Writeups

Longer pieces: CTF writeups, findings, or deep dives into tools and techniques.

• Bypassing WAF header checks

  Case normalization and duplicate headers.

  A small inconsistency between a WAF and a backend’s header parsing logic allowed a request to bypass a simple authentication header check.

  2026-02-18 waf bypass http

• Sigma rule false positives in a Windows shop

  Tuning a high-signal rule without losing coverage.

  Encoded PowerShell is a strong detection signal, but legitimate automation can trigger the same pattern.

  2026-03-04 sigma detection windows

• Container escape primer

  Capabilities, mounts, and how containers reach the host.

  A small lab environment used to explore how container misconfigurations can expose the host system.

  2026-03-10 containers escape linux