Latest blog posts

Cursed Secret Party - HTB Hack The Boo CTF 2022
Cursed Secret Party - HTB Hack The Boo CTF 2022
Exploiting blind XSS to steal the cookie of the admin with CDN Content Security Policy (CSP) bypass.
Halloween Invitation - HTB Hack The Boo CTF 2022
Halloween Invitation - HTB Hack The Boo CTF 2022
Investigating a suspicious Word document to figure out what malicious VBA macros are run.
Intigriti 0522 — XSS Challenge Writeup (XSS through prototype pollution)
Intigriti 0522 — XSS Challenge Writeup (XSS through prototype pollution)
In this blog post, I am going to walk through Intigriti’s May 2022 XSS challenge. I will explain how prototype pollution can be used to bypass a client-side HTML sanitizer to get XSS.
Acnologia Portal - HTB Cyber Apocalypse CTF 2022
Acnologia Portal - HTB Cyber Apocalypse CTF 2022
A HackTheBox web challenge where we need to exploit insecure file extraction and XSS to gain remote code execution (RCE) on the webserver.
Intigriti 0921 — XSS Challenge Writeup (XSS through namespace confusion)
Intigriti 0921 — XSS Challenge Writeup (XSS through namespace confusion)
In this blog post, I am going to walk through Intigriti’s September XSS challenge by @BugEmir and Pepijn van der Stap. I will explain how I approached and solved this challenge.