Filling in the blank: Technical writeup of the tj-actions supply chain attack
Workflow consist of actions Have triggers Actions have inputs and outputs There are secrets
This is my current blog that captures my academic journey and hosts my Capture-the-flag (CTF) write ups :)
Academic
I completed my Master’s in Cybersecurity at the Hasso Plattner Institute in Potsdam, Germany. I am now pursuing a PhD at the University of North Carolina at Charlotte focused on Software Supply Chain Security, with a particular interest in securing the build process. I am advised by Marco Vieira
Memberships
- ISSRE 2025, PC member (Artifact Evaluation Track)
CTF
My main CTF-Team is upb/hack.
2025
- DEADFACE CTF 2025
- Team challenge with
upb/hackwith rank $19$ out of $853$
- Team challenge with
- OpenESCS 25
- Rank $39$ out of $577$
- CrewCTF 2025
- Writeup misc/secure-file-transfer
- ImaginaryCTF 2025
- BrunnerCTF 2025
- Writeup for three mobile challenges
- SEKAI CTF 2025
- DUCTF 2025
- UIUCTF CTF 2025
- Writeup misc/Ai-clippy
- L3akCTF 2025
- Phreaks 2025
Others
- Won UIUCTF CTF 2025 writeup price for misc/Ai-clippy
Recent posts
openESEC 2025 - web/polish-bar
This Web Application was made to adapt to Polish (drinking) culture :3
CrewCTF 2025 - misc/Secure File Transfer
I vibe coded a file transfer program. Surely it is secure…
BrunnerCTF 2025 - mobile
In this CTF, I focussed on the three provided mobile challenges:
UIUCTF 2025 - misc/Ai-clippy
CTF challenges concerned about untrusted MCP servers.