astronaut
Logbook
Web Security • Research • CTF
Menu
Jan 17, 2026 · research

CTF ideas (strange techniques)

A rolling Notion list of unusual CTF exploitation ideas and edge-case techniques.

Links

A grab-bag of oddball CTF ideas and edge-case techniques, mostly web-focused. Highlights worth revisiting:

  • DNS rebinding + cookie sandwich for bot workflows and flag-in-cookie setups.
  • Encoding trick (ISO-2022-JP) to break out of quotes when input is restricted.
  • CSP bypass patterns that leverage allowed img-src plus controlled navigation.
  • Cache priming + null-initiator navigation to replay cached XSS responses.
  • XS-leak via ETag size oracle and Chromium history length to detect 431 vs 200.
  • Infrastructure quirks like nginx parameter limits and curl URL globbing.