Writeups

A collection of my CTF notes and walkthroughs.

2026

K-Vault Cyberspace.ma — Writeup

Exploit a Linux kernel stack overflow in /dev/vault with ret2usr to become root and read the flag.

0 0xAsta
May 3, 2026
4 min read

pwn kernel linux stack-overflow ret2usr
From Recon to Database — Seven Bugs on a Gov website

How a single public log file, an exposed .git, a committed SQL dump, and an addslashes-only AJAX handler chained into full PII disclosure on a government-sector VDP engagement.

0 0xAsta
April 21, 2026
7 min read

bug-bounty web sqli information-disclosure laravel wordpress
b01lers CTF — throughthewall Writeup

Exploit a Linux kernel firewall module use-after-free and turn reclaimed pipe buffers into a Dirty Pipe style /etc/passwd overwrite.

0 0xAsta
April 19, 2026
4 min read

pwn kernel linux
KalmarCTF Astralogy — Writeup

Abusing Astral's zero-length iovec validation bug to get arbitrary kernel read/write and overwrite current process credentials.

0 0xAsta
March 28, 2026
11 min read

pwn kernel osdev iovec qemu
Pwn Writeups — TAMUctf26

The Five pwn challenge that were in TAMUctf26

0 0xAsta
March 24, 2026
14 min read

pwn heap rop mips aarch64
DiceCTF26 Mirror Temple Challenges — Writeup

Two web challenges from diceCTF 2026 that both hinge on an authenticated admin bot visiting attacker-controlled URLs with insufficient scheme validation.

0 0xAsta
March 8, 2026
4 min read

web xss puppeteer
srdnlenCTF 2026 The Legendary Armory (Chapter II) — Writeup

Extract an 86Box emulator's guest RAM from a Windows minidump, locate a RAMDRIVE filesystem in volatile memory, XOR-decrypt a ZIP containing a ZZT game world, and read the flag hidden as invisible black text tiles on the Armory board.

0 0xAsta
March 1, 2026
6 min read

forensics memory-dump minidump 86box ramdrive xor zzt
Secret Intern Service — Writeup

Exploit a stack overflow with a crash-based libc leak, then use LFI in Secret File Viewer to fetch the exact remote libc and land ret2libc.

0 0xAsta
February 21, 2026
3 min read

pwn linux ret2libc lfi
Warden 0xFun26 — Writeup

Escape a restricted Python jail by loading `posix` without `import`, then bypass a seccomp user-notify path blacklist via a symlink open.

0 0xAsta
February 14, 2026
6 min read

pwn linux seccomp python
Power of Statistics — Writeup

Once upon a time people thought that a crypto algorithm is secure if the math is secured. But little did they know that we also have physics!!! Can you break this crypto device and retrieve the encrypted flag?

0 0xAsta
February 6, 2026
2 min read

hardware side-channel cpa sbox firmware reversing
Armor FlagYard — Writeup

Exploit an AArch64 stack overflow with ret2csu to leak libc and execute system().

0 0xAsta
February 2, 2026
4 min read

pwn binary stack-overflow aarch64 ret2csu libc-leak
Try&Try FlagYard — Writeup

Exploit a stack overflow with canary bypass to ret2win and read the flag.

0 0xAsta
January 29, 2026
4 min read

pwn binary stack-overflow canary ret2win
LMAy FlagYard — Writeup

Exploit Python Insecure Deserialization in a YAML parser to bypass a blind RCE environment and exfiltrate data via static files.

0 0xAsta
January 3, 2026
3 min read

web python yaml deserialization blind-rce

2026

K-Vault Cyberspace.ma — Writeup

From Recon to Database — Seven Bugs on a Gov website

b01lers CTF — throughthewall Writeup

KalmarCTF Astralogy — Writeup

Pwn Writeups — TAMUctf26

DiceCTF26 Mirror Temple Challenges — Writeup

srdnlenCTF 2026 The Legendary Armory (Chapter II) — Writeup

Secret Intern Service — Writeup

Warden 0xFun26 — Writeup

Power of Statistics — Writeup

Armor FlagYard — Writeup

Try&Try FlagYard — Writeup

LMAy FlagYard — Writeup

2025

Ralia ASIS CTF 2025 Finals — Writeup

Rick's Gallery ASIS CTF 2025 Finals — Writeup

NullCTF 2025 We go gambling – revenge

FlagYard Locker — Writeup

amateursCTF 2025 Easy Heap — Writeup

Brainrot Binary M*CTF 2025 Quals — Writeup

OhMyQl — Full Writeup

FlagYard babyauth — Writeup

FlagYard mutedShell V1 → V2 — Deep-Dive Writeup

BuckeyeCTF 2025 character-assassination — Full Writeup

HTB FlagCasino — Full Writeup

HTB Low Logic — Writeup

SpookyCTF Gr33t1ng5_Pr0f3550r_F@lk3n — Full Writeup

Deadface 2025 EpicSales — Full Writeup