Hacker101: CTF OSU [Moderate Writeup]
Feb 18 · 3 min read · Resumen Objetivo del reto: elevar las calificaciones de Natasha Drew en el portal de estudiantes OSUSEC para obtener la flag. Contexto del objetivo El challenge indica explícitamente que Natasha no tiene las notas necesarias y hay que ponerle todo e...
Join discussion
OWASP Top 10 2025: Application Design Flaws (TryHackMe)
Jan 10 · 20 min read · After exploring IAAA (Identity, Authentication, Authorization, and Accountability) failures in the previous room, I moved on to what many consider the most challenging category of vulnerabilities to fix: Application Design Flaws. Unlike authenticatio...
Join discussion
Multifactorial CTF Writeup: Bypassing MFA via WebAuthn Exploit
Jan 1 · 4 min read · Challenge Description Category: Web exploitationAuthor: thee2d Modern authentication relies on more than just a password. Something you know, something you have, and something you are. Together, they're meant to provide layered security that can with...
Join discussion
Kramazon CTF Writeup: Cookie Forgery & IDOR Exploit
Jan 1 · 5 min read · Challenge Description Category: Web exploitationAuthor: thee2d Intelligence analysts from the North Pole Logistics Directorate (NPLD) have uncovered a covert online storefront operated by the KRAMPUS Syndicate. Its name? Kramazon. Looks familiar. Wor...
Join discussion
Day 5 – Bypassing Security with Santa’s Little IDOR
Dec 27, 2025 · 3 min read · The Mission: Trouble at TryPresentMe The 24-hour marathon continues in Wareville, where the town is on high alert due to the disappearance of McSkidy. The support team for the TryPresentMe website has been inundated with calls from parents unable to ...
Join discussion
IDOR - Santa’s Little IDOR (TryHackMe) 🧑🎄🎉
Dec 6, 2025 · 12 min read · In this write-up, we’ll walk through the “IDOR on the Shelf” challenge and break down the key concepts behind Insecure Direct Object References. Rather than just following the steps mechanically, we’ll explore why IDOR happens, how to identify it in ...
Join discussion
IDOR - Santa’s Little IDOR | Advent of Cyber | TryHackMe
Dec 6, 2025 · 3 min read · Learning Objectives Understand the concept of authentication and authorization Learn how to spot potential opportunities for Insecure Direct Object References (IDORs) Exploit IDOR to perform horizontal privilege escalation Learn how to turn IDOR ...
Join discussion
Era — HackTheBox Writeup
Nov 29, 2025 · 4 min read · Overview Era is a medium-difficulty HackTheBox machine focused on web exploitation, insecure direct object references (IDOR), database credential leaks, and stream-wrapper abuse leading to remote command execution. The foothold revolves around enumer...
Join discussion