Skip to main content

Yadhu's Blog

Posts

Exploiting HTTP Request Smuggling in Node.js and Gunicorn

/2024/05/11/Exploiting-HTTP-Request-Smuggling-in-Node.js-and-Gunicorn/ Yadhu Krishna M

PyCGI: From Nginx Path-Traversal to RCE; bi0s CTF 2022

/2023/01/19/PyCGI-From-Nginx-Path-Traversal-to-RCE-bi0s-CTF-2022/ Yadhu Krishna M

Unlocking the EmoLocker: bi0s CTF 2022 - Author’s Writeup

/2023/01/19/Unlocking-the-EmoLocker-bi0s-CTF-2022-Authors-Writeup/ Yadhu Krishna M

A Timeline of Growth: Reflections on the Past, Present and Future

/2022/11/13/A-Timeline-of-Growth-Reflections-on-the-Past-Present-and-Future/ Yadhu Krishna M

A tale of HTML Injection to Account takedown at Exercism.org

/2022/11/05/A-tale-of-HTML-Injection-to-Account-takedown-at-Exercism.org/ Yadhu Krishna M

Good Intentions - CSAW CTF Qualifiers 2022

/2022/10/17/Good-Intentions-CSAW-CTF-Qualifiers-2022/ Yadhu Krishna M

NarutoKeeper - Securinets CTF Quals 2022

/2022/04/14/NarutoKeeper-Securinets-CTF-Quals-2022/ ma1f0y

Vulpixelize - HITCON CTF 2021

/2021/12/05/Vulpixelize-HITCON-CTF-2021/ Yadhu Krishna M

Shisui - Fword CTF 2021 Write-up

/2021/08/30/Shisui-Fword-CTF-2021-Write-up/ Yadhu Krishna M

InCTF Internationals 2021 - MD-Notes Write-up

/2021/08/15/InCTF-Internationals-2021-MD-Notes-Write-up/ Yadhu Krishna M

Exploiting Client-side Prototype Pollution - arg.js

/2021/06/22/Exploiting-Client-side-Prototype-Pollution-arg.js/ Yadhu Krishna M

Waffle Write-up - m0leCon CTF 2021 Teaser

/2021/05/16/Waffle-Write-up-m0leCon-CTF-2021-Teaser/ Yadhu Krishna M

Story of My first Bug Bounty

/2021/04/29/Story-of-My-first-Bug-Bounty/ Yadhu Krishna M

HTBCTF Finals 2021: Waf-Waf Write-up

/2021/03/13/HTBCTF-Finals-2021-Waf-Waf-Write-up/ Yadhu Krishna M

DiceCTF 2021: Write-up WebIDE Challenge

/2021/02/09/DiceCTF-2021-Write-up-WebIDE-Challenge/ Yadhu Krishna M

Towards Cyber Security

/2020/08/02/Towards-Cyber-Security/ Yadhu Krishna M