Welcome to InfoSec By Lucas.


Want to know more about me? Check out the about page. Dive into my write-ups of CTFs and online challenges that have sparked my curiosity, explore the projects I’m currently tinkering with, or browse my guides for practical tips and tricks.

Latest Posts

24/03/2025

Writeups

WolvCTF 2025

Limited 1, 2 and 3

16/12/2024

Writeups

HTB University 2024 - Web - Breaking Bank

Bypass authentication via jwt jku, then empty crypto wallet

15/12/2024

Writeups

HTB University 2024 - Web - Armaxis

Obtain access to the admin’s account, achieve code execution by dispatching weapons and retrieve the flag

26/05/2024

Writeups

STHACK 2024

This years Sthack CTF took place the 24th of May. You can find a description of this event here. For the last three years, the Non-Profit Hack4Values has been working with the Sthack to offer a private bug bounty program to help NGOs strengthen their digital security. The bug bounty program starts one week before the CTF, and ends around 11pm, during the competition. I spent the first few hours of the CTF finishing my report for the bug bounty, and found a critical vulnerability!