CTFs are where security gets to be playful and precise at the same time. My favorite challenges teach one durable idea: a parsing edge case, a broken trust boundary, a weird encoding mistake, a crypto assumption, or the moment where operational convenience quietly becomes an exploit path.

What I Build

• Web exploitation challenges with real application behavior
• Reverse engineering and binary exploitation puzzles
• OSINT, forensics, crypto, and scripting challenges
• Badge and firmware-adjacent puzzles
• Deployment automation for live challenge infrastructure
• Writeups that explain the path without erasing the discovery

Design Notes

A good CTF challenge should feel fair after the solve. The trick can be hidden, but the evidence should be present. I try to design around observable behavior, small chains of reasoning, and one or two moments where the solver has to stop guessing and understand what the system is actually doing.

I am especially interested in challenge design that holds up in the age of AI assistance. That means per-team state, live-service interaction, challenge-specific quirks, and solves that require evidence rather than a generic promptable recipe.

Starting Points

• Why I Like Building CTF Challenges
• Making CTF Challenges Harder To Prompt-Solve