BroncoCTF 2026 web + crypto writeup — six challenges solved covering a SQLite LIKE injection where the app leaks its own query tail via a quote reflection and its naive keyword stripper turns ORDER into DER but the payload uses the app's own is_secret column against it, a robots.txt that both disallows a leftover /security dev page revealing password = reverse(username) and carries a base64 comment decoding to the user list with only admin:nimda returning the flag, an /api/config endpoint exposing plaintext credentials for a client-side password compare paired with a /login endpoint that blindly trusts a client-supplied authenticated:true POST body, a 500-derivative calculus gate implemented as pure CSS filter:blur(20px) with the sharp PNG fetched unconditionally from an internal endpoint, a MD5-hex-digest command dispatcher with an uppercase show trap and a program feature that lets a 128-byte MD5 collision block register as a program name so its sibling collision block matches by hash but not by string and falls through to the flag branch, and an XOR one-time pad whose key bytes are drawn only from a 64-character alphabet so every ciphertext byte becomes a per-position membership test that collapses to one candidate after 127 samples

BroncoCTF 2026 Web + Crypto Writeup: 6 Challenges Solved

BroncoCTF 2026 (bronco flag prefix, hosted by Cal Poly Pomona’s Cyber Security Club) shipped a web track built entirely around one lesson repeated four different ways: client-side checks are not access control. Forbidden Archives blows past a naive keyword-stripping WAF by using the app’s own is_secret column against it. Lovely Login puts the entire authentication story in robots.txt (a disallowed /security page + a base64 user list in a comment). Super Secure Server exposes plaintext credentials at /api/config for a client-side compare, and separately its /login endpoint blindly trusts a client-supplied {"authenticated": true} JSON body. Unblur Me implements a “solve 500 derivatives to unlock the image” gate as pure CSS filter: blur(20px) on an <img> that already has the sharp bytes. The crypto track pairs a repeat-encrypt XOR OTP whose 64-character key alphabet leaks structure into every sample (Probably Unbreakable) with a command dispatcher whose MD5-hash-vs-string mismatch inside a program recursion turns a classic 128-byte collision pair into an unlock primitive (Blorg Multiplier). ...

July 16, 2026 · 28 min · 5954 words · CyberSecurity Elite Team
Junior.Crypt 2026 web + crypto writeup — seven challenges solved covering newline-based shell command injection through a first-line-only validator, HS256 JWT with a wordlist-cracked butterfly secret, timestamp-seeded RSA key generation with 604800 candidates, offline Vaudenay CBC padding-oracle replay from a timing trace, Franklin-Reiter with e=3 and a known affine relation, LCG with 20-bit truncated seed, and many-time pad recovered by multiset match against a fixed template

Junior.Crypt 2026 Web + Crypto Writeup: 7 Challenges Solved

Junior.Crypt 2026 (grodno flag prefix) shipped a web track with two well-designed misuse challenges and a crypto track built almost entirely around a single Portal / Aperture Science theme where every flag payload spells out its own vulnerability class in leetspeak: “still alive but GLaDOS keeps rewriting messages” is Franklin-Reiter over e = 3; “this was a triumph but the seed was too small” is a 20-bit truncated LCG; “companion cube this is strictly a many-time pad” is a template-driven multiset-match recovery; “neurotoxin diagnostics leak through timing alone” is an offline Vaudenay CBC padding-oracle attack replayed from a recorded 98,304-record timing trace. The web track’s Pulse challenge lets you inject a shell command through a validator that only checks the first line of a batch input, while Wrodle ships an HS256 game-state JWT whose secret is butterfly from any modern wordlist. ...

July 15, 2026 · 29 min · 6063 words · CyberSecurity Elite Team
TraceBash CTF 2026 crypto writeup — small-subgroup DH, harmonic XOR key, shared RSA prime, and stream-cipher seed brute

TraceBash CTF 2026 Crypto Writeup: 4 Challenges Solved

TraceBash CTF 2026 is a Jeopardy-style CTF with a clean, well-curated challenge set. The crypto track has four challenges, three at 100 points and one at 440 points. This writeup covers all four step-by-step. Each challenge is a different shape of cryptographic mistake. state-desync hides a 16-bit-seed stream cipher behind a noisy update function. broken-trust-protocol is a textbook Diffie-Hellman implementation that forgets to validate the peer public value. harmonic-cipher hides an 8-byte XOR key inside an audio file. quantum-echo ships two RSA-1024 public keys that share a 512-bit prime, where a single gcd factors both moduli in milliseconds. None of them requires sage, lattice work, or anything more exotic than a careful read and a small Python brute. All four exist in production code somewhere in the wild. ...

June 27, 2026 · 19 min · 3971 words · CyberSecurity Elite Team
Anti-Slop CTF 2026 crypto writeup — Polynomial Drift CVP-based ECDSA recovery and Sealed Signal CBC-MAC splice

Anti-Slop CTF 2026 Crypto Writeup: Polynomial Drift + Sealed Signal

Fourth post in the Anti-Slop CTF 2026 series. The web writeup covered HTTP parsers. The reverse writeup covered a quadratic ECDSA nonce and a SHA-256 length extension. The pwn writeup covered a Bellcore CRT fault, a leak-then-overwrite, and a five-stage GCM forge chain. This one walks the two crypto challenges in the same step-by-step format. ...

June 22, 2026 · 22 min · 4527 words · CyberSecurity Elite Team
GPN CTF 2026 writeup — 19 challenges solved across reverse, crypto, web, pwn, and misc

GPN CTF 2026 Writeup: All 19 Challenges Solved

Platform GPN CTF 2026 (kitctf) Difficulty Mixed (Easy → Hard) OS Jeopardy — Reverse, Crypto, Web, Pwn, Misc Tags AVX2 lane-swap miscompilation discovery + Kannan-embedding SIS lattice attack, NTRU mod-q reduction bug (c mod p == m), ECDSA nonce reuse from MD5(uuid3) collisions via fastcoll, eBPF signed-comparison verifier bypass with patched bzImage, JVM AOT cache override of bytecode, PHP 7.4 PHAR deserialization across two TCP races, Pydantic ForwardRef eval in create_model, CSS attribute-selector cookie exfiltration through Link: rel=stylesheet, holpy proof-checker thm re-axiomatization, knitout front/back-bed bitmap, ternary amplitude-modulated UART, Hamiltonian path on 250-node FSM extracted from jump tables, RFC 5424 syslog stream demux, Rust setuid TOCTOU symlink swap GPN CTF 2026 is the Gulaschprogrammiernacht CTF hosted annually by KITCTF at the GPN hacker camp in Karlsruhe, Germany. The 2026 edition runs a Jeopardy board across reverse engineering, crypto, web, pwn, and misc, with a sharp lean toward low-level systems bugs — a missing mod q in an NTRU implementation, a 4-way AVX2 lane-swap in a gcc -O3 -mavx2 build, a deleted BPF_ADJ_END_FROM_* check in a custom kernel, a JVM AOT cache that silently overrides a JAR method. The flavour throughout is kitchen — recipes, ovens, pots — and the flags universally read like Bavarian beer-tent slogans. ...

June 7, 2026 · 32 min · 6647 words · CyberSecurity Elite Team
BhAcKAri CTF 2026 writeup — all 8 challenges across web, misc, crypto, and reverse engineering

BhAcKAri CTF 2026 Writeup: All 8 Challenges Solved

Platform BhAcKAri CTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy — Web, Misc, Crypto, Reverse (Italian event) Tags JavaScript deobfuscation + AES-256-CBC cookie C2 + sed shell-glob bypass, lighttpd HTTP CONNECT tunneling past url.access-deny, patched d8 V8 sandbox eval escape via shop-trusted credits, seed-keyed LSB steganography with shuffle order, Minecraft 1.21.10 .mcfunction Vigenère with floor-mod, Coppersmith partial-prime small-roots via Howgrave-Graham lattice, deterministic Python C-extension stage chain with SHA-256/CRC32 key derivation, manual Windows PE loader with 4-byte patches into 7-Zip's GetHandlerProperty2 BhAcKAri CTF 2026 is an Italian-themed jeopardy event whose infrastructure lives on the .it TLD (challs.ctf.bhackari.it) and whose challenges drip with Venetian flavour — the name itself is a play on bacari, the small wine-and-cicchetti taverns of Venice. The 2026 edition runs eight challenges across four categories (Web, Misc, Crypto, Reverse) and rewards careful reading of source code, binary disassembly, and protocol logs in roughly equal measure. ...

June 2, 2026 · 31 min · 6449 words · CyberSecurity Elite Team
HASBLCTF 2026 crypto writeup — all 6 challenges (baby-counting-fingers, baby-learns-obfuscation, baby-learns-walking, script-kiddie, head-team, VIC)

HASBLCTF 2026 Crypto Writeup: All 6 Challenges Solved

Platform HASBL CTF 2026 Difficulty Mixed (Easy → Medium) OS Jeopardy — Crypto (Python + C) Tags Modular multiplicative bijections, modular-inverse tables, permutation reversal, debug-print leakage exploitation, Galois LFSR + htonl endianness pitfalls, classic VIC cipher (straddling checkerboard + chain-addition keystream + special-character word substitution) HASBL CTF 2026 is a multi-category jeopardy event with Reverse Engineering, Pwn, Web, and Forensics tracks. This writeup is dedicated to the Crypto track — the six crypto challenges (baby-counting-fingers, baby-learns-obfuscation, baby-learns-walking, script-kiddie, head-team, VIC) were all solved, and each one teaches a different applied-cryptography primitive: modular multiplicative bijections on Z_n, two-layer permutation-plus-multiplication ciphers, position-salted chained byte operations, debug-print leakage of an otherwise elaborate matrix cipher, dual Galois LFSRs ruined by an htonl endianness asymmetry, and a faithful textbook implementation of the Soviet VIC hand-cipher with straddling checkerboard and chain-addition keystream. ...

June 1, 2026 · 20 min · 4159 words · CyberSecurity Elite Team
THEM?! CTF 2026 writeup — all 7 challenges across reverse engineering and cryptography

THEM?! CTF 2026 Writeup: 7 Solved Challenges

Platform THEM?! CTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy (Reverse, Crypto) Tags CHIP-8 emulation, x86-64 PE reverse engineering, Unicorn dynamic emulation, FNV-1a hash recovery, custom bytecode VMs, control-flow flattening, DES weak-key parity, XOR-chain cryptanalysis, modular arithmetic over 10^155 THEM?! CTF 2026 is a large jeopardy event with 85 total challenges across the usual categories. This writeup covers the seven challenges I personally solved, all from the reverse-engineering and cryptography tracks — every one demanded a real RE or cryptanalytic technique end-to-end. The reverse picks range from a CHIP-8 ROM that paints its flag onto a 64×32 screen across ~2⁴⁰ encoder steps per round, to a Windows binary whose VM mutates its own register state during dispatch. The crypto picks are the same shape — three challenges that look obscure on the surface and reduce to a clean number-theory or XOR-algebra invariant once you read carefully. ...

June 1, 2026 · 16 min · 3240 words · CyberSecurity Elite Team
BYUCTF 2026 writeup — all 15 challenges across crypto, forensics, reverse and web

BYUCTF 2026 Writeup: All 15 Challenges

Platform BYUCTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy (Crypto, Forensics, Reverse, Web) Tags Coppersmith small-roots, multi-prime RSA, Euler totient tower reduction, YARA constraint solving, NTP/ICMP/HTTP pcap forensics, Go reverse engineering, Python prototype pollution, CSP bypass BYUCTF 2026 is Brigham Young University’s annual capture-the-flag, hosted on the Cyber Jousting infrastructure (chals.cyberjousting.com). The 2026 edition runs fifteen challenges across four classic jeopardy categories — Crypto, Forensics, Reverse, and Web — with a heavy Portal-flavoured forensics arc starring GLaDOS, Wheatley, and the cake-is-a-lie ICMP/NTP/HTTP capture. ...

May 30, 2026 · 17 min · 3582 words · CyberSecurity Elite Team
Hackastra CTF 2026 writeup — all 15 challenges across reverse, web, crypto, misc and forensics

Hackastra CTF 2026 Writeup: All 15 Challenges

Platform Hackastra CTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy (Web, Crypto, Reverse, Misc, Forensics) Tags JWT, RS256/HS256 confusion, DSA known-nonce, Coppersmith, Feistel inversion, ARM64/x86_64 RE, WASM RE, AWS Cognito, blind SQLi, XSS, LSB stego Hackastra CTF 2026 ran as a jeopardy-style competition on CTFtime (event #3270) with fifteen challenges spanning reverse engineering, web exploitation, cryptography, forensics, and miscellaneous infrastructure bugs. The event’s name plays on the Sanskrit word अस्त्र (astra, meaning “weapon” or “missile”), and the challenges live up to it — every flag in this set rewards a specific, named technique rather than rote tooling. ...

May 30, 2026 · 19 min · 3856 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap