hofill@ctf:~$ whoami_

web enthusiast.
ctf player.

The place where magic hacking happens. Mostly poking holes in web apps,
occasionally winning things.

Blogs

AES CTF Tool — Fingerprinting and Attacking Block Ciphers

>>> My diploma thesis turned into a Python tool that fingerprints AES block cipher modes from ciphertext alone and automatically launches attacks.

My First Blog
all posts
Writeups
misc

Little Cluster

| CSCG25

>>> KubeCTL impersonation to escalate privileges and mount a secret via a crafted deployment.

reverse

GRID_WAVE

| CSCG25

>>> Reversing an AVR binary under QEMU to extract a RIPEMD-160 hash comparison byte by byte.

web

DNXSS-over-HTTPS

| KalmarCTF25

>>> DNS XSS through a proxy that forces Content-Type text/html. Used a TXT record as the payload.

web

invxss

| ROCSC25 Quals

>>> Invisible XSS payload crafting using Unicode zero-width characters as binary encoding.

web

Online Python Editor

| TRX CTF 2025

>>> Leak arbitrary file contents via Python's ast.parse() filename parameter and traceback line context.

all writeups