My Personal Blog

My CRTP Experience: Preparation, Lab, and Exam Review

benhibafodhil@gmail.com (F0DH1L) — Tue, 10 Mar 2026 15:58:49 +0100

CRTP Certified

I’m officially CRTP certified!

I would like to express my gratitude to Nikhil Mittal and the Altered Security team for delivering this great certification and course. The exceptional support they provided throughout the entire journey was truly impressive. Here is the link:

https://www.credential.net/9b36a171-479b-4885-b1c1-792528a07269#acc.ZcH7lUSE

What Is CRTP?

Snyk CTF SecureBank - Chaining Cache Deception & CSPT for Account Takeover

benhibafodhil@gmail.com (F0DH1L) — Tue, 17 Feb 2026 20:56:39 +0100

Introduction

I had the opportunity to be a challenge author for Fetch The Flag CTF 2026, organized by Snyk and HackingHub. I designed a web challenge called SecureBank, which was solved 34 times out of more than 1,000 players by the end of the competition.

Want to try it yourself?
Play it on HackingHub: app.hackinghub.io/hubs/snyk-ftf-26-secure-bank
Or run it locally: github.com/F0DH1L/snyk_ctf_2k26_chall

Cybears ctf web/file manager

benhibafodhil@gmail.com (F0DH1L) — Sat, 27 Dec 2025 18:57:17 +0100

FileManager CTF Challenge Writeup

Challenge: FileManager
Event: Cybears CTF
Category: Web
Difficulty: Hard
Source Code: https://github.com/F0DH1L/cybears_ctf_2k25/tree/main/file_manager

I created this challenge for Cybears CTF, a Capture The Flag competition focused on the Africa region. The event brought together many talented teams from across the continent, making it an exciting competition with high-quality participation.

This was a web challenge that required chaining multiple vulnerabilities to steal the admin’s flag cookie.

TL;DR

This challenge chains three vulnerabilities to steal the flag:

Cybears ctf web/ozymandias

benhibafodhil@gmail.com (F0DH1L) — Sat, 27 Dec 2025 18:57:06 +0100

Ozymandias CTF Challenge Writeup

Challenge: Ozymandias
Event: Cybears CTF
Category: Web
Difficulty: Medium
Source Code: https://github.com/F0DH1L/cybears_ctf_2k25/tree/main/ozymandias

A Flask web application that requires exploiting a cache poisoning vulnerability combined with a race condition to obtain the premium flag without paying for it.

Cybears ctf web/gear5

benhibafodhil@gmail.com (F0DH1L) — Sat, 27 Dec 2025 18:56:58 +0100

Gear5 CTF Challenge Writeup

Challenge: Gear5
Event: Cybears CTF
Category: Web
Difficulty: Hard
Source Code: https://github.com/F0DH1L/cybears_ctf_2k25/tree/main/gear5

This was a challenge that I created, which required chaining multiple GraphQL vulnerabilities to exfiltrate sensitive data from a MongoDB-backed API. The exploit chain combines GraphQL introspection, IDOR, MongoDB ObjectID prediction, and rate limit bypass through alias abuse.

TL;DR

This challenge chains four vulnerabilities to retrieve the flag:

GraphQL Introspection, Discover hidden queries and schema structure
Information Disclosure, allUsersTimestamps leaks user creation timestamps
MongoDB ObjectID Prediction, Predictable ID structure allows ID generation
Rate Limit Bypass, GraphQL aliases batch multiple queries as a single request to bypass rate limiting on userSensitive query

The descripton said you need gear5 to solve it lets get that

Bsides algiers 2k25 web/Library Vaults

benhibafodhil@gmail.com (F0DH1L) — Sun, 21 Dec 2025 14:35:26 +0100

LibraryVault CTF Challenge Writeup

Challenge: LibraryVault
Event: BSides Algiers 2025
Category: Web
Difficulty: Hard

I solved this challenge during BSides Algiers 2025, and I was the only player to solve it the intended way. It was a web challenge that required chaining multiple vulnerabilities to achieve RCE.

On a side note, my team took first place in the CTF

TL;DR

This challenge chains four vulnerabilities to achieve RCE:

HTB Machine Writeup "TombWatcher"

benhibafodhil@gmail.com (F0DH1L) — Thu, 23 Oct 2025 14:01:34 +0100

HTB Machine: TombWatcher - Writeup

Machine Information

Difficulty: Medium
Key Concepts: Kerberoasting, LDAP Enumeration, BloodHound Analysis, Active Directory Privilege Escalation, Deleted Object Recovery, ADCS ESC15 Vulnerability

Overview

TombWatcher is a Medium Windows machine from HackTheBox that demonstrates a complex Active Directory attack path involving Kerberoasting, group membership manipulation, GMSA password extraction, ownership changes, recovering and restoring deleted AD objects, and ultimately exploiting an ADCS vulnerability (ESC15) to achieve domain administrator privileges.

HTB Machine Writeup "Artificial"

benhibafodhil@gmail.com (F0DH1L) — Thu, 23 Oct 2025 13:48:04 +0100

HTB Machine: Artificial - Writeup

Machine Information

Difficulty: Easy
OS: Linux
Key Concepts: TensorFlow/Keras Vulnerability, File Upload, Privilege Escalation Through Backrest service

Overview

Artificial is an Easy Linux machine from HackTheBox that demonstrates the dangers of accepting user uploaded machine learning models. The path to root involves exploiting a TensorFlow remote code execution vulnerability, database credential extraction, and abusing a backup service to read the root flag.

My First H1 Bounty: From Open Redirect to Profile Manipulation

benhibafodhil@gmail.com (F0DH1L) — Thu, 24 Jul 2025 10:11:07 +0100

From Open Redirect to DOM XSS to Profile Manipulation

My Journey to HackerOne

After 2.5 years of playing CTFs, I decided to start doing bug bounty to test my skills and try to make some money. My first month on Bugcrowd was mixed - I got some N/A reports, a few informational findings, and some valid P4/P3 vulnerabilities.

Bugcrowd isn’t a bad platform, but I had found some critical vulnerabilities there and submitted them. The problem was that they didn’t respond to my reports for more than 2 weeks, which made me lose motivation to keep hunting on the same platform. So I decided to switch to HackerOne to get my motivation back.