This repository contains Capture the Flag (CTF) challenges I’ve authored or solved, organized by event.
Each challenge is designed to simulate real-world vulnerabilities, adversary scenarios, or creative exploitation logic.
- Supermassive Black Hole: a web challenge focusing on SMTP smuggling and exploiting existing CVEs.
- The Weakest Link: The culmination of my UIUCTF 2024 OSINT suite focused on an access control quirk in Spotify.
- Frame: A retrospective of an older web challenge of mine focused on a file upload vulnerability.
├── CTFs/
│ ├── UIUCTF-2022/
│ │ └── [challenge name].md
│ ├── UIUCTF-2023/
│ │ └── ...
Each .md file covers:
- The challenge overview
- Technical breakdown of the vulnerability
- Intended solve path
- Any interesting misuses, edge cases, or alternate solutions
- Links to original source code when necessary