YPYogeshwar Peelainexploitnotes.hashnode.dev·15h ago · 4 min readFAM CTF : The Vault Door WriteupSummary NexaVault is a mock internal dashboard app that gates an "Admin Vault" panel behind a role claim in a JWT. The app issues a user-role token on login, stored in the nx_access cookie, and trusts00
YPYogeshwar Peelainexploitnotes.hashnode.dev·15h ago · 13 min readFAM CTF: The Library to The Endpoint WriteupExecutive Summary FAM is a mobile CTF challenge distributed as an Android APK (fam-ctf.apk) with four staged flags, each themed around a different layer of the app's Firebase backend: The Library (nat00
YPYogeshwar Peelainexploitnotes.hashnode.dev·15h ago · 7 min readFAM CTF : The Cloud writeupSummary The target exposed a webhook endpoint (/internal/webhook) meant to act as an internal-only proxy, blocking direct requests to private and link-local IP ranges. That blocklist checked resolved 00