Collection of Capture The Flag writeups and walkthroughs covering a range of offensive security topics. Each writeup documents the full attack methodology: reconnaissance, vulnerability identification, exploitation, and lessons learned.
The goal is not just to solve challenges, but to explain the reasoning behind every step.
| Category | Description |
|---|---|
| Web Exploitation | SQL injection, XSS, SSRF, authentication bypass, file upload vulnerabilities |
| Privilege Escalation | Linux and Windows privilege escalation techniques, misconfigurations, SUID/SGID abuse |
| Forensics | Disk forensics, memory analysis, log investigation, file carving |
| Cryptography | Weak ciphers, encoding flaws, RSA attacks, hash cracking |
| Reverse Engineering | Binary analysis, disassembly, malware analysis, patching |
| Network | Packet capture analysis, protocol exploitation, traffic decryption |
| Misc | OSINT, steganography, scripting challenges, and anything else |
Every writeup follows a consistent structure:
- Challenge Info - name, platform, category, difficulty
- Reconnaissance - initial enumeration and information gathering
- Analysis - identifying the vulnerability or weakness
- Exploitation - step-by-step walkthrough with commands and screenshots
- Post-Exploitation - flags, persistence, lateral movement (where applicable)
- Lessons Learned - key takeaways, tools used, what could be done differently
A template is available at TEMPLATE.md.
All challenges documented here come from legal CTF platforms (TryHackMe, HackTheBox, PicoCTF, etc.) or are self-hosted lab environments for educational purposes. No real-world systems were targeted.