✕

Learning Resource

The more I know, I don't know.

BSidesTLV 2025: Avengers Query Language CTF Writeup

When S.H.I.E.L.D. leaks classified intel through GraphQL Introspection.

Posted on December 19, 2025

Continuing with my contributions to BSidesTLV 2025, I developed a challenge called “Avengers Query Language”. [Read More]

Tags: CTF Web BSidesTLV GraphQL Introspection API-Security

BSidesTLV 2025: Avengers Mail CTF Writeup

The challenge that left the Avengers (and the players) hanging: Mail Confusion.

Posted on December 19, 2025

This weekend, I had the pleasure of contributing a Web challenge to BSidesTLV 2025 titled “Avengers Mail”. [Read More]

Tags: CTF Web BSidesTLV Mail-Confusion RFC2047 UTF-7 BSidesTLV2025 BSides

My 1st CVE on Dell

CVE-2022-34389, Impersonate a legitimate dell customer to a dell support technician.

Posted on April 28, 2023

This CVE resulted from a product study project I conducted with the one and only: Gad Abuazira

[Read More]

Tags: CVE rate_limit CVE-2022-34389

KITCTF - Cloudwhere

Whitebox web ctf

Posted on March 2, 2023

[Read More]

Tags: NodeJs Web CTF whitebox

Basic web security mechanisms

Explanation of CSP, SOP and CORS

Posted on January 21, 2023

Intro

[Read More]

Tags: CSP SOP CORS

Older Posts →