All Posts

This is the writeup for the snykCTF 2022 which provided so many interesting web challenges. I take it as an opportunity to learn more about various web security topics which is why I spend time going through all the challenges again. I hope you find this writeup informative and enjoyable!

Another writeup for the really interesting CTF game I played last weekend! Luckily to find a prototype pollution challenge in the game.

This blog aims to summarize everything about the javascript-specific vulnerability - prototype pollution: necessary knowledge about javascript, what is the prototype and prototype chain, how to exploit the prototype pollution vulnerability and several CTF challenges related to the prototype pollution which might help in understanding all the stuff.

This blog is the writeup of the two pwn challenges, warmup1 and warmup2, which are provided in the recent Maple CTF 2022. Though they are just warmup, I think they are really interesting and kind of complex in terms of the second one, which are worth evaluation and summary.

本次比赛的题目质量非常高，但是比较遗憾的是只有一天时间而且在周中，所以在比赛中没有做出来很多题目。幸运的是，比赛结束后环境还会保存一段时间，所以我索性把所有PWN的题目都研究学习一番，希望可以查缺补漏、有所收获。