The React2Shell Story and What Happened Next.js

 react2shell  writeup
The React2Shell Story and What Happened Next.js

On December 3rd 2025, Meta disclosed CVE-2025-55182 which we dubbed react2shell, an unauthenticated RCE in React Server Components. In short, the Flight protocol failed to properly validate types, allowing the construction of arbitrary chunks and access to object prototypes (and therefore the functions on them). Several very well-written technical breakdowns of the vulnerable Flight code have already been made, most notably by Lachlan Davidson, my research partner in this. I’ve been asked by a handful of friends when I’m going to post my own technical writeup, and while I feel as though writing one would be rather redundant at this point, I do think the story of how exactly we stumbled across this and what happened afterwards is worth telling.

read more →

Lessons Learned From RITSEC CTF

 ctf
Lessons Learned From RITSEC CTF

Last weekend RITSEC hosted its annual CTF. I had the privilege of being the “Challenges Lead” for the event this year, so while I wasn’t directly in charge, I had broad authority over certain parts of the event, some ability to influence administrative decisions, and personally authored about a third of the 36 challenges we had.

Several weeks before our CTF, I played DiceGang’s 2026 qualifier, and the prevailing opinion among much of the CTF community, nearly unanimous among my friends, was that the capabilities of LLMs to autonomously solve challenges had reached something of a breaking point, to the extent that it was impossible to place well at the event if you weren’t “slopping” to at least some degree, which ruins the fun for human players who play because they like to challenge themselves and learn.

read more →

Using BMP Polyglots to get RCE

 ctf  writeup  web
Using BMP Polyglots to get RCE

Competing with SLICES last weekend I helped win HITCON CTF. I spent a good chunk of the time during the event solving a fairly hard web challenge called IMGC0NV. I was the 3rd solve on it overall, and it had 5 solves total by the end of the CTF.

The setup for the challenge was fairly simple. There’s an app.py that runs a Flask server, an index.html, and a readflag.c that gets compiled into a suid binary to read the flag. The Dockerfile looked like this:

read more →

UMass CTF Writeups

 ctf  writeup  crypto  web  misc
UMass CTF Writeups

In spite of my otherwise packed schedule, I managed to set aside some time this past weekend to play UMass CTF with my team L3ak. As a team we placed first, and I personally cleared out the entire web category, several from OSINT and misc, and two of the three hardware challenges. I had a lot of fun with a bunch of the challenges and chose four of my favorites to write about.

read more →

LA CTF 2025 Writeups

 ctf  writeup  rev  web
LA CTF 2025 Writeups

I won 5th place in LA CTF 2025 with my team. I found a handful of the challenges I solved pretty cool so I wrote up my solutions and process for them

Prologue

This was my favorite challenge from this event by far. The challenge only gave us a link to a Scratch project with the description “You can do this.”

After opening the project and clicking play, I could see what appeared to be a platformer game that very clearly resembled the intro level of Celeste (also titled Prologue)

read more →

Srdnlen CTF 2025

 ctf  writeup  pyjail
Srdnlen CTF 2025

This past weekend I competed in the srdnlen CTF with my team L3ak. There were a handful of challenges that I found fun enough to warrant a writeup, so here goes

Cheese with Friends

Cheese with Friends tells the story of what I can only assume was an LLM’s imagined experiences with Casu Martzu, a particularly gross variety of cheese from Sardinia, the home region of the team hosting this CTF.

read more →

Simplifying MBA Expressions to Solve a CTF

 ctf  rev  writeup
Simplifying MBA Expressions to Solve a CTF

Last weekend my team and I competed in UofTCTF 2025, where we placed 9th overall. I found one of the reversing challenges really interesting, and I was proud of my solution and solve process, so I made a writeup for it.

Bloatware

For this challenge we’re given a flag checker program, chal.js. Upon opening it I quickly saw that it was obfuscated with obfuscator.io and then minified. Here’s a small snippet of the code in question.

read more →