A full pwn write-up of the HTB box "FireFlow", chaining an unauthenticated Langflow RCE (CVE-2026-33017), credential looting from environment variables, a JWT 'none' algorithm bypass on an internal MCP AI Tool Registry, malicious tool registration for in-cluster RCE, and Kubernetes nodes/proxy abuse via kubelet /exec to read the root flag from a privileged node-exporter pod.

Reverse engineering write-up for the HTB challenge "rev_dudsat" - recovering a flag hidden in the residuals of satellite telemetry by reconstructing a permutation table built at process startup.

HTB reversing write-up. Outer ELF is a decoy; the real entry point lives in a hidden RWE segment with no section header, jumps into a DEFLATE-packed nested ELF, which mmap-XORs a 62-byte bytecode for a stack VM, which runs a tiny DFT magnitude check whose output bitmap, packed MSB-first, is the flag.

SANDY is a Huntress 2025 CTF reverse engineering challenge where you analyze a malicious binary, uncover its logic, and extract the hidden flag.

Reverse engineering RC4 in Windows malware using SystemFunction032 to extract keys and decrypt the payload.

NahamCon2025 CTF Malware Reversing Challenge

A PowerShell toolkit that automates enabling TCP/IP, adding -T7806, enabling the DAC, and decrypting SQL Server linked-server passwords - for legal, authorized use only.