Full methodology for 6 web challenges: Jinja2 SSTI, SQL injection chains, JWT algorithm confusion attacks, and command injection via date format strings. All flags captured.
Attribution methodology for financially-motivated threat actors targeting East African mobile money platforms. Tools used: Shodan, CT logs, Maltego, and dark web monitoring.
Deploying Sliver C2 with redirectors on VPS, crafting HTTPS-staged evasive payloads, simulating APT lateral movement, and validating Splunk detection rules against live C2 traffic.
Extracting Cobalt Strike beacon configuration from Windows memory dumps: Volatility3 plugins, YARA signature matching, and manual artifact analysis to identify C2 infrastructure.
All 24 challenges solved as 0xgh0stx. Covers DFIR, Elastic SIEM log analysis, malware triage, web app hacking, and cloud security misconfigurations. Finished in Top 5% globally.
Practical implementation of Zero Trust principles in East African SMEs: identity-first security, micro-segmentation with open-source tooling, and budget-conscious security architecture decisions.
// All writeups published at github.com/Oscar-Opemba/ctf-writeups
./view_all_writeups ↗