Web Pentester & CTF Player

00x Canelo

Offensive Security| Web Exploitation| Egypt 🇪🇬| منتخب القهوة
View Writeups Get in Touch
scroll to explore
// 01

About Me

I'm 00xCanelo — a web penetration tester and competitive CTF player from Egypt. I specialize in white-box source code auditing, chaining multi-stage vulnerabilities, and finding attack paths automated tools can't see.

I hunt the intersection of logic flaws, parser abuse, and trust boundary violations. My methodology reconstructs the developer's mental model and finds exactly where their assumptions break.

Competing with Mont5ab el2hwa (منتخب القهوة)currently #2 in Egypt on CTFtime. Every exploit chain I build gets a detailed writeup.

#2
Egypt CTFtime Rank
#42
Global CTFtime Rank
295.047
2026 Rating Pts
11
CTFs This Year
// recent placements
TAMUctf 2026 #75
UTCTF 2026 #89
DiceCTF 2026 Quals #44
upCTF 2026 #9
// 02

Expertise

[ 01 ]
SSRF & CRLF Injection
Chaining SSRF with CRLF header injection for protocol-level exploitation. DNS rebinding for TOCTOU bypasses.
[ 02 ]
White-Box Code Audit
Deep source analysis, tracing tainted data from entry to sink. Identifying implicit type coercions and insecure defaults.
[ 03 ]
Prototype Pollution
JS prototype chain manipulation, gadget identification, escalation from client-side to RCE via server-side pollution.
[ 04 ]
Template Injection (SSTI)
SSTI across Jinja2, Twig, Handlebars, Pebble. Context-aware payload construction and full sandbox escapes.
[ 05 ]
PDF / Parser Exploitation
Exploiting PDF generators (pdfkit, wkhtmltopdf). Meta tag injection, post-file exfiltration, data URI smuggling.
[ 06 ]
Next.js / Node.js
Next.js image optimization abuse, _next/image SSRF, API route logic flaws, middleware bypass, edge runtime exploitation.
// 03

CTF Writeups

01
Luxor Finals CTF · Mar 2026
Season | Luxor Finals CTF
mont5ab-el2hwa penetration-testing cyctf PHP
02
CAT CTF 26 · Mar 2026
CAT CTF 26 — Entry Level
ctf cat-ctf mont5ab-el2hwa LFI/Path Traversal
03
CyCTF Luxor web writeup · Mar 2026
CyCTF Luxor web writeup
web-pentesting cyctf penetration-testing ctf ethical-hacking RCE
04
Fahemsec · Jan 2026
Audtior | Fahemsec
cybersecurity fahemse ctf pentesting writeup RCE
05
0xL4ugh v5 CTF · Jan 2026
pdf.exe | 0xL4ugh v5 CTF
ctf 0day bug-bounty writer mont5ab-el2hwa pdfkit
06
Fahemsec · Dec 2025
BugZzzz | Fahemsec
ethical-hacking fahemsec ctf hacking mont5ab-el2hwa RCE
07
OhMyPP Web challenge PWNSEC CTF · Nov 2025
OhMyPP Web challenge PWNSEC CTF
web-exploitation ethical-hacking hacking mont5ab-el2hwa ctf RCE
08
MISC Challenges IEEE CTF · Sep 2025
All Web & MISC Challenges IEEE CTF
ieee ctf mont5b-el2hwa hacking RCE White-Box
09
All Web Challenges Connectors CTF · Sep 2025
All Web Challenges Connectors CTF| منتخب القهوة
mushrooms ctf-walkthrough ctf-writeup ctf connectors-ctf Web
10
CatReloaded CTF 2025 · Aug 2025
Nostalgia | CatReloaded CTF 2025
ctf ctf-writeup penetration-testing RCE
+
Medium · synced 02 Apr 2026 12:05 UTC
All writeups on Medium_
Live
// 04

CTF Events 2026

#42
Global Rank
#2
Egypt Rank
295.047
Rating Points
11
Events Tracked
Latest Events
TAMUctf 2026
57.483 pts
#75
place
UTCTF 2026
35.596 pts
#89
place
DiceCTF 2026 Quals
71.526 pts
#44
place
upCTF 2026
20.241 pts
#9
place
ApoorvCTF 2026
20.623 pts
#15
place
Highest Ranked Events
EHAX CTF 2026
28.987 pts
#3
place
upCTF 2026
20.241 pts
#9
place
0xFUN CTF 2026
15.99 pts
#9
place
ApoorvCTF 2026
20.623 pts
#15
place
0xL4ugh CTF v5
5.889 pts
#34
place
Highest Rating Points
DiceCTF 2026 Quals
#44 placement
71.526
pts
TAMUctf 2026
#75 placement
57.483
pts
UTCTF 2026
#89 placement
35.596
pts
EHAX CTF 2026
#3 placement
28.987
pts
PascalCTF 2026
#45 placement
21.29
pts
// 05

Team

CTFtime Egypt · Official Rankings
Mont5ab El2hwa
منتخب القهوة
#2 in Egypt  ·  #42 Global — CTFtime 2026
// 06

Contact

Let's
break
things.
Medium
@00xCanelo
CTFtime
Mont5ab El2hwa
Email
LinkedIn →