archive

technical writings

Only actual writeups live here. Projects stay on the homepage where they belong.

FamPay CTF Writeups Six challenge writeups covering access control, Firebase, App Check, native signing, JWT alg:none, mobile reversing, and cloud metadata abuse 01 THE LIBRARY Secret left inside native app code 02 THE DATABASE Firebase anonymous auth and exposed database path 03 THE VAULT App Check debug token and trusted app identity 04 THE ENDPOINT Native request signing and admin-only clearance 05 THE VAULT DOOR JWT role bypass using alg:none 06 THE CLOUD Debug webhook SSRF to IMDSv2 and S3 SantaCloud Intigriti Web Challenge Write-Up From sensitive file exposure to IDOR / Broken Object Level Authorization