diff --git a/Web/Cascade/Flag.png b/Web/Cascade/Flag.png
new file mode 100644
index 0000000..41399c1
Binary files /dev/null and b/Web/Cascade/Flag.png differ
diff --git a/Web/Cascade/README.md b/Web/Cascade/README.md
new file mode 100644
index 0000000..588ac7f
--- /dev/null
+++ b/Web/Cascade/README.md
@@ -0,0 +1,28 @@
+## Cascade
+The main idea finding the flag is just viewing the page source.
+
+#### Step-1:
+After I visited the URL: http://chall.csivit.com:30203, this web page was shown:
+
+
+
+
+#### Step-2:
+
+I tried all `/robots.txt`, `/flag.txt` or any access to tiny server by `//`. Also by visiting both given links, didn't give any flags.
+
+#### Step-3:
+Now, I searched for page source, and got this web page.
+
+
+
+I explored for `/static/style.css`.
+
+#### Step-4:
+
+
+Voila! I got the flag.
+
+#### Step-5:
+Finally the flag becomes:
+`csictf{w3lc0me_t0_csictf}`
\ No newline at end of file
diff --git a/Web/Cascade/Web1.png b/Web/Cascade/Web1.png
new file mode 100644
index 0000000..e14f913
Binary files /dev/null and b/Web/Cascade/Web1.png differ
diff --git a/Web/Cascade/Web2.png b/Web/Cascade/Web2.png
new file mode 100644
index 0000000..9708793
Binary files /dev/null and b/Web/Cascade/Web2.png differ
diff --git a/Web/Mr Rami/Flag.png b/Web/Mr Rami/Flag.png
new file mode 100644
index 0000000..2f3ded2
Binary files /dev/null and b/Web/Mr Rami/Flag.png differ
diff --git a/Web/Mr Rami/README.md b/Web/Mr Rami/README.md
new file mode 100644
index 0000000..228c4c1
--- /dev/null
+++ b/Web/Mr Rami/README.md
@@ -0,0 +1,28 @@
+## Mr Rami
+The main idea finding the flag is accessing dormant sub domains of the site.
+
+#### Step-1:
+After I visited the URL: [http://chall.csivit.com:30231](http://chall.csivit.com:30231), this web page was shown:
+
+
+
+
+#### Step-2:
+
+I tried http://chall.csivit.com:30231/robots.txt and I got this:
+
+
+
+#### Step-3:
+There we got that `Disallow: /fade/to/black`, so I explored that URL:
+http://chall.csivit.com:30231/fade/to/black
+
+
+#### Step-4:
+Voila! I got the flag there.
+
+
+
+#### Step-5:
+Finally the flag becomes:
+`csictf{br0b0t_1s_pr3tty_c00l_1_th1nk}`
diff --git a/Web/Mr Rami/Robots.png b/Web/Mr Rami/Robots.png
new file mode 100644
index 0000000..3567ce4
Binary files /dev/null and b/Web/Mr Rami/Robots.png differ
diff --git a/Web/Mr Rami/Web1.png b/Web/Mr Rami/Web1.png
new file mode 100644
index 0000000..5abd5d0
Binary files /dev/null and b/Web/Mr Rami/Web1.png differ
diff --git a/Web/Oreo/README.md b/Web/Oreo/README.md
new file mode 100644
index 0000000..bb97848
--- /dev/null
+++ b/Web/Oreo/README.md
@@ -0,0 +1,29 @@
+## Oreo
+The main idea finding the flag is just tweaking the cookies.
+
+#### Step-1:
+After I visited the URL: http://chall.csivit.com:30243/, this web page was shown:
+
+
+
+
+#### Step-2:
+
+I tried inspecting the element, but it wasn't helpful. So I checked the cookie and got a cookie `flavour` with value `c3RyYXdiZXJyeQ%3D%3D`.
+
+#### Step-3:
+It was simple Base64 and I decoded it to get `strawberry`.
+
+
+
+#### Step-4:
+So I got to change the flavor to chocolate as in description. So I encoded `chocolate` accordingly, to get:
+
+
+
+#### Step-5:
+I loaded that base64 encoding `Y2hvY29sYXRl` as a cookie and refreshed the page to get the flag.
+
+#### Step-6:
+Finally the flag becomes:
+`csictf{1ick_twi5t_dunk}`
\ No newline at end of file
diff --git a/Web/Oreo/Web1.png b/Web/Oreo/Web1.png
new file mode 100644
index 0000000..57c88e4
Binary files /dev/null and b/Web/Oreo/Web1.png differ
diff --git a/Web/Oreo/base64_decode.png b/Web/Oreo/base64_decode.png
new file mode 100644
index 0000000..ff980cd
Binary files /dev/null and b/Web/Oreo/base64_decode.png differ
diff --git a/Web/Oreo/base64_encode.png b/Web/Oreo/base64_encode.png
new file mode 100644
index 0000000..de6a188
Binary files /dev/null and b/Web/Oreo/base64_encode.png differ
diff --git a/Web/Secure Portal/README.md b/Web/Secure Portal/README.md
new file mode 100644
index 0000000..23276e3
--- /dev/null
+++ b/Web/Secure Portal/README.md
@@ -0,0 +1,10 @@
+## Secure Portal
+The main idea finding the flag is decoding the script given.
+
+#### Step-1:
+I couldn't understand on how to proceed, so here is the writeup I followed.
+https://github.com/skyf0l/CTF/blob/master/CSICTF_2020/Web.md#secure-portal
+
+
+#### Step-2:
+`csictf{l3t_m3_c0nfus3_y0u}`
\ No newline at end of file
diff --git a/Web/Warm Up/Flag.png b/Web/Warm Up/Flag.png
new file mode 100644
index 0000000..4dc71fd
Binary files /dev/null and b/Web/Warm Up/Flag.png differ
diff --git a/Web/Warm Up/README.md b/Web/Warm Up/README.md
new file mode 100644
index 0000000..743751b
--- /dev/null
+++ b/Web/Warm Up/README.md
@@ -0,0 +1,55 @@
+## Warm Up
+The main idea finding the flag is exploiting PHP type juggling.
+
+#### Step-1:
+After I visited the URL: http://chall.csivit.com:30272/, I was greeted with below code:
+
+```php
+
+```
+
+
+#### Step-2:
+
+Sha1 of `10932435112` is `0e07766915004133176347055865026311692244`
+
+The comparison `if($hash == $target)` is vulnerable because it is not a strict comparison with `===`.
+
+#### Step-3:
+So a bit more deep search of `sha1(10932435112)` online gave me links to [Magic Hashes](https://git.linuxtrack.net/Azgarech/PayloadsAllTheThings/blob/master/PHP%20juggling%20type/README.md)
+
+#### Step-4:
+So, I tried the URL as any of the below. All have to work because all de-reference to same hash.
+ - http://chall.csivit.com:30272/?hash=aaK1STfY
+ - http://chall.csivit.com:30272/?hash=aaroZmOk
+ - http://chall.csivit.com:30272/?hash=aaO8zKZF
+ - http://chall.csivit.com:30272/?hash=aa3OFF9m
+
+Any other hashes like MD5, will give false flag of `csictf{loser}`.
+
+
+
+Voila! I got the flag.
+
+#### Step-5:
+Finally the flag becomes:
+`csictf{typ3_juggl1ng_1n_php}`
\ No newline at end of file