07 Jan 2026
Modern software is built on layers of third-party dependencies, CI/CD tooling, and external services. Supply chain attacks exploit this trust by compromising components upstream, allowing malicious code to spread downstream into otherwise legitimate applications. The impact and frequency of these...
Supply Chain Attacks DevSecOps SAST GuardDog semgrep YARA PyPI npm
30 Dec 2025
Lately I’ve been investing a lot of time into TryHackMe’s Security Analyst path (SOC L1, SOC L2, Advanced Endpoint Investigations) in order to sharpen my blue teaming skills. DiskFiltration is a fun challenge that I came across today. Challenge Intro...
CTF Blue Team SOC DFIR
05 Nov 2025
GCP Pentest Lab is a vulnerable cloud environemnt designed to learn and exploit clouod misconfigurations and vulnerabilities. We will be jumping around the environemnt using different security flaws to uncover embedded flags left for us. Setup All we have to...
Cloud Security GCP CTF
28 Sep 2021
Introduction OWASP Juice Shop is probably the most modern and sophisticated insecure web application! It can be used in security trainings, awareness demos, CTFs and as a guinea pig for security tools! Juice Shop encompasses vulnerabilities from the entire OWASP...
CTF OWASP Web Security Access Control
08 Aug 2021
Description: Humanity has exploited our allies, the dart frogs, for far too long, take back the freedom of our lovely poisonous friends. Malicious input is out of the question when dart frogs meet industrialisation. Intro Toxic is a web challenge...
CTF HackTheBox Web Security LFI
07 Aug 2021
Description: Can you exploit this simple mistake? Intro Templated is a web challenge on HackTheBox. When we first visit the website we get this index page. Note that the website is powered by Flask and the Jinja2 python template engine....
CTF HackTheBox Web Security SSTI
06 Aug 2021
Scanning And Enumeration First, as usual, we run an Nmap scan to identify open ports and services. A web server is running on port 80, it’s hosting a one-page site with no functionality at all. it was clear to me...
CTF HackTheBox Security
23 Dec 2020
Challenge Text Introduction I’ve participated along with some friends in STACKS CTF which was organised by GovTech’s Cyber Security Group (CSG). The challanges were impressive and fun. I’ve been holding off on writing this one since I didn’t have the...
CTF Web Security JWT
28 Nov 2020
Krypton stealer first appeared on the scene last year on darkweb.cc and it was going for around $100. It’s an efficient, small sized, credential stealer targeting Windows users. The version of krypton stealer analysed here (one of the early versions)...
Malware Analysis Security Reverse Engineering
15 Sep 2020
Description: A develper is experiementing with different ways to protect their software. They have sent in a windows binary that is supposed to be super secure and really hard to debug. Debug and see if you can find the flag....
CTF Reverse Engineering HackTheBox
02 Sep 2020
Today I came across the simplest ransomware that I’ve ever seen, and it’s badly written too… So why not make it the subject of the 1st blog? Initial Analysis The binary’s size is 12 MB… kinda hard to distribute :)...
Malware Analysis Reverse Engineering Security