Writeups & Blog

CTF solutions, security research, and technical notes

SunshineCTF 2025: Lunar Shop — SQL Injection Writeup

Extracting the flag from a vulnerable product catalog using a UNION-based SQL injection in the 'product_id' parameter, without fuzzing or brute forcing.

October 26, 2025

Forensics490 pts

SunshineCTF 2025: Remotely Interesting — Forensics Walkthrough

Memory forensics on a Desktop Window Manager (dwm.exe) dump to reconstruct what a victim saw during a suspected RDP compromise.

October 26, 2025