2020

HTTP Response Header Injection in Swoole<=4.5.2

RCTF 2020 rBlog writeup

2019

Arbitrary file deletion in phpMyAdmin <= 4.8.4

2018

Sniffing Codes in Hot Module Reloading Messages

RealWorldCTF PrintMD writeup

RCTF 2018 rBlog writeup

0CTF 2018 Quals Bl0g writeup

2017

34C3 CTF web writeup

An easy way to pwn most of the vivotek network cameras

RCTF 2017 rCDN & noxss writeup

RCTF 2017 rBlog & rFile writeup

BCTF 2017 web writeup

0CTF 2017 Quals web writeup

ZCTF 2017 web writeup