PortSwigger Lab: Blind SQL Injection with Conditional Responses

A writeup for PortSwigger’s Blind SQL Injection with Conditional Responses lab, covering boolean-based testing, administrator password extraction, Burp Intruder, Cluster Bomb, grep match, and binary search logic.

June 5, 2026 · 6 min · Max Tse

CTF Challenge - Chortle Writeup

A writeup for a CTF Challenge, covering hidden data extraction, ZIP cracking, web enumeration, API signature forgery, SQLite database analysis, and file read abuse.

May 24, 2026 · 6 min · Max Tse

Cookie Crumbles Notes: Cookies Need Integrity, Not Just Confidentiality

My notes and reflections on the USENIX Security 2023 paper Cookie Crumbles, focusing on cookie integrity, SameSite limitations, session fixation, and web pentesting takeaways.

May 20, 2026 · 8 min · Max Tse