When I first started learning languages, I realized something important: it’s not really about memorizing grammar rules. A language is just a tool. Its purpose is communication. And like any tool, the best way to learn how to use it is by watching how the experts — native speakers — actually use it. For example, you can’t just copy English sentence structures when speaking Japanese. The meaning might survive, but it will sound completely unnatural. Each language has its own “design patterns.” ...

Ever since I installed my first Linux distro (good old Ubuntu), I never once thought about going back to Windows. I mean, why would I? Before Linux, I only touched computers for gaming. Anything beyond that—writing documents, checking emails, or wrestling with random Blue Screen of Death encounters—sounded like the digital equivalent of watching paint dry. Linux changed everything. Suddenly, computers weren’t these boring office machines—they were fun. They were obedient little metal pets that did whatever I told them to. Want to customize your entire desktop? Sure. Want to write a bash script that does absolutely nothing useful but makes you feel like a hacker? Go for it. Want to nuke your bootloader at 2 AM and spend the next 4 hours fixing it? Linux says, “Challenge accepted.” ...

The hashcrack challenge from PicoCTF is a practical demonstration of the security risks posed by weak hashing algorithms for passwords. In this write-up, I will detail the steps taken to solve the challenge, the reasoning behind each decision, and the security lessons that can be learned from this exercise. You can try and solve it yourself here. Challenge Overview The challenge description states that a company’s server was breached because the administrator used weakly hashed passwords. Our goal is to gain access to the secret message stored on that server. To start, we are given the connection details: ...

Hacking Profile Pictures Like It’s 2005 (picoCTF Web Exploit Writeup) So, I tried another picoCTF challenge and this one was basically: 👨‍💻 “A developer added profile picture uploads. What could possibly go wrong?” If you’ve ever touched PHP (I’m sorry) you already know the answer: literally everything. The challenge: Standard Pizzas 🍕 Upload Feature? More Like Upload Malware The site lets you upload an image and then proudly tells you where it lives: ...

That One Silly Python Feature Hackers Love (and Devs Hate) 🐍💻 Python is an amazing language. It’s clean, elegant, and super beginner-friendly. …until you stumble across one of its cursed features and realize “oh no, this is how hackers get RCE.” Today’s silly Python feature: 👉 You can import literally anything, from anywhere. Wait… I Can Do That? Normally in Python, you import modules at the top like a responsible developer: ...

Python loves inheritance. You can make classes inherit from other classes, those classes inherit from others, and suddenly you’ve got a full-blown family tree that looks like someone spilled spaghetti on your UML diagram. And then you run into the question: when I call a method, which ancestor actually answers the call? That’s where MRO (Method Resolution Order) comes in. Think of it like ls for Python’s class hierarchy—it shows you the exact path Python will take when looking for a method. No more guessing which def speak() gets invoked when you’ve got five grandparents fighting for attention. ...

I’ve never been into gacha games. My taste in gaming is simple: give me a good RPG or a visual novel and I’m set. Why? Because I’m a sucker for story. Graphics will keep evolving anyway — that’s just Moore’s Law with prettier shaders. But story? That’s pure human creativity, the real kernel that makes the whole program worth running. But then one day, I stumbled onto this game called Zenless Zone Zero. The fandom wouldn’t stop posting memes about how it’s basically a gooner simulator. And yeah… they weren’t wrong. I tried it. I’m playing it. Don’t @ me. ...

Binary Exploitation Challenge (PIE & Function Hijacking in picoCTF) I’ve always been fascinated by low-level programming and security, but up until now I hadn’t really tried a binary exploitation challenge. Recently, I stumbled upon this picoCTF challenge called “rescue-float” — and let me tell you, it was a mix of confusion, discovery, and a little bit of victory at the end. This post is a casual walkthrough of how I approached it as a beginner. If you’re into Linux, development, or cybersecurity, you’ll probably find this fun (or at least relatable if you remember your first binary exploitation adventure). ...

PicoCTF Writeup – Forensics Disk Image Challenge: Disk, disk, sleuth! Description: Can you find the flag in this disk image? Download the disk image here. First Thoughts This challenge was tagged forensics, which usually means poking around filesystems, memory dumps, or raw disk images. The goal is to extract hidden information — in this case, the flag. I grabbed the disk image (disko-1.dd) and started experimenting. Initial Attempts My first instinct was to take a look at the raw hex using xxd: ...

PicoCTF Writeup – Server-Side Template Injection (SSTI) Recently, I played around with a PicoCTF challenge 492. The challenge looked like a simple web app that lets you “announce whatever you want.” Naturally, I fired up my terminal and started poking at it with curl. By the way, we can also visit the website and experiment with the form instead. curl -X GET http://rescued-float.picoctf.net:49878/announce -i Response: HTTP/1.1 405 METHOD NOT ALLOWED Allow: POST, OPTIONS Looks like only POST is allowed, so I retried with: ...