Nitectf Web un(documented)-js-api DOM clobbering, domain takeovers, shared process slowdowns, and CSS exfiltration, oh my!
Wreckctf Web password-3 A quick but interesting proof-of-concept demonstrating that security by obscurity does not and will never work. Even if you don’t show reflected feedback from SQL commands, your database is still not safe.
Sekaictf Web Bottle Poem For this web challenge, we had to utilize two different exploits to get the flag – and one of them wasn’t a web exploit!
Sekaictf Web Issues: Another JWT Challenge Oh, JWTs. A well-intentioned standard, for sure – but my god, the number of implementation mistakes you can make.