Combing a lot of browser tricks to create a realistic Proof of Concept for the Double-Clickjacking attack. Moving a real popunder with your mouse cursor and triggering it right as you're trying to beat your Flappy Bird high score.

The Ultimate Double-Clickjacking PoC

A challenge by @joaxcar with a small but complex XSS chain, hitting DOM Clobbering with a race condition and abusing a cool URL parsing quirk in JavaScript.

Intigriti May XSS Challenge (0525)

Together with @AtomicByte, we found some vulnerabilities in the MCP protocol, debugging tools, and scanned for internet-exposed servers. This resulted in a ton of results ranging from headless browsers, databases or code evaluators.

MCP: May Cause Pwnage - Backdoors in Disguise

A "hard web xssbot" challenge about a fun browser quirk with the is= attribute to perform CSS Injection. Bypass the strict CSP with an unintended new technique to XS-Leak a selector's result by detecting the site crashing

x3CTF - blogdog (+ new CSS Injection XS-Leak!)

Complete 6 web challenges with source code in 6 hours. I ended up winning this CTF and finding an unintended solution in one of the challenges.

Wizer CTF May 2024

An event organized by a French CTF team with many challenges in ranging various difficulties. We placed 11th in the end and most notably found a few different unintended solutions to solve challenges quicker.

GCC CTF

The yearly HackTheBox University CTF 2023: Brains & Bytes was an event for many universities worldwide, in which we as "Hanzehogeschool" placed 19th! Cool web challenges and standard categories, with their signature Fullpwn machines

HTB University CTF 2023

Cyber Apocalypse 2023: The Cursed Mission by HackTheBox. A CTF full of unique and interesting challenges of the utmost quality

Cyber Apocalypse 2023

A beginner-friendly CTF organized by the Dutch TU Delft CTF team where anyone could participate, and me and some friends got 3rd place

TU Delft CTF 2022

An almost 3 week long CTF with beginner to hard challenges. Very high quality challenges with every week a new batch of challenges to try. 

Hacky Holidays Unlock the City 2022

A collection of all monthly Intigriti XSS challenges that I made writeups of. Learn a lot about Web and Cross-Site Scripting vulnerabilities

Intigriti XSS Challenge

A Dutch CTF event with a Training Mission to practice, and a real CTF after. Part of the European Cyber Security Challenge. The challenges were all high quality and good learning material

Challenge the Cyber 2022

A yearly Capture The Flag event that was a part of NahamCon. The event lasted 48 hours, and had loads of challenges from different categories. 

NahamCon CTF 2022

A 5-day long CTF, with a challenge of every category coming out every day. Challenges range from beginner to medium.

Cyber Santa is Coming to Town 2021

A CTF hosted by Google, with some beginner/medium challenges

Google Beginners Quest 2021

Showcases and Tutorials about Coding projects I do, or tools I make. To show how a tool works, or how I made it. Everything is mostly done in Python because of its ease of use. 

Coding

22 April is International Earth Day and guess what… The Earth was hacked by malicious extraterrestrials. Their ultimate plan is to seize control of our planet. It's only you who can save us from this terrible fate.

Cyber Apocalypse 2021

Other

Stories and writeups about real-world Hacking from my experience, and guides/tutorials on techniques to learn from. When I find something interesting worth sharing I'll make a post here to tell the story, or when I feel a topic was hard to understand I try to make a clear explanation in a post.

Hacking

Writeups from Capture the Flag (CTF) events I participated in. About web, scripting, crypto, reversing and everything in between. All writeups include detailed explanations of how everything works. 

Blog

Featured posts

The Ultimate Double-Clickjacking PoC

Intigriti May XSS Challenge (0525)

MCP: May Cause Pwnage - Backdoors in Disguise

x3CTF - blogdog (+ new CSS Injection XS-Leak!)