Orel
LightNews LightNews
orelg.bsky.social
Orel
@orelg.bsky.social
16 followers 120 following 10 posts
My information security blog: www.thesecuritywind.com
Posts Replies Media Videos
orelg.bsky.social
My last writeups for three easy challenges from 1753CTF.
Simple broken access control, Unicode normalization and bcrypt input truncation.

www.thesecuritywind.com/post/1753ctf...
1753CTF 2025 Writeups
This time I couldn't invest a lot of time, but I still solved some easy challenges.1753CTF 2025 was different from those I participated in the past, in a way that the interaction with the platform (su...
www.thesecuritywind.com
April 14, 2025 at 10:02 PM
Reposted by Orel
joaxcar.bsky.social
A small code-golf web challenge (free research from you, for me), how short can you make a "fetch content and execute it inline".

There is a CSP in a meta tag.
Goal: get the content from the file hack.js and have it inserted in the page. like in the image

joaxcar.com/xss/self.html
December 12, 2024 at 1:00 PM
orelg.bsky.social
Here's a link to my latest blog post!
www.thesecuritywind.com/post/world-w...
World Wide CTF 2024 World Wide Email Search Writeup (Web)
I think this was the first time I was part of one of the first teams to solve a hard challenge in a big CTF. We were the third team to solve it (it ended with 7 solves out of ~580 teams). Sagiv and I worked together on this challenge and it was enriching and fun, especially because I tried a lot of different things along the way and learned new things.The solution to this challenge might seem a bit straightforward or easy but I think what made it a hard challenge were the subtle hints and limite
www.thesecuritywind.com
December 2, 2024 at 3:49 PM