web ● medium
No JS | AlpacaHack
Solving 'No JS' web challenge in AlpacaHack, the challenge involves client-side attack
Client Side
@00xcanelo // AlpacaHack
Read →Practical CTF Writeups
Post-competition solutions covering the techniques, reasoning, and key decisions behind each challenge.
osint ● hard
The Curator's Exit
Solving the OSINT challenge from CTF@CIT 2026 — cracking a password-protected PDF, performing username enumeration, and investigating target profiles across...
OSINT
@babayaga0x01 // CTF@CIT
Read →
osint ● hard
Toxique Osint Challenge
hi there, it 0x2face with another osint challenge , but this time as challenge author for the knights of the fury ctf competition.
@abdelrahman_a996 // Toxique CTF
Read →
pwn ● medium
bytes pwn challenge from CyCTF Luxor (How to make exit syscall leak from memory)
If you want to download the challenge and try to solve it by yourself this is the link for the challenge: Analysis First I make checksec to check the...
reverse-engineering binary-exploitation
@k45w4ra // CyCTF
Read →
web ● medium
CyCTF Luxor 2026 | web Finals
Solving 'Season' web challenge in CyCTF Luxor CTF 2026 Finals, the challenge involves bypassing weak XXE validation and uploading a shell in php for rce
XXE PHP file upload RCE
@00xcanelo // CyCTF
Read →
web ● easy
CAT CTF 26 — Entry Level
Solving all web challenges for CAT CTF 26 — Entry Level, covering bugs like LFI, SSTI, DOMPurify bypass, lfi2rce, and SSRF via EC2 metadata service.
LFI SSTI API Dom purify bypass
@00xcanelo // CAT Reloaded CTF
Read →
crypto ● medium
CAT CTF 26 Jail/misc/crypto Challenges
it is 0x2face with another writeup , this one will be about the linux jails , mic challenges , crypto challenges i created in CAT CTF entry Level CTF 26 , lets...
@abdelrahman_a996 // CAT Reloaded CTF
Read →
osint ● medium
CAT Entry Level CTF 26 OSINT Challenges
it’s 0x2face with another cool osint writeup , but this time as a challenge Author , i am happy to contribute to CAT Reloaded entry level CTF AS An Author this...
@abdelrahman_a996 // CAT Reloaded CTF
Read →
mobile ● hard
CyCTF Luxor 2026 | Mobile Writeup
Solving the Android track of CyCTF Luxor — extracting a token from exported SharedPreferences, recovering an AES-ECB key from the signing cert, and forging a...
android reverse-engineering binder-ipc shared-preferences aes
@0xspongee // CyCTF
Read → web ● hard
CyCTF Luxor web Qualifications
Solving all web challenges in CyCTF Luxor Qualifications, covering a mix of Next.js, race condition, and CRLF issues.
nextjs race condition CRLF
@00xcanelo // CyCTF
Read →
pwn ● medium
bil pwn challenge from CyCTF Luxor
Analysis First I made checksec to check the mitigations on the binary checksec ./apppatched Arch: amd64-64-little RELRO: Full RELRO Stack: No canary found NX:...
binary-exploitation exploit-development
@k45w4ra // CyCTF
Read →
osint ● medium
0xfun osint challenges
hi there hackers, it’s 0x2face with another Osint ctf writeup , this time it’s from 0xfun ctf , i am proud to share that our team M0nt5ab El2hwa secured 9th...
@abdelrahman_a996 // 0xfun CTF
Read →
web ● medium
0xL4ugh CTF — Smol Web
Smol Web بسم الله الرحمن الرحيم Hello Hackers, I’m !/bin/bash , back again with some web challenges from 0xl4ugh ctf 2025 edition.
@binbash_is_hacker // 0xL4ugh CTF
Read →
osint ● hard
Clowns_APT | 0xL4ugh CTF 2026
An OSINT investigation starting from a single ransom image left on a Node.js developer machine. Trace the attacker across all platforms to uncover an attack...
OSINT
@babayaga0x01 // 0xL4ugh CTF
Read →
reverse ● medium
Egypt National Cybersecurity CTF 2025 | Tick Tock Malware Reverse Engineering Write up
1- Challenge Idea The Program TickTock.exe does the following: Builds an array of numbers from 1 to 105 as bytes Randomly selects 32 bytes from it → this...
malware-reversing reverse-engineering malware-analysis
@k45w4ra // Egypt National Cybersecurity CTF
Read →
web ● medium
SSRF via Content-Type in Apache — Auditor
Solving “Auditor” challenge from FahemSec, where SSRF was achieved through Apache Content-Type/header injection to reach an internal Flask service and retrieve...
Apache header injection
@agn4by // FahemSec
Read →
osint ● medium
0xL4ugh CTF V5 OSINT Challenges
hi there hackers, it 0x2face with another osint write-up , this time it is 0xl4ugh CTF V5 , the ctf was challenging , amazing and i had great experience from...
@abdelrahman_a996 // 0xL4ugh CTF
Read →
web ● insane
pdf.exe | 0xL4ugh v5 CTF
Solving 'pdf.exe' Insane web from 0xl4ugh v5 CTF, featuring two 0days: a Next.js SSRF and a PDFKit file-read vulnerability.
0day Nextjs pdfkit
@00xcanelo // 0xL4ugh CTF
Read →
osint ● medium
GDG BENHA CORE-TEAM CTF
hi there, back after a while , but this time as an author not a player 😁 i am happy to be an author for the GDG Benha core team ctf competition , this...
@abdelrahman_a996 // GDG BENHA CTF
Read →
web ● medium
Night at the Museum
Chaining a path-traversal in an admin bot's QR-scan handler with an over-trusted promote endpoint to escalate a normal user to admin and reach the flag room.
path-traversal privilege-escalation broken-access-control api
@0xspongee // FahemSec
Read →
web ● medium
BugZzzz | Fahemsec
Solving 'BugZzzz' challenge from Fahemsec, where you can only register with @fahmsec.ctf but the problem you are provided with mail @example.com so you can...
Research Access control bypass
@00xcanelo // FahemSec
Read →
forensics ● medium
Neurogrid HTB CTF — 3/4 DFIR Solves and a Lot of Lessons
Here we will be solving 3/4 DFIR for HTB CTF it was a solo one and I ranked 74 not the best but I focused more on Forensics so lets start Manual very easy...
dfir zoom htb ctf
@mhmoud1230 // Hack The Box CTF
Read →
reverse ● medium
HTB — Neurogrid CTF
يَا أَيُّهَا النَّاسُ أَنتُمُ الْفُقَرَاءُ إِلَى اللَّهِ وَاللَّهُ هُوَ الْغَنِيُّ الْحَمِيدُ اللهم صلي و سلم و بارك علي سيدنا محمد.
@binbash_is_hacker // Hack The Box CTF
Read →
web ● hard
OhMyPP Web challenge | PWNSEC CTF 2025
Solving a web challenge exploiting prototype pollution to achieve the intended goal.
Prototype pollution
@00xcanelo // PWNSEC CTF
Read →
forensics ● medium
CyCTF 2025 Quals — DFIR Write-up
This year I played CyCTF 2025 Quals and managed to solve two DFIR challenges.
ctf dfir cyctf
@mhmoud1230 // CyCTF
Read →
reverse ● medium
Connectors CTF Finals 2025 | Reverse Challenges
Solving all rev challenges
@abdelrahman9969 // Connectors CTF
Read →
web ● hard
IEEE Mansoura Qualifications 2025
Solving three web challenges from IEEE Mansoura CTF Qualifications 2025, featuring exploitation techniques such as XSS, CSP bypass, admin bot abuse, and Bottle...
CSP bypass XSS Bottle deserialization/RCE
@agn4by // IEEE Mansoura CTF
Read →
web ● hard
IEEE Mansoura CTF Qualifications 2025
Solving three web challenges from IEEE Mansoura CTF Qualifications 2025, featuring exploitation techniques such as XSS, CSP bypass, admin bot abuse, and Bottle...
CSP bypass XSS Bottle deserialization/RCE
@agn4by // IEEE Mansoura 2025
Read →
web ● hard
All Web & MISC Challenges IEEE CTF 2025
Solving all web challenges from IEEE CTF Qualifications 2025, covering XSS CSP bypass, RCE via Pickle deserialization, XSS through prototype pollution, blind...
blind sqli XSS CSP bypass RCE deserialization stegno
@00xcanelo // IEEE Mansoura CTF
Read →
web ● medium
cat flag.png
Solving the web challenge 'cat flag.png' from Connectors CTF 2025 — exploiting command injection to exfiltrate a hidden flag image via hex-encoded binary data...
Command Injection DNS Exfiltration
@babayaga0x01 // Connectors CTF
Read →![Cover image for [Tob] WEB challenge](https://cdn-images-1.medium.com/max/1024/1*HRxA5uclaiQTOQO54ZtQCA.png)
web ● hard
[Tob] WEB challenge
Bypassing a broken XSS filter in a context using JavaScript hoisting to defeat a ReferenceError guard, then exfiltrating the admin bot's cookies via Burp...
xss javascript-hoisting cookie-exfiltration bot
@0xspongee // Helwan CTF
Read →
reverse ● medium
Connectors' CTF RE writeup
Starwars2 and Rusty challengs writeup from Connectors CTF finals.
@rekka_1165 // Connectors CTF
Read →
web ● hard
All Web Challenges Connectors CTF| منتخب القهوة
Solving all web challenges from Connectors CTF Qualifications, which includes bugs like Logical bugs, XSS via PDF,etc...
Logical Bugs RCE Flask
@00xcanelo // Connectors CTF 2025
Read →
web ● hard
All Web Challenges Connectors CTF | منتخب القهوة
Solving all web challenges from Connectors CTF Qualifications, which includes bugs like logical bugs, XSS via PDF, etc.
Logical Bugs RCE Flask
@00xcanelo // Connectors CTF
Read → osint ● medium
CONCTF 25 QUALS OSINT ChALLENGES
hi there , this is me abdelrahman ahmed aka 0x2face , and i play osint / steganagoraphy / web challenges in ctfs , but in this ctf my main focus was osint...
@abdelrahman_a996 // Connectors CTF
Read →
forensics ● medium
CAT CTF 25 DFIR Write-up
Hey folks, Today, we’ll be walking through the Forensics challenges I’ve tackled at CAT CTF 25, Insha’allah.
ctf-walkthrough digital-forensics dfir ctf
@_og13_ // CAT CTF
Read →
forensics ● medium
CAT Reloaded CTF — CATF 2025–DFIR Challenges
I participated in the CAT CTF , an exciting and practical event.
ctf cats dfir
@mhmoud1230 // CAT Reloaded CTF
Read →
web ● medium
Stylish-Boss
Exploiting CSS injection and command injection to bypass CSP and steal admin API keys, leading to full system compromise in a web challenge.
Command Injection CSS Injection
@babayaga0x01 // CAT Reloaded CTF
Read →
osint ● medium
ASCWG 25 OSINT Challenges
Hello, I’m Abdelrahman Ahmed aka 2FACE, and i participated for the first time with my team “Liel0x1" in the ASCWG 2025 and i am proud to share that we made it...
@abdelrahman_a996 // ASC Cyber WarGames
Read →
web ● hard
ASC Cyber WarGames Qualifications 2025
Solving three web challenges from ASC Cyber WarGames 2025 Qualifications, covering exploitation techniques such as IDOR, JWT forgery, SQL injection, race...
sql-injection Phar Deserialization jwt race condition
@agn4by // ASC Cyber WarGames
Read →
reverse ● medium
ICMTC CTF 2025 Finals
بسم الله الرحمن الرحيم Hey Hackers, backed again with some challenges i solved second round of the competition.
icmtc-ctf ctf
@binbash_is_hacker // ICMTC CTF
Read →
forensics ● medium
L3akCTF 2025 Forensics Write-up
Hey folks, Today, we’ll be walking through the Forensics challenges I’ve tackled in L3akCTF 2025, Insha’allah.
ctf digital-forensics ctf-walkthrough dfir
@_og13_ // L3ak CTF
Read →
osint ● medium
L3AK CTF 2025 OSINT Challenges (5/8)
I’m Abdelrahman Ahmed aka 2FACE , and this is my writeup for the L3ak CTF 2025 OSINT challenges .
l3akctf ctf-writeup osint-investigation
@abdelrahman_a996 // L3AK CTF
Read →
reverse ● medium
ICMTC CTF 2025
بِسْمِ اللَّـهِ الرَّحْمَـٰنِ الرَّحِيمِ Hi guys, hope you are fine.
ctf cybersecurity
@binbash_is_hacker // ICMTC CTF
Read →
reverse ● medium
CyberGames 2025 Reverse engineering write-up
CyberGames 2025 Reverse write-up in this write-up i will solve 2 series called “sanity checker” & “connection checker” , each one consists of 3 challenges.
@abdelrahman_a996 // ASC Cyber WarGames
Read →
forensics ● medium
CyberGames 2025 Forensics Write-up
CyberGames 2025 Forensics Writeup this is my writeup for how i solved the bastion series , eugene fatigue series and the frustrating compression challenge from...
@abdelrahman_a996 // ASC Cyber WarGames
Read → osint ● medium
CyberGames 2025 OSINT Challenges
Suspect tracking - Digital Trail challenges write-up
@abdelrahman_a996 // ASC Cyber WarGames
Read →
osint ● medium
All OSINT challenges-Global Cyber Skills Benchmark CTF 2025
First challenge: Map Volnaya’s Industrial Influence Network What should we do here is to Identify the shell company used by Volnaya Corporation SVIR to procure...
ctf-writeup htb-writeup
@mhmoud1230 // Hack The Box CTF
Read →
forensics ● medium
The Nexus Breach- Forensics Challenge-Global Cyber Skills Benchmark CTF 2025
Challenge Description: In an era fraught with cyber threats, Talion “Byte Doctor” Reyes, a former digital forensics examiner for an international crime lab,...
htb-writeup
@mhmoud1230 // Hack The Box CTF
Read →
osint ● medium
Cyber Apocalypse CTF 2025: Tales from Eldoria After Party
All OSINT Challenges → Ch1: The Poisoned Scroll Challenge Description: Nyla, Eldoria’s master information seeker, investigates a series of magical attacks on...
ctf-writeup
@mhmoud1230 // Hack The Box CTF
Read →