Personal CTF archive · by zeba

CTF Writeups

I'm zeba. This is where I document the CTF challenges I've solved — my approach, the exploit scripts, and notes on what worked. All my own writeups, kept here for reference.

Latest: BSides Vilnius 2026 Browse by tag GitHub

4Competitions

19Writeups

6Categories

1stBest Finish

Competitions

•   BSides Vilnius 2026

  ---

  Selected writeups across web, pwn, reverse, and crypto — CSS exfiltration into AWS IAM, container escapes, RSA/TLS, and PE reversing.

  Browse writeups

•   Mārtiņa-CTF 2025

  ---

  1st place (Remote) — 12 personal solves. Blind SQL injection, WAF bypass, and Git history exploitation.

  Browse writeups

•   ECSC 2025

  ---

  European Cybersecurity Challenge — PHP type juggling to webshell, and Bluetooth HID PCAP reconstruction.

  Browse writeups

•   openECSC 2025

  ---

  21 challenges solved, 14th place. CSP/Trusted-Types bypasses, prototype pollution, ROP, APNG stego, and more.

  Browse writeups

Categories

•   Web Exploitation

  ---

  SQLi, XSS, SSRF, CSP & Trusted-Types bypass, CRLF injection, prototype pollution, CSS exfiltration, cloud/IAM abuse.

•   Binary Exploitation

  ---

  Buffer overflows, ROP chains, function-pointer hijacking, libc leaks, and container escapes.

•   Cryptography

  ---

  RSA shared-prime attacks, TLS session decryption, CRC forgery, and linear algebra over GF(2).

•   Stego & Forensics

  ---

  APNG frame analysis, PCAP reconstruction, and hidden-data extraction.

•   Reverse Engineering

  ---

  Windows PE analysis, byte-transform inversion, and gated-binary recovery.

•   Miscellaneous

  ---

  Docker registry enumeration, Git history analysis, Linux privesc, and Ruby regex oracles.

---

Disclaimer & License

All materials are provided for educational and research purposes only — use responsibly and respect CTF competition rules. Licensed under the MIT License.