https://n9o.xyz/tags/la-ctf/ Recent content in LA CTF on Hugo -- gohugo.io en © 2026 Vaishnav Baraskar Sun, 18 Feb 2024 00:00:00 +0000 https://n9o.xyz/capturetheflag/onebyone/ Sun, 18 Feb 2024 00:00:00 +0000 https://n9o.xyz/capturetheflag/onebyone/ <h2 class="relative group">0x00 – Prologue <div id="0x00--prologue" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 ltr:-left-6 rtl:-right-6 not-prose group-hover:opacity-100"> <a class="group-hover:text-primary-300 dark:group-hover:text-neutral-700 !no-underline" href="#0x00--prologue" aria-label="Anchor">#</a> </span> </h2> <p>Brute-forcing a Google Form? Yeah, it sounds dumb until you realize the form is leaking state via some sneaky HTML fields. That&rsquo;s when it turns into an actual side-channel attack and not just clicking buttons like a bot. This was one of those problems where you stare at Chrome DevTools long enough, and suddenly you&rsquo;re deep in Puppeteer automations and page parity logic.</p>