Hack the Boat CTF — My First Capture The Flag

 Posted on June 3, 2026  |  

Last Wednesday I participated in my first Capture The Flag event: Hack the Boat, hosted by ON2IT at their headquarters in Zaltbommel. A live maritime OT (Operational Technology) CTF inside “THE GRID” — controlling a simulated military cargo vessel’s ballast system. We got second place.

This post is a walkthrough of the exploit path we took, and a few lessons I learned along the way.

The Setup

Kali Linux live ISO running inside a QEMU VM on my laptop. I made a huge mistake early on: I started the VM with default networking (QEMU user-mode NAT), which meant the VM couldn’t see anything else on the LAN. The target was at 192.168.9.131 and my host was at 192.168.9.121 — same subnet, but the VM was trapped behind QEMU’s internal NAT.

[Read More]
ctf  security  apache  privilege-escalation  kali 

Neovim and Dockerized Intelephense

 Posted on January 25, 2026  |  

Goal

Set up Neovim to use a Dockerized version of Intelephense for PHP development.

Prerequisites

  • Neovim >= 0.11
  • neovim/nvim-lspconfig
  • Docker
  • Docker Compose

Creating a Docker Image for Development

FROM wordpress:latest

RUN apt-get update && apt-get install -y \
    curl \
    git \
    nodejs \
    npm \
    socat \
    unzip \
    && rm -rf /var/lib/apt/lists/*

RUN curl -sSLo /usr/local/bin/wp https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar \
    && chmod +x /usr/local/bin/wp \
    && groupmod -g1000 www-data \
    && usermod -g1000 -u1000 www-data \
    && npm install -g intelephense

COPY --from=composer:latest /usr/bin/composer /usr/bin/composer

⚠️ TODO:

[Read More]
php  intelephense  nvim  neovim  lsp  docker 

Change WordPress uploads URL

 Posted on August 15, 2016  |  

Changes the URL address WordPress renders for the user-uploaded files. The browser will fetch the files from the new address instead of fetching from the WordPress server. [Read More]
wordpress  php