// blog

Security Research & Writeups

CTF challenge walkthroughs, machine writeups, vulnerability research, and security tooling deep-dives. All from the offensive perspective of Not0Day.

CTF Writeup

HTB Cyber Apocalypse 2024 — LockTalk Writeup

Deep-dive into a JWT algorithm confusion attack combined with SSRF for remote code execution on the backend Flask application.

JWTSSRFRCEHackTheBox
Read writeup →
CTF Writeup

PicoCTF 2024 — heap3 Writeup

Exploiting a heap overflow vulnerability using tcache poisoning for arbitrary write to achieve code execution.

HeapBinary ExploitationTcachePicoCTF
Read writeup →
CTF Writeup

DEFCON CTF Quals 2024 — k-smallest Writeup

Lattice-based attack using LLL reduction to recover a DSA private key from biased nonces in a custom signing oracle.

LatticeCryptographyDSALLL
Read writeup →
Machine Walkthrough

HTB Rebound — Full Domain Compromise Walkthrough

A deep-dive into the Insane-rated Rebound machine: Kerberoasting, cross-forest trust abuse, and shadow credentials to compromise the entire domain.

Active DirectoryKerberosWindowsHackTheBox
Read writeup →
CTF Writeup

Google CTF 2024 — gradebook Writeup

Chaining prototype pollution with a vm2 sandbox escape for RCE in a Node.js gradebook application.

Node.jsPrototype PollutionRCEJavaScript
Read writeup →
Forensics

HTB Sherlock: Logjammer — Forensics Walkthrough

Tracing lateral movement through Windows event logs, identifying the initial access vector, and recovering attacker TTPs.

DFIRWindowsEvent LogsHackTheBox
Read writeup →