/hɛks uː/ • long story behind this name
Welcome to my blog. Check below to see my socials!
Unlike my usual deep dives, this blog post will contain my thoughts while solving bits CTF 2026 web challenge rusty-proxy which was victim to agentic AI, but insightful nonetheless.
This challenge demonstrated that security vulnerabilities often exist not in the code itself, but in the glue connecting different components. While the PHP application and the `expect` script appeared logically sound in isolation, the vulnerability emerged from the behavior of the Linux TTY subsystem.
