Jan 17, 2026 · research
CTF ideas (strange techniques)
A rolling Notion list of unusual CTF exploitation ideas and edge-case techniques.
Links
A grab-bag of oddball CTF ideas and edge-case techniques, mostly web-focused. Highlights worth revisiting:
- DNS rebinding + cookie sandwich for bot workflows and flag-in-cookie setups.
- Encoding trick (ISO-2022-JP) to break out of quotes when input is restricted.
- CSP bypass patterns that leverage allowed
img-srcplus controlled navigation. - Cache priming + null-initiator navigation to replay cached XSS responses.
- XS-leak via ETag size oracle and Chromium history length to detect 431 vs 200.
- Infrastructure quirks like nginx parameter limits and curl URL globbing.