Skip to content

Harshil015/CTF-Writeups

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

36 Commits
 
 
 
 

Repository files navigation

🚩 CTF Writeups — Harshil Makwana

A living portfolio of hands-on offensive security practice — one flag at a time.

Hi, I'm Harshil Makwana, a cybersecurity practitioner actively building depth across offensive security, web exploitation, network analysis, and more. This repository is my public technical portfolio — a structured record of every CTF challenge I've solved, the methodology I applied, and what I learned.

I'm open to cybersecurity roles across:

🌍 International: Netherlands · Singapore · Switzerland · Norway · Germany · Finland
🇮🇳 India: Bangalore · Pune · Hyderabad · Gurugram · Noida

If you're a recruiter, hiring manager, or team lead in any of these locations — feel free to explore the writeups. They reflect how I think through problems, not just what tools I know.


📌 About This Repo

Every writeup here documents the full thought process — the right paths, the wrong turns, and the reasoning behind every decision. If I went down a rabbit hole before finding the solution, that's in here too. Those detours are usually where the actual learning happens.

This repo is not a trophy cabinet. It's a notebook that shows how I approach security problems under pressure — which is closer to real-world work than any certification can be.


🖥️ Platform

All challenges in this repo are solved on TryHackMe — exclusively CTFs.


📁 Repository Structure

CTF-Writeups/
│
├── TryHackMe Rooms/
│
└── Resources/
    └── cheatsheets, notes, useful references

Structure evolves as the repo grows. Kept intentionally logical and navigable.


🧠 Skills Demonstrated

The writeups collectively cover a wide range of domains relevant to penetration testing, SOC analysis, red teaming, and security engineering roles:

Domain Topics
Web Exploitation SQLi, XSS, SSRF, IDOR, auth bypasses, deserialization
Privilege Escalation Linux & Windows misconfigs, SUID/GUID abuse, kernel exploits
Binary Exploitation & Reversing Buffer overflows, ROP chains, disassembly, binary patching
Cryptography Classic ciphers, RSA flaws, hash cracking, custom crypto
Forensics Disk/memory analysis, steganography, packet capture
Active Directory Kerberoasting, Pass-the-Hash, BloodHound enumeration, lateral movement
Network Analysis Wireshark, traffic inspection, protocol analysis
OSINT Recon techniques, metadata analysis, open-source intelligence

🛠️ Tools I Use Regularly

nmap · gobuster / ffuf · Burp Suite · netcat · pwntools · GDB / peda · IDA Free / Ghidra · Volatility · Wireshark · CyberChef · hashcat / john · BloodHound / SharpHound · Impacket · Metasploit · sqlmap · LinPEAS / WinPEAS


📊 Progress Tracker

Platform: TryHackMe  |  Rooms Completed: 12

# Room Difficulty Primary Domain(s)
1 Simple CTF 🟢 Easy 🌐 Web · 🔺 Privilege Escalation
2 Mindgames 🟡 Medium 🔐 Cryptography · 🌐 Web
3 The Marketplace 🟡 Medium 🌐 Web Exploitation
4 Bookstore 🟢 Easy 🌐 Web · API Exploitation
5 JPGChat 🟢 Easy 🌐 Web · Command Injection
6 VulnNet 🟡 Medium 🖥️ Network Analysis · 🔺 Privilege Escalation
7 Unstable Twin 🟡 Medium 🌐 Web · 🔺 Privilege Escalation
8 Biteme 🟡 Medium 🌐 Web · Brute Force
9 Billing 🟢 Easy 🌐 Web · 🔺 Privilege Escalation
10 Light 🟢 Easy 🌐 Web · SQLi
11 GoldenEye 🟡 Medium 🖥️ Network Analysis · 🌐 Web
12 Madness 🟢 Easy 🔬 Forensics · 🔺 Privilege Escalation

Key: 🌐 Web · 🔺 Privilege Escalation · 🔬 Forensics · 🖥️ Network Analysis · 🔐 Cryptography

Domain tags are approximate — update any that don't accurately reflect a room's focus.


🎯 Why This Repo Matters (for Recruiters)

Certifications tell you what someone studied. This repo tells you how someone thinks.

Here's what you'll find evidence of in these writeups:

  • Structured problem-solving under ambiguity — no one hands you hints in a real engagement
  • Tool proficiency across the full offensive stack — not just one specialisation
  • Documentation discipline — writeups are clear, reproducible, and methodical
  • Self-directed learning — every challenge here was pursued independently
  • Security mindset — understanding why vulnerabilities exist, not just how to exploit them

📝 Why Writeups?

  1. Retention — Writing it down forces genuine understanding, not just lucky payloads.
  2. Portfolio — A live record of real problem-solving that speaks louder than a certificate list.
  3. Community — CTF culture runs on knowledge sharing. Someone helped me at some point (a blog post, a hint, a Discord message) — this is how I give that back.

⚠️ A Note on Spoilers

All writeups are for retired rooms and released challenges. No active challenge solutions are posted here — that's against platform rules, and it defeats the point anyway.


📬 Get in Touch

Open to opportunities, collaborations, and conversations about security.


The flags are retired. The skills aren't.

About

My CTF challenge write-ups and cybersecurity learning notes

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

 
 
 

Contributors