Spideyy

Web & App Security

N0PS CTF 2025 - Writeup

May 21, 2025

N0PS CTF Web Crypto Reversing Forensics Pwn OSINT

A comprehensive write-up of the N0PS CTF 2025 by Team NOVA, sharing insights and solutions for various challenges tackled during the competition.

How I Sweet-Talked a DNS Server into Giving Me the Flag (Nullcon Goa HackIM 2025 CTF)

February 2, 2025

NSEC DNSSEC CTF Digging-for-Flags

A thrilling tale of me vs. a DNS server, where a little NSEC-walking magic turned a stubborn server into a snitch.

The Mystery of 127.0.0.1, 0.0.0.0, and localhost

January 28, 2025

localhost 0.0.0.0 loopback networking servers

A simple and clear explanation of the differences between 127.0.0.1, 0.0.0.0, and localhost, with practical use cases for Python developers.

Web Challenge IRIS CTF 2025 - Political

January 6, 2025

ctf web-security challenge injection url-encoding puppeteer

A detailed walkthrough of the Political web challenge from IRIS CTF 2025, covering token validation, admin cookie exploitation, and URL encoding techniques.

Understanding window postMessage and Its XSS Risks

December 10, 2024

window-postmessage xss javascript security web-security

An in-depth look at the risks of using window postMessage and how improper use can lead to XSS vulnerabilities.