I have been playing CTFs lately, and honestly, it's a real mind workout, I would say. The first one I participated in was Bugcrowd black hat USA, where I was just able to solve 2 challenges, and the next one was WHY2025 CTF. There were only a few hours left when I joined so I solved 2 challenges in this one. Not bad though.

Next comes up scriptCTF, 48 hours long and I kinda gave up after trying for first 12 hours. Still solved 7 challenges (out of 37 🫣) and that was progress I would say.

When I started participating in these CTFs, I didn't have any goal but just building up more skills but then I remembered that there is an organization that arranges CTF physically across my area in probably October. I never participated in that thinking that I am too beginner for that but now I am gonna use these online CTF participations to build up my confidence to show up to this one and probably win too (inshallah).

That's what I have been doing lately.

Also a quick thing that's in mind lately was I discovered exposure of /.git/config file in a responsible disclosure program but I didn't reported that because I wasn't able to find any obvious security issue. But then I saw someone reporting every minor misconfiguration he finds and decided to report that. But little did I know, that is probably already reported by someone else and that subdomain gives timeout everytime I try to access that. The program probably took down that subdomain.

But what can I do about it now? Learn a lesson and move forward. That's what I am gonna do.

Additional note: I am playing these CTFs solo so if you are willing to team up with me, I would be up for that.

That's it for now. I don't know what will I write about next but that would probably be something I will learn from my upcoming hitcoin CTF that would start on 22 august (almost 9 hours later today).

Till then, stay safe and keep learning.