# Dudji's Docs ## Docs - [Challenges](https://writeups.dudji.com/challenges/index.md): Writeups for individual CTF and platform challenges. - [OverTheWire](https://writeups.dudji.com/challenges/overthewire/index.md): OverTheWire wargame writeups covering web, Linux, networking, and more. - [Natas](https://writeups.dudji.com/challenges/overthewire/natas/index.md): OverTheWire Natas — web security wargame covering source disclosure, LFI, injection, encoding, and more. - [Natas 0](https://writeups.dudji.com/challenges/overthewire/natas/natas0.md): Natas Level 0 — password hidden in an HTML comment in the page source. - [Natas 1](https://writeups.dudji.com/challenges/overthewire/natas/natas1.md): Natas Level 1 — right-click is blocked via JavaScript, but keyboard shortcuts bypass it entirely. - [Natas 10](https://writeups.dudji.com/challenges/overthewire/natas/natas10.md): Natas Level 10 — command injection character blacklist bypassed with a URL-encoded newline. - [Natas 2](https://writeups.dudji.com/challenges/overthewire/natas/natas2.md): Natas Level 2 — a world-readable files directory exposes a credentials file. - [Natas 3](https://writeups.dudji.com/challenges/overthewire/natas/natas3.md): Natas Level 3 — a disallowed path in robots.txt reveals a hidden directory. - [Natas 4](https://writeups.dudji.com/challenges/overthewire/natas/natas4.md): Natas Level 4 — access control enforced via the Referer header, trivially spoofed with a proxy. - [Natas 5](https://writeups.dudji.com/challenges/overthewire/natas/natas5.md): Natas Level 5 — session state stored in a plaintext client-side cookie, trivially forged. - [Natas 6](https://writeups.dudji.com/challenges/overthewire/natas/natas6.md): Natas Level 6 — a PHP include file is placed inside the web root and accessible directly via HTTP. - [Natas 7](https://writeups.dudji.com/challenges/overthewire/natas/natas7.md): Natas Level 7 — Local File Inclusion via an unsanitized page parameter passed directly to PHP include. - [Natas 8](https://writeups.dudji.com/challenges/overthewire/natas/natas8.md): Natas Level 8 — reversing a multi-step encoding chain to recover the secret. - [Natas 9](https://writeups.dudji.com/challenges/overthewire/natas/natas9.md): Natas Level 9 — command injection via unsanitized user input passed directly to a shell command. - [CTFs](https://writeups.dudji.com/ctfs/index.md): Full CTF event writeups and solutions. - [Writeups](https://writeups.dudji.com/index.md): A collection of detailed writeups for CTF machines, security challenges, and CTF competitions. - [HTB - Seasonal](https://writeups.dudji.com/machines/hackthebox/index.md): HackTheBox Seasonal machine writeups, organized by season. - [Season 10](https://writeups.dudji.com/machines/hackthebox/season-10/index.md): HackTheBox Season 10 machine writeups. - [Interpreter](https://writeups.dudji.com/machines/hackthebox/season-10/interpreter.md): HTB Seasonal - Season 10: Interpreter machine walkthrough. - [Enumeration](https://writeups.dudji.com/machines/hackthebox/season-10/interpreter/enumeration.md): Interpreter — Enumeration phase. - [Foothold](https://writeups.dudji.com/machines/hackthebox/season-10/interpreter/foothold.md): Interpreter — Foothold phase. - [Lateral Movement](https://writeups.dudji.com/machines/hackthebox/season-10/interpreter/lateral-movement.md): Interpreter — Lateral Movement phase. - [Privilege Escalation](https://writeups.dudji.com/machines/hackthebox/season-10/interpreter/privilege-escalation.md): Interpreter — Privilege Escalation phase. - [Machines](https://writeups.dudji.com/machines/index.md): Walkthroughs for HTB, THM, and other CTF machines. - [Cloud](https://writeups.dudji.com/sherlocks/cloud/index.md): Cloud forensics Sherlock writeups. - [Brutus](https://writeups.dudji.com/sherlocks/dfir/brutus.md) - [DFIR](https://writeups.dudji.com/sherlocks/dfir/index.md): Digital forensics and incident response Sherlock writeups. - [Vantage](https://writeups.dudji.com/sherlocks/dfir/vantage.md) - [Index](https://writeups.dudji.com/sherlocks/index.md): HackTheBox Sherlocks — blue team investigations across DFIR, SOC, malware analysis, threat intelligence, and cloud. - [Malware Analysis](https://writeups.dudji.com/sherlocks/malware-analysis/index.md): Malware analysis Sherlock writeups. - [SOC](https://writeups.dudji.com/sherlocks/soc/index.md): Security operations center Sherlock writeups. - [Noxious](https://writeups.dudji.com/sherlocks/soc/noxious.md) - [Phisnet](https://writeups.dudji.com/sherlocks/soc/phisnet.md) - [Telly](https://writeups.dudji.com/sherlocks/soc/telly.md) - [FortySeven-1](https://writeups.dudji.com/sherlocks/threat-intelligence/fortyseven-1.md): HTB Sherlock FortySeven-1 threat intelligence writeup. - [Threat Intelligence](https://writeups.dudji.com/sherlocks/threat-intelligence/index.md): Threat intelligence Sherlock writeups. ## OpenAPI Specs - [openapi](https://writeups.dudji.com/api-reference/openapi.json)