Splunk-based reconstruction of a Volt Typhoon-style intrusion using ADSelfService Plus, WMIC, PowerShell, web shells, Mimikatz, netsh proxying and event log cleanup evidence.

First-place CSIA CTF 2026 writeups for team GHOSTSHELL, covering web exploitation, prototype pollution, JWT issues, Apache RCE, steganography, OSINT, reverse engineering and signal decoding.

Heap exploitation writeup for Browzi MiniBrowser, abusing an unchecked img src copy to overwrite a heap function pointer and redirect rendering to win().

Web CTF writeup for deepwash, exploiting PHP DateTimeImmutable normalization behavior to satisfy strict hash constraints with a three-line payload.

Active Directory lab progress report covering initial access, SMB enumeration, SAM hash extraction, pass-the-hash, DPAPI investigation, BloodHound review, Kerberos tickets and RBCD attempts.