Aaron's Blog

Ramblings about random security-related things

(follow Twitter to keep up to date)

Draining Vaults in HackTM CTF Quals 2023

This writeup explains my thought process as I solve two smart contract hacking challenges—Dragon Slayer and Diamond Heist—from this year's HackTM Quals CTF.

Don't Be Afraid of Self-Taught Programmers

I think that self-taught programmers can be just as qualified for the job as those who had a guided computer science (CS) education.

Why I Dropped Out of University

I am very confident that I made the right decision to stop pursuing my degree. The purpose of this blog post is to document most of my thoughts about university life, my decision, and life in general.

Defcon CTF Quals 2021 Writeups

I have never posted rev/pwn writeups here, so I figured I should do some from Defcon CTF Quals this year.

Regular Expressions for Source Code Analysis

Some codebases are stunningly large. Because there's no way to ever read over every line of code, I use complex search queries to look for interesting, potentially vulnerable code.

School-Sponsored Extracurriculars are a Waste of Time

I made a big mistake in high school and felt like writing about it.

uftpd - Buffer Overflow and Directory Traversal Writeup

This post is an informal writeup about multiple vulnerabilities in uftpd FTP server, some of which could lead to remote code execution.

U.S. Department of Defense - Info Disclosure and SQLi Writeup

This is a short writeup about a critical severity vulnerability that led me to discover another high severity vulnerability in a Navy website covered by the Department of Defense's HackerOne program.

Exploiting Prepared Statements

This post is about a little-known type of vulnerability in which the attacker manipulates the parameters bound to prepared statements with malicious goals such as bypassing access control.

Building a Silent 6 GPU Ethereum Mining Rig

This blog post documents the construction and operation of a silent 6 GPU Ethereum miner I built for fun.

Mythic Beasts - XSS+CSRF Writeup

This is a technical writeup about a vulnerability in Mythic Beasts that led to total account compromise, and why being able to chain XSS with CSRF is so dangerous.

The Basics of Web Security

This was written to help some friends of mine who are becoming interested in cybersecurity to be able to learn. It explains web vulnerabilities including XSS, CSRF, SQLi, IAC, and window.opener.