DefCamp Quals 2024 — CTF Infrastructure Vulnerability
From a popped shell to full Kubernetes cluster compromise — exploiting GCP metadata, kubelet credentials, and CSR auto-approval to bypass RBAC.
Augusto
LA CTF 2024 — Jason Web Token
Abusing Python’s floating point arithmetic to forge JWT-like tokens — when float(‘inf’) meets type juggling.