Web Pentester & CTF Player

00x Canelo

Offensive Security| Web Exploitation| Egypt 🇪🇬| منتخب القهوة
View Writeups Get in Touch
scroll to explore
// 01

About Me

I'm 00xCanelo — a web penetration tester and competitive CTF player from Egypt. I specialize in white-box source code auditing, chaining multi-stage vulnerabilities, and finding attack paths automated tools can't see.

I hunt the intersection of logic flaws, parser abuse, and trust boundary violations. My methodology reconstructs the developer's mental model and finds exactly where their assumptions break.

Competing with Mont5ab el2hwa (منتخب القهوة)currently #1 in Egypt on CTFtime. Every exploit chain I build gets a detailed writeup.

#1
Egypt CTFtime Rank
#27
Global CTFtime Rank
448.780
2026 Rating Pts
17
CTFs This Year
// recent placements
0xV01D CTF 2026 #11
TJCTF 2026 #69
Midnight Sun CTF 2026 Quals #88
UMDCTF 2026 #10
// 02

Expertise

[ 01 ]
SSRF & CRLF Injection
Chaining SSRF with CRLF header injection for protocol-level exploitation. DNS rebinding for TOCTOU bypasses.
[ 02 ]
White-Box Code Audit
Deep source analysis, tracing tainted data from entry to sink. Identifying implicit type coercions and insecure defaults.
[ 03 ]
Prototype Pollution
JS prototype chain manipulation, gadget identification, escalation from client-side to RCE via server-side pollution.
[ 04 ]
Template Injection (SSTI)
SSTI across Jinja2, Twig, Handlebars, Pebble. Context-aware payload construction and full sandbox escapes.
[ 05 ]
PDF / Parser Exploitation
Exploiting PDF generators (pdfkit, wkhtmltopdf). Meta tag injection, post-file exfiltration, data URI smuggling.
[ 06 ]
Next.js / Node.js
Next.js image optimization abuse, _next/image SSRF, API route logic flaws, middleware bypass, edge runtime exploitation.
// 03

CTF Writeups

01
Luxor Finals CTF · Mar 2026
Season | Luxor Finals CTF
mont5ab-el2hwa penetration-testing cyctf PHP
02
CAT CTF 26 · Mar 2026
CAT CTF 26 — Entry Level
ctf cat-ctf mont5ab-el2hwa LFI/Path Traversal
03
CyCTF Luxor web writeup · Mar 2026
CyCTF Luxor web writeup
web-pentesting cyctf penetration-testing ctf ethical-hacking RCE
04
Fahemsec · Jan 2026
Audtior | Fahemsec
cybersecurity fahemse ctf pentesting writeup RCE
05
0xL4ugh v5 CTF · Jan 2026
pdf.exe | 0xL4ugh v5 CTF
ctf 0day bug-bounty writer mont5ab-el2hwa pdfkit
06
Fahemsec · Dec 2025
BugZzzz | Fahemsec
ethical-hacking fahemsec ctf hacking mont5ab-el2hwa RCE
07
OhMyPP Web challenge PWNSEC CTF · Nov 2025
OhMyPP Web challenge PWNSEC CTF
web-exploitation ethical-hacking hacking mont5ab-el2hwa ctf RCE
08
MISC Challenges IEEE CTF · Sep 2025
All Web & MISC Challenges IEEE CTF
ieee ctf mont5b-el2hwa hacking RCE White-Box
09
All Web Challenges Connectors CTF · Sep 2025
All Web Challenges Connectors CTF| منتخب القهوة
mushrooms ctf-walkthrough ctf-writeup ctf connectors-ctf Web
10
CatReloaded CTF 2025 · Aug 2025
Nostalgia | CatReloaded CTF 2025
ctf ctf-writeup penetration-testing RCE
+
Medium · synced 31 May 2026 11:13 UTC
All writeups on Medium_
Live
// 04

CTF Events 2026

#27
Global Rank
#1
Egypt Rank
448.780
Rating Points
17
Events Tracked
Latest Events
0xV01D CTF 2026
16.068 pts
#11
place
TJCTF 2026
40.848 pts
#69
place
Midnight Sun CTF 2026 Quals
29.169 pts
#88
place
UMDCTF 2026
70.116 pts
#10
place
CTF@CIT 2026
47.86 pts
#1
place
Highest Ranked Events
CTF@CIT 2026
47.86 pts
#1
place
EHAX CTF 2026
28.987 pts
#3
place
upCTF 2026
19.803 pts
#9
place
0xFUN CTF 2026
15.99 pts
#9
place
UMDCTF 2026
70.116 pts
#10
place
Highest Rating Points
DiceCTF 2026 Quals
#44 placement
71.526
pts
UMDCTF 2026
#10 placement
70.116
pts
TAMUctf 2026
#75 placement
57.483
pts
CTF@CIT 2026
#1 placement
47.86
pts
UMassCTF 2026
#46 placement
45.906
pts
// 05

Team

CTFtime Egypt · Official Rankings
Mont5ab El2hwa
منتخب القهوة
#1 in Egypt  ·  #27 Global — CTFtime 2026
// 06

Contact

Let's
break
things.
Medium
@00xCanelo
CTFtime
Mont5ab El2hwa
Email
LinkedIn →