Combining existing research with my own experiments to create a realistic proof of concept that forces an OAuth authorization with a single key press. Learn the ins and outs of popup blockers and focusing through URL hashes.

Pressing Buttons with Popups (on Twitch, LinkedIn and more)

A "hard web xssbot" challenge about a fun browser quirk with the is= attribute to perform CSS Injection. Bypass the strict CSP with an unintended new technique to XS-Leak a selector's result by detecting the site crashing

x3CTF - blogdog (+ new CSS Injection XS-Leak!)

Learn how to bypass HTML sanitizers by abusing the intricate parsing rules and mutations. Including my CVE-2024-52595 (lxml_html_clean bypass) and the solution to a hard challenge I shared online

Mutation XSS: Explained, CVE and Challenge

Due to an XS-Leak vulnerability I found in CTFd versions 3.7.2 and below, it was possible to leak flags from admins. Using a novel technique abusing browser history and CSS it could be completely automated

XS-Leaking flags with CSS: A CTFd 0day

Complete 6 web challenges with source code in 6 hours. I ended up winning this CTF and finding an unintended solution in one of the challenges.

Wizer CTF May 2024

An event organized by a French CTF team with many challenges in ranging various difficulties. We placed 11th in the end and most notably found a few different unintended solutions to solve challenges quicker.

GCC CTF

The yearly HackTheBox University CTF 2023: Brains & Bytes was an event for many universities worldwide, in which we as "Hanzehogeschool" placed 19th! Cool web challenges and standard categories, with their signature Fullpwn machines

HTB University CTF 2023

Cyber Apocalypse 2023: The Cursed Mission by HackTheBox. A CTF full of unique and interesting challenges of the utmost quality

Cyber Apocalypse 2023

A beginner-friendly CTF organized by the Dutch TU Delft CTF team where anyone could participate, and me and some friends got 3rd place

TU Delft CTF 2022

An almost 3 week long CTF with beginner to hard challenges. Very high quality challenges with every week a new batch of challenges to try. 

Hacky Holidays Unlock the City 2022

A collection of all monthly Intigriti XSS challenges that I made writeups of. Learn a lot about Web and Cross-Site Scripting vulnerabilities

Intigriti XSS Challenge

A Dutch CTF event with a Training Mission to practice, and a real CTF after. Part of the European Cyber Security Challenge. The challenges were all high quality and good learning material

Challenge the Cyber 2022

A yearly Capture The Flag event that was a part of NahamCon. The event lasted 48 hours, and had loads of challenges from different categories. 

NahamCon CTF 2022

A 5-day long CTF, with a challenge of every category coming out every day. Challenges range from beginner to medium.

Cyber Santa is Coming to Town 2021

A CTF hosted by Google, with some beginner/medium challenges

Google Beginners Quest 2021

Showcases and Tutorials about Coding projects I do, or tools I make. To show how a tool works, or how I made it. Everything is mostly done in Python because of its ease of use. 

Coding

22 April is International Earth Day and guess what… The Earth was hacked by malicious extraterrestrials. Their ultimate plan is to seize control of our planet. It's only you who can save us from this terrible fate.

Cyber Apocalypse 2021

Other

Stories and writeups about real-world Hacking from my experience, and guides/tutorials on techniques to learn from. When I find something interesting worth sharing I'll make a post here to tell the story, or when I feel a topic was hard to understand I try to make a clear explanation in a post.

Hacking

Writeups from Capture the Flag (CTF) events I participated in. About web, scripting, crypto, reversing and everything in between. All writeups include detailed explanations of how everything works. 

Blog

Featured posts

Pressing Buttons with Popups (on Twitch, LinkedIn and more)

x3CTF - blogdog (+ new CSS Injection XS-Leak!)

Mutation XSS: Explained, CVE and Challenge

XS-Leaking flags with CSS: A CTFd 0day