← Back to Categories

Cybersecurity

Showcasing web exploitation writeups and challenges I personally created.

HTCOTB2026 CTF: HeartMail 1.0

HTCOTB2026 CTF: HeartMail 1.0

February 2026

A custom web CTF challenge featuring basic SQL Injection to uncover hidden emails and an SSH server login to retrieve the final flag.

HTCOTB2026 CTF: Cupid's Secret Message

HTCOTB2026 CTF: Cupid's Secret Message

February 2026

A custom Valentines + ILOVEYOU Virus themed CTF web exploitation challenge I developed for the University of Alberta's Cybersecurity Club, showcasing an Insecure Direct Object Reference (IDOR) vulnerability.

PicoCTF: SOAP

PicoCTF: SOAP

October 2025

A write-up on exploiting an XML External Entity (XXE) vulnerability through a SOAP endpoint to perform Local File Inclusion.

PicoCTF: 3v@l

PicoCTF: 3v@l

September 2025

Exploiting a Python eval() vulnerability by bypassing regex blacklists to achieve Remote Code Execution.

PicoCTF: No Sql Injection

PicoCTF: No Sql Injection

September 2025

A write-up on exploiting a NoSQL injection vulnerability in a MongoDB-backed Express application to bypass authentication.

PicoCTF: SSTI1

PicoCTF: SSTI1

September 2025

A walkthrough of a Server-Side Template Injection in Jinja2, escaping the sandbox to achieve Remote Code Execution.