PBPradip Bhattaraiinblog.pradeepbhattarai.me·Apr 13 · 8 min readIntigriti March 2026 XSS Challenge: Full WriteupInitial Reconnaissance The challenge presents itself as the "Intigriti Secure Search Portal", an interface with a search box and a "Report it to Admin" link. That report link is the classic signal: th00
PBPradip Bhattaraiinblog.pradeepbhattarai.me·Nov 25, 2025 · 11 min readExploiting Integer Underflows in SolidityIn the world of blockchain security and Capture The Flag (CTF) challenges, vulnerabilities in smart contracts often stem from subtle arithmetic issues, especially in older Solidity versions (pre-0.8.0), where unchecked operations could lead to overfl...00
PBPradip Bhattaraiinblog.pradeepbhattarai.me·Nov 25, 2025 · 9 min readExploiting Biased Off-Chain RNG in Ethereum Smart ContractsThis post provides a rigorous, low-level analysis of a vulnerable casino smart contract system, focusing on the interaction between on-chain logic and an off-chain RNG oracle. We formalise the vulnerability as a probabilistic bias in the oracle's out...00
PBPradip Bhattaraiinblog.pradeepbhattarai.me·Aug 20, 2025 · 4 min readGoPhish Powers RSVP for Pentester Nepal’s 12th AnniversaryPentester Nepal, a leading cybersecurity community in Nepal, recently celebrated its 12th anniversary on August 16, 2025, at Ullens College in Lalitpur. The free event featured expert talks on bug bounty hunting, AI governance, OAuth attacks, and mor...00
PBPradip Bhattaraiinblog.pradeepbhattarai.me·Aug 11, 2025 · 5 min readExploiting an LFI Vulnerability and Forging a Signature in BugcrowdCTFIntroduction During Bugcrowd CTF at Black Hat USA 2025, I tackled a web challenge involving SecureFile Solutions, a document management system with a hidden Local File Inclusion (LFI) vulnerability in its index.php. This journey involved exploiting t...00
