MCSC Blogs
Explore the world of cybersecurity through articles, tutorials, and insights from the MITS Cyber Security Club
Latest Articles
Eschaton CTF 2026: Campus Link
2026-02-20 • Athul Prakash NJ (@psychoSherlock)
A web exploitation challenge involving host header injection, SSRF, and a blind XSS attack to manipulate an admin panel and change student grades. Walk through the process of discovering internal services, bypassing CSP restrictions, and automating form submissions to achieve the desired outcome.
Eschaton CTF 2026: Get Me A Ticket
2026-02-20 • Athul Prakash NJ (@psychoSherlock)
A writeup for the 'Get Me A Ticket' challenge from Eschaton CTF 2026, involving a critical SQL injection vulnerability in Django and a race condition in coupon redemption logic.
Eschaton CTF 2026: TragicRoll
2026-02-20 • Athul Prakash NJ (@psychoSherlock)
A writeup for the 'TragicRoll' challenge from Eschaton CTF 2026, involving a vulnerability in OpenGraph metadata to execute arbitrary commands via ImageMagick's processing of preview images.
mcscCTF: Harappan Engineering Precision
2025-08-25 • Krishna Rajeev (@solvz)
A binary exploitation challenge combining information leaks with buffer overflow. Walk through the process of bypassing ASLR, calculating memory offsets, and hijacking program control flow to reach a hidden function.
mcscCTF: Imperial Gate
2025-08-25 • Athul Prakash NJ (@psychoSherlock)
A challenging web security exploit targeting Next.js middleware vulnerabilities. Discover how to bypass authentication using CVE-2025-29927 and special HTTP headers to access the sacred chamber.
mcscCTF: Ithihas
2025-08-25 • Athul Prakash NJ (@psychoSherlock)
A digital forensics challenge involving Git repository analysis. Discover hidden secrets by exploring commit history, branches, and understanding what lies beneath a seemingly simple blog project.