Writeups

From a popped shell to full Kubernetes cluster compromise — exploiting GCP metadata, kubelet credentials, and CSR auto-approval to bypass RBAC.

Recovering a hidden file from a RAR v5 archive by patching a service header into a file header.

Exploiting a race condition in database writes and a checksum oracle to brute-force a secret file character by character.

Abusing Python’s floating point arithmetic to forge JWT-like tokens — when float(‘inf’) meets type juggling.

Exploiting a format string vulnerability to leak the canary and libc, then ROP to shell via a buffer overflow in a password manager binary.

Re-entrancy attack on a Solidity smart contract — bypassing extcodesize checks and draining tokens from a fake ad service.