mbiesiad/ctf-writeups

# CTF 复盘 CTF Writeups 与安全研究个人合集 🚩 这是一个网络安全文章的个人合集——涵盖 CTF 挑战、HTB/THM 攻略，以及通过 VDP（及类似项目）报告的真实世界漏洞笔记。 # TOC - 目录 1. [HTB](https://github.com/mbiesiad/ctf-writeups?tab=readme-ov-file#htb) 2. [CTFs](https://github.com/mbiesiad/ctf-writeups?tab=readme-ov-file#ctfs) 3. [THM](https://github.com/mbiesiad/ctf-writeups?tab=readme-ov-file#thm) 4. [VDP](https://github.com/mbiesiad/ctf-writeups?tab=readme-ov-file#vdp) 5. [我创建的 CTF 挑战与精选工具](https://github.com/mbiesiad/ctf-writeups?tab=readme-ov-file#ctf-challenges-i-created--selected-tools) # HTB - [HackTheBox CTF — Crypto: Iced TEA](https://medium.com/@embossdotar/hackthebox-ctf-crypto-iced-tea-9a6a6c73094d) - [HackTheBox CTF — Crypto: Makeshift](https://medium.com/@embossdotar/hackthebox-ctf-crypto-makeshift-64f05b88f8d9) - [Cyber Apocalypse 2024: Hacker Royale — Crypto: Dynastic](https://medium.com/@embossdotar/cyber-apocalypse-2024-hacker-royale-crypto-dynastic-7395ab5cd3ea) - [CTF Writeup — Cyber Apocalypse 2024: Hacker Royale — Reversing: LootStash](https://medium.com/@embossdotar/ctf-writeup-cyber-apocalypse-2024-hacker-royale-reversing-lootstash-60f485a11142) - [HackTheBox — Windows 命令行介绍 — 查找文件和目录](https://medium.com/@embossdotar/hackthebox-introduction-to-windows-command-line-finding-files-and-directories-eda4c02bbd1e) # CTFs - [CTF Writeup — Hackme CTF](https://medium.com/@embossdotar/ctf-writeup-hackme-ctf-720341f061b4) - [CTF Writeup — pingCTF 2021 — 隐写术](https://medium.com/@embossdotar/ctf-writeup-pingctf-2021-steganography-f4c10d8def03) - [CTF Writeup — Fetch the Flag CTF 2023 — Unhackable Andy](https://medium.com/@embossdotar/ctf-writeup-fetch-the-flag-ctf-2023-unhackable-andy-4e5a8dbdbcb0) - [CTF Writeup — Fetch the Flag CTF 2023 — Nine-One-Sixteen](https://medium.com/@embossdotar/ctf-writeup-fetch-the-flag-ctf-2023-nine-one-sixteen-4f3f076b9cfd) - [AmateursCTF 2024 — web/denied 挑战 — Writeup](https://medium.com/@embossdotar/amateursctf-2024-web-denied-challenge-writeup-a2964c67b665) - [CTF Writeup — RITCTF 2024 — Beep Boop](https://medium.com/@embossdotar/ctf-writeup-ritctf-2024-beep-boop-f07ef3f83bd5) - [CTF Writeup — 24@CTF — SteganOsint 1](https://medium.com/@embossdotar/ctf-writeup-24-ctf-steganosint-1-89a1bc71448a) - [CTF Writeup — SwampCTF 2024 — Lost in Space](https://medium.com/@embossdotar/ctf-writeup-swampctf-2024-lost-in-space-6e3689f43c3a) - [CTF Writeup — Wayne State University — CTF24 — XZ Utils 调查 1](https://medium.com/@embossdotar/ctf-writeup-wayne-state-university-ctf24-xz-utils-investigation-1-df7eaa5b6319) - [CTF Writeup — HackPack CTF 2024 — LLM 版 — YellowDog-1](https://medium.com/@embossdotar/ctf-writeup-hackpack-ctf-2024-llm-edition-yellowdog-1-db02a36e1051) - [CTF Writeup — AirOverflow CTF — 2024 — Insanity](https://medium.com/@embossdotar/ctf-writeup-airoverflow-ctf-2024-insanity-273d3d5d4128) - [CTF Writeup — SpringForwardCTF — Minerva’s Quest](https://medium.com/@embossdotar/ctf-writeup-springforwardctf-minervas-quest-869b3e5907fc) - [openECSC 2024 — 第 2 轮 — CTF Writeup — Blind maze](https://medium.com/@embossdotar/openecsc-2024-round-2-ctf-writeup-blind-maze-137438ad3490) - [CTF Writeup — UIUCTF 2024 — An Unlikely Partnership](https://medium.com/@embossdotar/ctf-writeup-uiuctf-2024-an-unlikely-partnership-c1233105bdbb) - [CTF Writeup — DownUnderCTF 2024 — tldr please summarise](https://medium.com/@embossdotar/ctf-writeup-downunderctf-2024-tldr-please-summarise-8394e4471e91) - [CTF Writeup — DownUnderCTF 2024 — offtheramp](https://medium.com/@embossdotar/ctf-writeup-downunderctf-2024-offtheramp-63cb06bdc6c7) - [CTF Writeup — DownUnderCTF 2024 — Baby’s First Forensics](https://medium.com/@embossdotar/ctf-writeup-downunderctf-2024-babys-first-forensics-39de2a121eb7) - [CTF Writeup — corCTF 2024 — the-conspiracy](https://medium.com/@embossdotar/ctf-writeup-corctf-2024-the-conspiracy-52e9f95624c7) - [CTF Writeup — corCTF 2024 — infiltration](https://medium.com/@embossdotar/ctf-writeup-corctf-2024-infiltration-b39d39d46e37) - [CTF Writeup — n00bzCTF 2024 — The Gang 2](https://medium.com/@embossdotar/ctf-writeup-n00bzctf-2024-the-gang-2-10ddfddb086f) - [CTF Writeup — TFC CTF 2024 — CCCCC](https://medium.com/@embossdotar/ctf-writeup-tfc-ctf-2024-ccccc-a0cd075518de) - [CTF Writeup — IRON CTF 2024 — Math Gone Wrong](https://medium.com/@embossdotar/ctf-writeup-iron-ctf-2024-math-gone-wrong-ccc0b463e38f) - [CTF Writeup — IRON CTF 2024 — Introspection](https://medium.com/@embossdotar/ctf-writeup-iron-ctf-2024-introspection-e136feb0570a) - [CTF Writeup — Crate-CTF 2024 — XML-kontroll](https://medium.com/@embossdotar/ctf-writeup-crate-ctf-2024-xml-kontroll-c57459443c4c) - [CTF Writeup — TJCTF 2025 — mouse-trail](https://medium.com/@embossdotar/ctf-writeup-tjctf-2025-mouse-trail-eb37a18a372e) - [CTF Writeup — TJCTF 2025 — guess-my-number](https://medium.com/@embossdotar/ctf-writeup-tjctf-2025-guess-my-number-754847f18a48) - [CTF Writeup — TJCTF 2025 — hidden-message](https://medium.com/@embossdotar/ctf-writeup-tjctf-2025-hidden-message-124ce00a4001) - [CTF Writeup — TJCTF 2025 — loopy](https://medium.com/@embossdotar/ctf-writeup-tjctf-2025-loopy-5fdade94f7fa) # THM - [TryHackMe — Advent of Cyber 2023 — Hydra — 第 3 天攻略](https://medium.com/@embossdotar/tryhackme-advent-of-cyber-2023-hydra-day-3-walkthrough-6f4c2b488a17) - [Advent of Cyber 2023 — TryHackMe — 第 5 天 — 解法](https://medium.com/@embossdotar/advent-of-cyber-2023-tryhackme-day-5-solutions-02d94262d697) - [Advent of Cyber 2023 — TryHackMe — CeWL & wfuzz — 第 4 天攻略](https://medium.com/@embossdotar/advent-of-cyber-2023-tryhackme-cewl-wfuzz-day-4-walkthrough-51a70be43b37) - [TryHackMe — 源代码安全 — Writeup](https://medium.com/@embossdotar/tryhackme-source-code-security-writeup-8db50e5e143c) - [TryHackMe — 安全原则 — Writeup](https://medium.com/@embossdotar/tryhackme-security-principles-writeup-96ccf47e0f43) - [TryHackMe — 经验教训 — Writeup](https://medium.com/@embossdotar/tryhackme-lessons-learned-writeup-d5a5e9baded8) - [TryHackMe — MalDoc: 静态分析 — Writeup](https://medium.com/@embossdotar/tryhackme-maldoc-static-analysis-writeup-cbf597bb5205) - [TryHackMe — 反逆向工程 — Writeup](https://medium.com/@embossdotar/tryhackme-anti-reverse-engineering-writeup-7db68dff9ad8) - [TryHackMe — x86 汇编速成课程 — Writeup](https://medium.com/@embossdotar/tryhackme-x86-assembly-crash-course-writeup-e2b7aaf7864f) - [TryHackMe — Windows 内部原理 — Writeup](https://medium.com/@embossdotar/tryhackme-windows-internals-writeup-ad5d7817b0ce) - [TryHackMe — Windows 用户账户取证 — Writeup](https://medium.com/@embossdotar/tryhackme-windows-user-account-forensics-writeup-8e76f4984ee7) - [TryHackMe — 高级静态分析 — Writeup](https://medium.com/@embossdotar/tryhackme-advanced-static-analysis-writeup-67957dddc0cc) - [TryHackMe — CORS & SOP — Writeup](https://medium.com/@embossdotar/tryhackme-cors-sop-writeup-2d1e41717107) - [TryHackMe — 竞态条件 — Writeup](https://medium.com/@embossdotar/tryhackme-race-conditions-writeup-67ddd0d7eb9f) - [TryHackMe — 事件响应的困难与挑战 — Writeup](https://medium.com/@embossdotar/tryhackme-ir-difficulties-and-challenges-writeup-bc8ec6f41eeb) - [TryHackMe — 分析易失性内存 — Writeup](https://medium.com/@embossdotar/tryhackme-analysing-volatile-memory-writeup-b2230b576812) - [TryHackMe — 不安全的反序列化 — Writeup](https://medium.com/@embossdotar/tryhackme-insecure-deserialisation-writeup-a6a4f337359f) - [TryHackMe — Windows 网络分析 — Writeup](https://medium.com/@embossdotar/tryhackme-windows-network-analysis-writeup-92f6278e27ae) - [TryHackMe — 事件响应哲学与伦理 — Writeup](https://medium.com/@embossdotar/tryhackme-ir-philosophy-and-ethics-writeup-8b07f933a4f4) - [TryHackMe — LDAP 注入 — Writeup](https://medium.com/@embossdotar/tryhackme-ldap-injection-writeup-cf7226714fc0) - [TryHackMe — XXE 注入 — Writeup](https://medium.com/@embossdotar/tryhackme-xxe-injection-writeup-8ae820685212) - [TryHackMe — TShark: 基础 — Writeup](https://medium.com/@embossdotar/tryhackme-tshark-the-basics-writeup-687b8ba58b2e) - [TryHackMe — 高级 SQL 注入 — Writeup](https://medium.com/@embossdotar/tryhackme-advanced-sql-injection-writeup-a670d2b44ec4) - [TryHackMe — TShark: CLI Wireshark 功能 — Writeup](https://medium.com/@embossdotar/tryhackme-tshark-cli-wireshark-features-writeup-ea20b38a4e57) - [TryHackMe — 基于 DOM 的攻击 — Writeup](https://medium.com/@embossdotar/tryhackme-dom-based-attacks-writeup-d6788e534c77) - [TryHackMe — 服务端模板注入 — Writeup](https://medium.com/@embossdotar/tryhackme-server-side-template-injection-writeup-fe19e9188b78) - [TryHackMe — iOS 分析 — Writeup](https://medium.com/@embossdotar/tryhackme-ios-analysis-writeup-57e3b55c2484) - [TryHackMe — Snyk Open Source — Writeup](https://medium.com/@embossdotar/tryhackme-snyk-open-source-writeup-567ba2bee2bd) - [TryHackMe — Snyk Code — Writeup](https://medium.com/@embossdotar/tryhackme-snyk-code-writeup-306b38b8d12b) - [TryHackMe — 集群加固 — Writeup](https://medium.com/@embossdotar/tryhackme-cluster-hardening-writeup-62177add3e65) - [TryHackMe — ORM 注入 — Writeup](https://medium.com/@embossdotar/tryhackme-orm-injection-writeup-8d3c356f15d7) - [TryHackMe — NoSQL 注入 — Writeup](https://medium.com/@embossdotar/tryhackme-nosql-injection-writeup-ad55d1464ae1) - [TryHackMe — Linux 实时分析 — Writeup](https://medium.com/@embossdotar/tryhackme-linux-live-analysis-writeup-4e4aca429ec2) - [TryHackMe — K8s 最佳安全实践 — Writeup](https://medium.com/@embossdotar/tryhackme-k8s-best-security-practices-writeup-bbe21ef1f0c7) - [TryHackMe — Critical — Writeup](https://medium.com/@embossdotar/tryhackme-critical-writeup-2e6598a81cca) - [TryHackMe — CryptOps 介绍 — Writeup](https://medium.com/@embossdotar/tryhackme-introduction-to-cryptops-writeup-23d504a8cc4b) - [TryHackMe — 枚举与暴力破解 — Writeup](https://medium.com/@embossdotar/tryhackme-enumeration-brute-force-writeup-79fe0d8bd219) - [TryHackMe — 取证镜像 — Writeup](https://medium.com/@embossdotar/tryhackme-forensic-imaging-writeup-b2530c5b5e35) - [TryHackMe — 会话管理 — Writeup](https://medium.com/@embossdotar/tryhackme-session-management-writeup-abf923524316) - [TryHackMe — Joomify — Writeup](https://medium.com/@embossdotar/tryhackme-joomify-writeup-8a99f3c14a4b) - [TryHackMe — 微服务架构 — Writeup](https://medium.com/@embossdotar/tryhackme-microservices-architectures-writeup-a266ee894c9d) - [TryHackMe — 冷系统取证入门 — Writeup](https://medium.com/@embossdotar/tryhackme-intro-to-cold-system-forensics-writeup-410793c538cc) - [TryHackMe — Hypervisor 内部原理 — Writeup](https://medium.com/@embossdotar/tryhackme-hypervisor-internals-writeup-e2dc2c24749f) - [TryHackMe — 多因素认证 — Writeup](https://medium.com/@embossdotar/tryhackme-multi-factor-authentication-writeup-42098a474147) - [TryHackMe — Nmap: 基础 — Writeup](https://medium.com/@embossdotar/tryhackme-nmap-the-basics-writeup-890d650b3322) - [TryHackMe — Tcpdump: 基础 — Writeup](https://medium.com/@embossdotar/tryhackme-tcpdump-the-basics-writeup-f27d750a76e2) - [TryHackMe — 网络基础 — Writeup](https://medium.com/@embossdotar/tryhackme-networking-essentials-writeup-66bac291a08e) - [TryHackMe — 网络核心协议 — Writeup](https://medium.com/@embossdotar/tryhackme-networking-core-protocols-writeup-8a8e1151144a) - [TryHackMe — 网络安全协议 — Writeup](https://medium.com/@embossdotar/tryhackme-networking-secure-protocols-writeup-aea4d7bd77e2) - [TryHackMe — 事件响应基础 — Writeup](https://medium.com/@embossdotar/tryhackme-incident-response-fundamentals-writeup-bbf8578c8289) - [TryHackMe — 数字取证基础 — Writeup](https://medium.com/@embossdotar/tryhackme-digital-forensics-fundamentals-writeup-fbfef06a85a4) - [TryHackMe — 防火墙基础 — Writeup](https://medium.com/@embossdotar/tryhackme-firewall-fundamentals-writeup-9c0ebc988398) - [TryHackMe — IDS 基础 — Writeup](https://medium.com/@embossdotar/tryhackme-ids-fundamentals-writeup-f3f44007f0b3) - [TryHackMe — 漏洞扫描器概述 — Writeup](https://medium.com/@embossdotar/tryhackme-vulnerability-scanner-overview-writeup-be0943d77744) - [TryHackMe — 公钥密码学基础 — Writeup](https://medium.com/@embossdotar/tryhackme-public-key-cryptography-basics-writeup-2cb020b60553) - [TryHackMe — 哈希基础 — Writeup](https://medium.com/@embossdotar/tryhackme-hashing-basics-writeup-e366b479d77a) - [TryHackMe — CAPA: 基础 — Writeup](https://medium.com/@embossdotar/tryhackme-capa-the-basics-writeup-42f5b88aadc4) - [TryHackMe — SQLMap: 基础 — Writeup](https://medium.com/@embossdotar/tryhackme-sqlmap-the-basics-writeup-cdda034b5acb) - [TryHackMe — Gobuster: 基础 — Writeup](https://medium.com/@embossdotar/tryhackme-gobuster-the-basics-writeup-8aa3fbcd8db1) - [TryHackMe — 日志基础 — Writeup](https://medium.com/@embossdotar/tryhackme-logs-fundamentals-writeup-5bbb03bf7b2e) - [TryHackMe — Linux Shells — Writeup](https://medium.com/@embossdotar/tryhackme-linux-shells-writeup-f2e94e7532bc) - [TryHackMe — Shells 概述 — Writeup](https://medium.com/@embossdotar/tryhackme-shells-overview-writeup-e0a2c3a11620) - [TryHackMe — 密码学基础 — Writeup](https://medium.com/@embossdotar/tryhackme-cryptography-basics-writeup-f604457e3cac) - [TryHackMe — SOC 基础 — Writeup](https://medium.com/@embossdotar/tryhackme-soc-fundamentals-writeup-7aa43a55f7d8) # VDP - [Writeup Bugcrowd — 私有项目 — 二维码](https://medium.com/@embossdotar/writeup-bugcrowd-private-program-qr-codes-fa338161175a) - [漏洞 — Substack Writeup — 开放 URL 重定向](https://medium.com/@embossdotar/vuln-substack-writeup-open-url-redirection-d4439ddd904e) - [社交媒体账户劫持 — VDP](https://medium.com/@embossdotar/social-media-account-hijacking-vdp-fa674b25af44) - [我如何在 6 秒内发现 3 个 XSS！无需自动化工具](https://medium.com/@embossdotar/how-i-found-3x-xss-in-6-seconds-without-automated-tools-b0c852dea66f) - [全球有多少白帽黑客？通过 Google Bug Hunters 数据看世界](https://osintteam.blog/how-many-ethical-hackers-are-out-there-a-global-look-through-google-bug-hunters-data-a09fb8e2329e) - [绘制全球白帽黑客地图：来自 HackerOne 平台的洞察](https://osintteam.blog/mapping-the-worlds-ethical-hackers-insights-from-hackerone-platform-ca45592861e6) - [一次劫持我数字身份的企图：继两篇 Medium.com 文章之后的网络攻击](https://systemweakness.com/an-attempt-to-hijack-my-digital-identity-a-cyber-attack-following-two-medium-com-articles-63692536546c) - [Bogon 地址 — 解释](https://medium.com/meetcyber/bogon-address-explained-cf73e1dacce5) - [为什么我的网络是 192.168.x.x……但我的虚拟机显示 10.x.x.x？](https://medium.com/meetcyber/why-is-my-network-192-168-x-x-but-my-virtual-machine-shows-10-x-x-x-cb232e437fca) - [一个 IP，多人共用：为什么你无法确定谁真正访问了你的网站](https://medium.com/meetcyber/one-ip-many-people-why-you-cant-tell-who-s-really-visiting-your-website-c40ad4abf9af) - [为什么你必须等待你的 CVE：MITRE 流程的幕后](https://medium.com/@embossdotar/why-you-have-to-wait-for-your-cve-behind-the-scenes-of-mitres-process-394369fbd3b5) - [反射型 XSS 与 Base64 — 瞬间突破隐蔽性](https://medium.com/@embossdotar/reflected-xss-with-base64-breaching-obscurity-in-seconds-38e3ca07b085) - [反射型 XSS 与 Base64 — 瞬间突破隐蔽性](https://infosecwriteups.com/reflected-xss-with-base64-breaching-obscurity-in-seconds-e1f9e50a4709) (InfoSec Write-ups Publication) # 我创建的 CTF 挑战与精选工具 - 基于对称性的字母数字字符视觉编码：[挑战](https://github.com/mbiesiad/symmetry-encoder-decoder/tree/main/challenges) - 基于对称性的字母数字字符视觉编码：[工具](https://github.com/mbiesiad/symmetry-encoder-decoder) - Security.txt (RFC 9116) 检查器 - 浏览器扩展：[工具](https://github.com/mbiesiad/security-txt-checker) 希望你喜欢！🎉

标签：Capture The Flag, CTI, DNS 反向解析, HackTheBox, HTB, meg, OPA, THM, TryHackMe, VDP, Writeup, 云资产清单, 信息安全, 密码学, 应用安全, 手动系统调用, 技术文档, 教程, 网络安全, 网络安全审计, 解题思路, 逆向工具, 逆向工程, 隐写术, 隐私保护, 靶场