https://blog.l3afs.space/A useful Cybersecurity Blog which covers Web Exploitation, Reverse Engineering, Miscellanous challenges and Binary Exploitation. 2026-03-30T06:54:26+00:00 l3afai https://blog.l3afs.space/ Jekyll © 2026 l3afai /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2026-03-30T00:00:00+00:00 2026-03-30T00:00:00+00:00 https://blog.l3afs.space/posts/IKEA-Bug-Bounty-Microsoft-Graph-API-Proxy-Information-Leakage/ l3afai

IKEA Bug Bounty: Microsoft Graph API Proxy Information Leakage Target: [REDACTED].net Severity: High (7.5) Weakness: Broken Access Control / Insecure Proxy Report ID: #[REDACTED] 1. Summary The application [REDACTED].net contained an unauthenticated API proxy at /api/graph/*. This endpoint forwarded requests to the Microsoft Graph API using a high-privilege Service Principal. Because no sessi...

2025-12-09T00:00:00+00:00 2025-12-09T00:00:00+00:00 https://blog.l3afs.space/posts/Infobahn-CTF-2025-disthis-(rev)/ l3afai

Hey there! This is a writeup of the “disthis” CTF challenge, a Reverse Engineering chall. Challenge Overview Name: disthis Category: Reverse Engineering Handout: output.pyc (10.7 MB) Description: An obfuscated Python 3.13 pyc file that performs complex checks on an input file. بِسْمِ اللهِ الرَّحْمٰنِ الرَّحِيْمِ Part 1: The Failure of Static Analysis The first step was to ana...

2025-10-28T00:00:00+00:00 2025-10-28T00:00:00+00:00 https://blog.l3afs.space/posts/Dubai-Police-CTF-Utopia-City-Government-Portal-(Web)/ l3afai

Hey there! Challenge Overview Name: Utopia City Government Portal Difficulty: Easy Description: Utopia City has deployed a government portal for citizens to contact city officials and access services. Part 1: Analyzing the Backend Logic The first step was to examine the code. The code revealed a Express.js application with a few critical components. Key Code Snippets: The Vuln...

2025-10-15T00:00:00+00:00 2025-10-15T00:00:00+00:00 https://blog.l3afs.space/posts/Deen-Buddy-app-reverse-engineering/ l3afai

In-Depth Technical Analysis of the “Deen Buddy” Application and its Connection to Christian-Themed App “Haven” Hey there! This writeup provides a detailed breakdown of the “Deen Buddy” mobile application. Through reverse-engineering of its apk and an examination of its associated web infrastructure, a significant and undeniable link has been established between “Deen Buddy” (an app marketed to...

2025-09-01T00:00:00+00:00 2025-09-01T00:00:00+00:00 https://blog.l3afs.space/posts/NNS-CTF-This-Then-What-Huh-Web/ l3afai

Hey There! This is a writeup of the solution to the “This then what huh?” CTF challenge. The challenge presents a web-based puzzle where the goal is to navigate a cursor through a series of instruction “blocks” to print a flag. The solution isn’t in clever in-game logic, but is in exploiting a subtle vulnerability in Javascript’s event handling. Challenge Overview Name: This then what huh...