BLOG

Security Research

CTF writeups · Web exploitation ·

CTF Writeup Mar 09, 2026

From LFI to RCE via Log Poisoning

Chaining a basic local file inclusion in a PHP app all the way to an interactive reverse shell using Apache log poisoning.

8 min Read post
Web Security Feb 21, 2026

SSTI to RCE: Bypassing Jinja2 Filters

A deep dive into server-side template injection in a Flask app — finding, exploiting, and crafting filter-bypass payloads.

10 min Read post