A hard Cross-Site Scripting challenge chaining small bugs with one very hard step to leak a fragment directive using Self XSS

Intigriti March XSS Challenge (0325)

A fun story about discovering my site was vulnerable to Cache Deception, allowing the visit of a link by me to leak all hidden blog posts to an attacker, thanks to URL-decoding and Path Traversals to confuse cache rules

Cache Deception on my new site!

A "hard web xssbot" challenge about a fun browser quirk with the is= attribute to perform CSS Injection. Bypass the strict CSP with an unintended new technique to XS-Leak a selector's result by detecting the site crashing

x3CTF - blogdog (+ new CSS Injection XS-Leak!)

Finding 5 CVEs in the PwnDoc pentest reporting tool, angular-expressions and docx-templater. This includes multiple 1-click Remote Code Execution vulnerabilities by escaping the JavaScript sandbox in the templating engine.

PwnedDoc: Hacking a Reporting Tool

Complete 6 web challenges with source code in 6 hours. I ended up winning this CTF and finding an unintended solution in one of the challenges.

Wizer CTF May 2024

An event organized by a French CTF team with many challenges in ranging various difficulties. We placed 11th in the end and most notably found a few different unintended solutions to solve challenges quicker.

GCC CTF

The yearly HackTheBox University CTF 2023: Brains & Bytes was an event for many universities worldwide, in which we as "Hanzehogeschool" placed 19th! Cool web challenges and standard categories, with their signature Fullpwn machines

HTB University CTF 2023

Cyber Apocalypse 2023: The Cursed Mission by HackTheBox. A CTF full of unique and interesting challenges of the utmost quality

Cyber Apocalypse 2023

A beginner-friendly CTF organized by the Dutch TU Delft CTF team where anyone could participate, and me and some friends got 3rd place

TU Delft CTF 2022

An almost 3 week long CTF with beginner to hard challenges. Very high quality challenges with every week a new batch of challenges to try. 

Hacky Holidays Unlock the City 2022

A collection of all monthly Intigriti XSS challenges that I made writeups of. Learn a lot about Web and Cross-Site Scripting vulnerabilities

Intigriti XSS Challenge

A Dutch CTF event with a Training Mission to practice, and a real CTF after. Part of the European Cyber Security Challenge. The challenges were all high quality and good learning material

Challenge the Cyber 2022

A yearly Capture The Flag event that was a part of NahamCon. The event lasted 48 hours, and had loads of challenges from different categories. 

NahamCon CTF 2022

A 5-day long CTF, with a challenge of every category coming out every day. Challenges range from beginner to medium.

Cyber Santa is Coming to Town 2021

A CTF hosted by Google, with some beginner/medium challenges

Google Beginners Quest 2021

Showcases and Tutorials about Coding projects I do, or tools I make. To show how a tool works, or how I made it. Everything is mostly done in Python because of its ease of use. 

Coding

22 April is International Earth Day and guess what… The Earth was hacked by malicious extraterrestrials. Their ultimate plan is to seize control of our planet. It's only you who can save us from this terrible fate.

Cyber Apocalypse 2021

Other

Stories and writeups about real-world Hacking from my experience, and guides/tutorials on techniques to learn from. When I find something interesting worth sharing I'll make a post here to tell the story, or when I feel a topic was hard to understand I try to make a clear explanation in a post.

Hacking

Writeups from Capture the Flag (CTF) events I participated in. About web, scripting, crypto, reversing and everything in between. All writeups include detailed explanations of how everything works. 

Blog

Featured posts

Intigriti March XSS Challenge (0325)

Cache Deception on my new site!

x3CTF - blogdog (+ new CSS Injection XS-Leak!)

PwnedDoc: Hacking a Reporting Tool