Intigriti 0124 XSS Writeup
DiceCTF 2024 Writeup
0CTF 2023 Writeups
A Bunch of Web and XSS Challenges
Analysis of CVE-2023-46729: URL Rewrite Vulnerability in Sentry Next.js SDK
HITCON CTF 2023 and SECCON CTF 2023 Writeup
corCTF 2023 & Sekai CTF 2023 Writeup
Math jail - Intigriti 0823 XSS Challenge Author Writeup
GoogleCTF + zer0ptsCTF + ImaginaryCTF 2023 Writeup
EJS Vulnerabilities in CTF
ReDoS: Attacks using regexp
Android App Reverse Engineering Part 4: Dynamic Analysis with Frida
Android App Reverse Engineering Part 3: Monitoring App Packets
Android App Reverse Engineering Part 2: Modifying Smali Code
Android App Reverse Engineering Part 1: Decompiling and Rebuilding APKs
Preparation Experience for Japan's FE and SG Exams for Zero-Day Japanese Beginners
LINE CTF 2023 Notes
DiceCTF 2023 Notes
Intigriti 0123 Challenge Writeup - Second Order MongoDB JS Injection
Is it meaningful to encrypt passwords when calling APIs on the website frontend?
Summary of CTF Web Frontend and JS Challenges in 2022
RCTF 2022 Notes
Notes on Several CTF Challenges Related to Web and JS CTF 2022 Notes
SekaiCTF 2022 Notes and Concurrent Limit
SekaiCTF 2022 - safelist writeup
Stealing Data with CSS - CSS Injection (Part 2)
Stealing Data with CSS - CSS Injection (Part 1)
Who pollutes your prototype? Find the libs on cdnjs in an automated way
Intigriti 0822 XSS Challenge Author Writeup
corCTF 2022 writeup - modernblog
UIUCTF 2022 Notes
Insecure Deserialization in JavaScript: GoogleCTF 2022 Web/HORKOS Writeup
GoogleCTF 2022 Notes
justCTF 2022 Notes
justCTF 2022 - Baby XSLeak Write-up
DEF CON CTF 2022 Qualifier Notes
m0leCon CTF 2022 Notes
WordPress Plugin VikBooking <= 1.5.3 Unauthorized RCE Vulnerability Details
ångstromCTF 2022 Notes
ångstromCTF 2022 Writeup
Revenge of Intigriti 0422 Challenge Author Writeup
Intigriti 0422 XSS Challenge Author Writeup
How much do you know about script type?
What do you know about script type?
The Magical Features of RegExp and String Replacement in JavaScript
The Magical Features of RegExp and String Replacement in JavaScript
Notes XSS Challenge Author Writeup
picoCTF 2022 Notes
iframe and black magic
SSRF and Account Takeover via XSS in ERPNext
Details of Amelia < 1.0.49 Sensitive Information Disclosure Vulnerability
Sensitive Data Disclosure in WordPress Plugin Amelia < 1.0.49
LINE CTF 2022 Notes
TSJ CTF 2022 - web/Nim Notes Notes
SUSCTF 2022 Writeup
Intigriti 0222 XSS Challenge Author Writeup
Various JS and Front-end Tips I Learned from DiceCTF 2022
Story of critical security flaws I found in Glints
SQL injection in action: Speeding up under restrictions
How a flawed password reset mechanism can lead to account takeover vulnerabilities? Matters as an example
Understanding the Log4j and Log4Shell Vulnerabilities through Surveillance Cameras
CPSA (CREST Practitioner Security Analyst) Exam Experience
HITCON 2021 x DEVCORE Wargame Write-up
Learning HTML Again from Intigriti's October XSS Challenge
Discovering My Lack of Front-end Knowledge through Cybersecurity
XSS from scratch: history and origin
Prototype Pollution: An Attack Technique Based on JS Prototype Chain
Issues to be aware of when implementing redirect functionality: Open Redirect
What is Clickjacking Attack
Understanding Front-end Supply Chain Attacks and Defenses through the Vulnerability of cdnjs
Intigriti July XSS Challenge: Breaking Through Multiple Levels
DoS Attack Using Cookie: Cookie Bomb
Intigriti June XSS Challenge Review
A Brief Discussion on the Various Aspects of XSS Attacks and Defense
Intigriti's 0521 XSS Challenge Solution: Limited Character Combination Code
Solving Intigriti's 0421 XSS Challenge (Part 1)
Preventing XSS may be more difficult than you think
BambooFox CTF 2021 writeup
An Introduction to DOM Clobbering and Its Applications


Transitioning from React to Vue
Exploring Various SSR (Server-side rendering) from a Historical Perspective
TIL:img src also supports mp4 (Safari only)
An Introduction to the Tailwind CSS and Atomic CSS
Trying out new features with Chrome Origin Trials
The Art of Turning Same Site into Same Origin!
Creating HTML Web Pages Suitable for Printing as PDFs with Paged.js
Some useful CSS properties that are not easy to remember
Writing a Simple and Usable ESLint Plugin
CORS Complete Guide (6): Summary, Afterword, and Leftovers
CORS Complete Guide (5): Security Issues of Cross-Origin
CORS Complete Guide (Part 4): Understanding the Specification
CORS Complete Guide (Part 3): CORS in Detail
CORS Complete Guide (Part 2): How to Solve CORS Issues?
CORS Complete Guide (Part 1): Why CORS Errors Occur?
Why is Vite so fast? Starting with ES modules
An interesting styled components bug
Introduction to webpack and snowpack for beginners
Common Problems for Beginners Learning SPA: Router Example
Solid Front-end Learning Path and Resource Recommendations
Functional CSS Experience Sharing: Is It a Blessing or a Curse?
Learning Front-end Development from Redux Creator Dan Abramov’s Article
PWA Practical Experience Sharing
CORS is not as simple as I thought
CSS keylogger: Attack and Defense
The Most Beginner-Friendly RxJS Tutorial
Unified Web Payment Interface: Payment Request API
Front-end Separation and SPA
Understanding Ajax and Cross-Origin Requests Easily
DOM Event Propagation: Capturing and Bubbling
Let's talk about CSRF