BLOG

Security Research

CTF writeups · Web exploitation ·

Web Security Mar 18, 2026

Cracking DVAPI — A Beginner's Guide to the OWASP API Top 10

Full walkthrough of DVAPI covering all 10 OWASP API Security vulnerabilities. From BOLA and broken auth to SSRF and NoSQL injection, one endpoint at a time.

20 min Read post
CTF Writeup Mar 12, 2026

HTB CubeMadness1 — Pwn the Game, Capture the Flag

A GamePwn challenge where you collect 20 cubes in a map that only has 6. Spoiler: Cheat Engine, 3 addresses, done.

7 min Read post
CTF Writeup Mar 09, 2026

From LFI to RCE via Log Poisoning

Chaining a basic local file inclusion in a PHP app all the way to an interactive reverse shell using Apache log poisoning.

8 min Read post