CTF

Capture The Flag writeups, walkthroughs, and challenge solutions.

VoidProtocol - Zinad CTF 2026

February 09, 2026 CTF

Writeup for VoidProtocol CTF challenge combining Go template injection with ujson unicode surrogate truncation to bypass security controls.

ssti go-templates json-parsing unicode web-exploitation

Back2Basics Web Writeup - CyberChampions Zinad CTF 2026

February 09, 2026 CTF

Writeup for the Back2Basics web challenge from the CyberChampions Zinad CTF 2026 — exploiting a buffer over-read to leak HMAC session keys and command injection for RCE.

buffer-overread command-injection jwt hmac web