Writeups

A collection of my CTF notes and walkthroughs.

2026

DiceCTF26 Mirror Temple Challenges — Writeup

Two web challenges from diceCTF 2026 that both hinge on an authenticated admin bot visiting attacker-controlled URLs with insufficient scheme validation.

0 0xAsta
March 8, 2026
4 min read

web xss puppeteer
srdnlenCTF 2026 The Legendary Armory (Chapter II) — Writeup

Extract an 86Box emulator's guest RAM from a Windows minidump, locate a RAMDRIVE filesystem in volatile memory, XOR-decrypt a ZIP containing a ZZT game world, and read the flag hidden as invisible black text tiles on the Armory board.

M Mohammed-Amine Bouaafia
March 1, 2026
6 min read

forensics memory-dump minidump 86box ramdrive xor zzt
Secret Intern Service — Writeup

Exploit a stack overflow with a crash-based libc leak, then use LFI in Secret File Viewer to fetch the exact remote libc and land ret2libc.

0 0xAsta
February 21, 2026
3 min read

pwn linux ret2libc lfi
Warden 0xFun26 — Writeup

Escape a restricted Python jail by loading `posix` without `import`, then bypass a seccomp user-notify path blacklist via a symlink open.

0 0xAsta
February 14, 2026
6 min read

pwn linux seccomp python
Power of Statistics — Writeup

Once upon a time people thought that a crypto algorithm is secure if the math is secured. But little did they know that we also have physics!!! Can you break this crypto device and retrieve the encrypted flag?

0 0xAsta
February 6, 2026
2 min read

hardware side-channel cpa sbox firmware reversing
Armor FlagYard — Writeup

Exploit an AArch64 stack overflow with ret2csu to leak libc and execute system().

0 0xAsta
February 2, 2026
4 min read

pwn binary stack-overflow aarch64 ret2csu libc-leak
Try&Try FlagYard — Writeup

Exploit a stack overflow with canary bypass to ret2win and read the flag.

0 0xAsta
January 29, 2026
4 min read

pwn binary stack-overflow canary ret2win
LMAy FlagYard — Writeup

Exploit Python Insecure Deserialization in a YAML parser to bypass a blind RCE environment and exfiltrate data via static files.

0 0xAsta
January 3, 2026
3 min read

web python yaml deserialization blind-rce

2026

DiceCTF26 Mirror Temple Challenges — Writeup

srdnlenCTF 2026 The Legendary Armory (Chapter II) — Writeup

Secret Intern Service — Writeup

Warden 0xFun26 — Writeup

Power of Statistics — Writeup

Armor FlagYard — Writeup

Try&Try FlagYard — Writeup

LMAy FlagYard — Writeup

2025

Ralia ASIS CTF 2025 Finals — Writeup

Rick's Gallery ASIS CTF 2025 Finals — Writeup

NullCTF 2025 We go gambling – revenge

FlagYard Locker — Writeup

amateursCTF 2025 Easy Heap — Writeup

Brainrot Binary M*CTF 2025 Quals — Writeup

OhMyQl — Full Writeup

FlagYard babyauth — Writeup

FlagYard mutedShell V1 → V2 — Deep-Dive Writeup

BuckeyeCTF 2025 character-assassination — Full Writeup

HTB FlagCasino — Full Writeup

HTB Low Logic — Writeup

SpookyCTF Gr33t1ng5_Pr0f3550r_F@lk3n — Full Writeup

Deadface 2025 EpicSales — Full Writeup