Anti-Slop Ctf

Anti-Slop CTF 2026 web writeup — Slipstream Cache TLV parser split and SloppedRider SSRF-to-HMAC-key leak

Anti-Slop CTF 2026 Web Writeup: Slipstream Cache + SloppedRider

The premise of Anti-Slop CTF 2026 is in the name. It’s a CTF built to punish lazy solving and reward people who read code. The web track had two challenges that hit that brief exactly: Slipstream Cache, a custom package registry whose signature verifier and installer disagreed about which bytes were authenticated, and SloppedRider, a Node app whose error path leaked the HMAC key that signed its own score tickets. Neither one falls to a tool. Both fall to a careful read. ...

June 21, 2026 · 18 min · 3640 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap