackled at CAT CTF 25, Insha’allah. CAT CTFforensicsmedium@_og13_
Writeup CAT Reloaded CTF — CATF 2025–DFIR Challenges I participated in the CAT CTF , an exciting and practical event. CAT Reloaded CTFforensicsmedium@mhmoud1230
Writeup Stylish-Boss Exploiting CSS injection and command injection to bypass CSP and steal admin API keys, leading to full system compromise in a web challenge. CAT Reloaded CTFwebmedium@babayaga0x01
Writeup ASC Cyber WarGames Qualifications 2025 Solving three web challenges from ASC Cyber WarGames 2025 Qualifications, covering exploitation techniques such as IDOR, JWT forgery, SQL injection, race conditions, and Phar deserialization. ASC Cyber WarGameswebhard@agn4by
Writeup ASCWG 25 OSINT Challenges Hello, I’m Abdelrahman Ahmed (aka 2FACE), and i participated for the first time with my team “Liel0x1" in the ASCWG 2025 and i am proud to share that we made it to the top 20 out of 443 teams. ASC Cyber WarGamesosintmedium@abdelrahman_a996
Writeup ICMTC CTF 2025 Finals بسم الله الرحمن الرحيم Hey Hackers, backed again with some challenges i solved second round of the competition. ICMTC CTFreversemedium@binbash_is_hacker
Writeup L3AK CTF 2025 OSINT Challenges (5/8) I’m Abdelrahman Ahmed (aka 2FACE ), and this is my writeup for the L3ak CTF 2025 OSINT challenges . L3AK CTFosintmedium@abdelrahman_a996
Writeup L3akCTF 2025 Forensics Write-up Hey folks, Today, we’ll be walking through the Forensics challenges I’ve tackled in L3akCTF 2025, Insha’allah. L3AK CTFforensicsmedium@_og13_
Writeup ICMTC CTF 2025 بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ Hi guys, hope you are fine. ICMTC CTFreversemedium@binbash_is_hacker
Writeup CyberGames 2025 Reverse engineering write-up CyberGames 2025 Reverse write-up in this write-up i will solve 2 series called “sanity checker” & “connection checker” , each one consists of 3 challenges. ASC Cyber WarGamesreversemedium@abdelrahman_a996
Writeup CyberGames 2025 Forensics Write-up CyberGames 2025 Forensics Writeup this is my writeup for how i solved the bastion series , eugene fatigue series and the frustrating compression challenge from chronicles of greg series. lets start … ASC Cyber WarGamesforensicsmedium@abdelrahman_a996
Writeup CyberGames 2025 OSINT Challenges Suspect tracking - Digital Trail challenges write-up ASC Cyber WarGamesosintmedium@abdelrahman_a996
Writeup All OSINT challenges-Global Cyber Skills Benchmark CTF 2025 First challenge: Map Volnaya’s Industrial Influence Network What should we do here is to Identify the shell company used by Volnaya Corporation (SVIR) to procure and deploy Industrial Control System (ICS) components for their attacks. Hack The Box CTFosintmedium@mhmoud1230
Writeup The Nexus Breach- Forensics Challenge-Global Cyber Skills Benchmark CTF 2025 Challenge Description: In an era fraught with cyber threats, Talion “Byte Doctor” Reyes, a former digital forensics examiner for an international crime lab, has uncovered evidence of a breach targeting critical systems vital to national inf Hack The Box CTFforensicsmedium@mhmoud1230
Writeup Cyber Apocalypse CTF 2025: Tales from Eldoria After Party All OSINT Challenges → Ch(1): The Poisoned Scroll Challenge Description: Nyla, Eldoria’s master information seeker, investigates a series of magical attacks on Germinia’s ruling council. Hack The Box CTFosintmedium@mhmoud1230
