SCTF 2026 writeup — TWAP oracle ring-buffer eviction and Groth16 Poseidon-Merkle witness solve

SCTF 2026 Writeup: DeFi TWAP Oracle + Groth16 ZK Witness

Platform SCTF 2026 Difficulty Hard (DeFi + ZK specialty track) OS Jeopardy — Blockchain / DeFi, ZK, Misc Tags reading UniswapV2 fork + EIP-7540 async vault + custom TWAP oracle in Foundry/Anvil, spotting that _consult anchors on observations outside the window, evicting the deploy-time observation by spamming the 8-slot ring buffer, composing a four-puzzle Groth16 claim bundle (Franklin–Reiter cube-root, secp256k1 small-x brute, 40-bit truncated keccak collision, Fermat factoring), generating a Poseidon-Merkle witness with domain-separated tag-1..6 calls in circomlibjs and submitting via snarkjs Groth16 fullprove SCTF 2026 is a specialty Jeopardy-style CTF whose challenge set leans hard into Solidity auditing and zero-knowledge plumbing. The two challenges this writeup covers — Chronostasis and The Last Honest Witness — sit at opposite ends of the same auditor’s toolbox. Chronostasis is a clean DeFi composition bug: three contracts that are each individually reasonable, glued together in a way that lets an attacker draw the LP price on the back of a napkin. The Last Honest Witness is a four-in-one cryptographic decathlon where the actual ZK proof is the easy part — the work is in the four side-puzzles wrapped around it. ...

June 18, 2026 · 24 min · 5108 words · CyberSecurity Elite Team
DalCTF 2026 writeup — 9 challenges solved across Crypto, Reverse, Web, and Android

DalCTF 2026 Writeup: All 9 Challenges Solved

Platform DalCTF 2026 (dalctf2026.com) Difficulty Mixed (Easy → Medium) OS Jeopardy — Crypto, Reverse Engineering, Web, Android Tags RSA modulus with small prime factor recovered by trial division, Bellcore CRT fault attack as the verification path, Playfair decryption against an un-keyed alphabet square, Huffman tree decode with inverted tiebreaker convention, LCG state recovery from one known plaintext byte, IEEE-754 bit-pattern reinterpretation via Quake-style float pointer cast, UPX-packed ELF unpacked into 44 per-byte check functions, Android APK static-string mining across MainActivity + strings.xml + ColorKt, HTML hidden attribute as a flag-hiding sink DalCTF 2026 is the DalCTF Jeopardy event with challenges spread across Crypto, Reverse Engineering, Web, and Android. The 2026 edition leans heavily into classical cryptography mistakes wrapped in misdirection — six of the nine challenges are crypto, and almost every one of them tries to push you toward a harder attack than the one that actually works. The flag format is dalctf{...} (occasionally DalCTF{...}), and the challenge names are explicit hints once you’ve solved them. ...

June 8, 2026 · 22 min · 4613 words · CyberSecurity Elite Team
GPN CTF 2026 writeup — 19 challenges solved across reverse, crypto, web, pwn, and misc

GPN CTF 2026 Writeup: All 19 Challenges Solved

Platform GPN CTF 2026 (kitctf) Difficulty Mixed (Easy → Hard) OS Jeopardy — Reverse, Crypto, Web, Pwn, Misc Tags AVX2 lane-swap miscompilation discovery + Kannan-embedding SIS lattice attack, NTRU mod-q reduction bug (c mod p == m), ECDSA nonce reuse from MD5(uuid3) collisions via fastcoll, eBPF signed-comparison verifier bypass with patched bzImage, JVM AOT cache override of bytecode, PHP 7.4 PHAR deserialization across two TCP races, Pydantic ForwardRef eval in create_model, CSS attribute-selector cookie exfiltration through Link: rel=stylesheet, holpy proof-checker thm re-axiomatization, knitout front/back-bed bitmap, ternary amplitude-modulated UART, Hamiltonian path on 250-node FSM extracted from jump tables, RFC 5424 syslog stream demux, Rust setuid TOCTOU symlink swap GPN CTF 2026 is the Gulaschprogrammiernacht CTF hosted annually by KITCTF at the GPN hacker camp in Karlsruhe, Germany. The 2026 edition runs a Jeopardy board across reverse engineering, crypto, web, pwn, and misc, with a sharp lean toward low-level systems bugs — a missing mod q in an NTRU implementation, a 4-way AVX2 lane-swap in a gcc -O3 -mavx2 build, a deleted BPF_ADJ_END_FROM_* check in a custom kernel, a JVM AOT cache that silently overrides a JAR method. The flavour throughout is kitchen — recipes, ovens, pots — and the flags universally read like Bavarian beer-tent slogans. ...

June 7, 2026 · 32 min · 6647 words · CyberSecurity Elite Team
Incident 67 — BGP sub-prefix hijack of a crypto wallet gateway, network/BGP challenge from SAS CTF 2026 Quals

Incident 67: BGP Sub-Prefix Hijack of a Crypto Wallet (SAS CTF 2026 Quals)

Platform SAS CTF 2026 Quals Difficulty Hard OS Network — Alpine Linux + FRR 10.0 Tags BGP sub-prefix hijack, FRR network-statement RIB origin, vtysh static routes, dnsmasq DNS sinkhole, OpenSSL self-signed certs, Python TLS termination + ALPN, RPKI/ROA defender perspective, IXP filtering Incident 67 from the SAS CTF 2026 Quals was the kind of network challenge that rewards patience. The category badge said “Network / BGP” and the brief read like an Internet routing exam: you’re a fresh hire at a small regional ISP, you’ve SSH’d into your edge router, and somewhere out on the public Internet there’s a crypto wallet gateway you’re not supposed to be able to touch. The router config is already half-built. The story all but tells you what to do. ...

June 4, 2026 · 23 min · 4839 words · CyberSecurity Elite Team
BhAcKAri CTF 2026 writeup — all 8 challenges across web, misc, crypto, and reverse engineering

BhAcKAri CTF 2026 Writeup: All 8 Challenges Solved

Platform BhAcKAri CTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy — Web, Misc, Crypto, Reverse (Italian event) Tags JavaScript deobfuscation + AES-256-CBC cookie C2 + sed shell-glob bypass, lighttpd HTTP CONNECT tunneling past url.access-deny, patched d8 V8 sandbox eval escape via shop-trusted credits, seed-keyed LSB steganography with shuffle order, Minecraft 1.21.10 .mcfunction Vigenère with floor-mod, Coppersmith partial-prime small-roots via Howgrave-Graham lattice, deterministic Python C-extension stage chain with SHA-256/CRC32 key derivation, manual Windows PE loader with 4-byte patches into 7-Zip's GetHandlerProperty2 BhAcKAri CTF 2026 is an Italian-themed jeopardy event whose infrastructure lives on the .it TLD (challs.ctf.bhackari.it) and whose challenges drip with Venetian flavour — the name itself is a play on bacari, the small wine-and-cicchetti taverns of Venice. The 2026 edition runs eight challenges across four categories (Web, Misc, Crypto, Reverse) and rewards careful reading of source code, binary disassembly, and protocol logs in roughly equal measure. ...

June 2, 2026 · 31 min · 6449 words · CyberSecurity Elite Team
HASBLCTF 2026 web writeup — all 5 challenges (T/I Forum, Anatolian Atlas, Arena.exe, Lineup Challenge, DTeam)

HASBLCTF 2026 Web Exploitation: All 5 Challenges Solved

Platform HASBL CTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy — Web (HTTP, nginx, Express, Next.js, Flask) Tags client-side auth bypass via robots.txt + cookie injection, non-iterative path-traversal filter bypass, client-trusted economy / coin spoofing, Next.js sourcemap + header reconnaissance with hint-prune brute force, Jinja2 SSTI in PDF receipts with capped-field escape via Flask SECRET_KEY leak and itsdangerous session forgery HASBL CTF 2026 is a multi-category jeopardy event with Reverse Engineering, Pwn, Web, and Forensics tracks. This writeup is dedicated to the Web Exploitation track — the five web challenges (T/I Forum, Anatolian Atlas, Arena.exe, Lineup Challenge, DTeam) were all solved, and each one teaches a different web-attack primitive: client-side authentication theatre defeated by reading the JavaScript, non-iterative .. traversal filters, client-trusted in-game economies, hint-collection across HTTP headers / sourcemaps / robots.txt, and a two-stage Flask SSTI chain through a PDF-receipt template. ...

June 1, 2026 · 19 min · 4000 words · CyberSecurity Elite Team
HASBLCTF 2026 crypto writeup — all 6 challenges (baby-counting-fingers, baby-learns-obfuscation, baby-learns-walking, script-kiddie, head-team, VIC)

HASBLCTF 2026 Crypto Writeup: All 6 Challenges Solved

Platform HASBL CTF 2026 Difficulty Mixed (Easy → Medium) OS Jeopardy — Crypto (Python + C) Tags Modular multiplicative bijections, modular-inverse tables, permutation reversal, debug-print leakage exploitation, Galois LFSR + htonl endianness pitfalls, classic VIC cipher (straddling checkerboard + chain-addition keystream + special-character word substitution) HASBL CTF 2026 is a multi-category jeopardy event with Reverse Engineering, Pwn, Web, and Forensics tracks. This writeup is dedicated to the Crypto track — the six crypto challenges (baby-counting-fingers, baby-learns-obfuscation, baby-learns-walking, script-kiddie, head-team, VIC) were all solved, and each one teaches a different applied-cryptography primitive: modular multiplicative bijections on Z_n, two-layer permutation-plus-multiplication ciphers, position-salted chained byte operations, debug-print leakage of an otherwise elaborate matrix cipher, dual Galois LFSRs ruined by an htonl endianness asymmetry, and a faithful textbook implementation of the Soviet VIC hand-cipher with straddling checkerboard and chain-addition keystream. ...

June 1, 2026 · 20 min · 4159 words · CyberSecurity Elite Team
HASBLCTF 2026 forensics writeup — all 5 challenges (Quick Response, Logo, Digits, Pamuk, Magic Numbers)

HASBLCTF 2026 Forensics Writeup: All 5 Challenges Solved

Platform HASBL CTF 2026 Difficulty Mixed (Easy → Medium) OS Jeopardy — Forensics (Linux toolchain) Tags QR-code decoding with Reed-Solomon tolerance, JPEG metadata extraction (EXIF, COM, XMP), base64/base32 encoding fingerprints, bit-stream-to-JPEG reconstruction, magic-byte surgical repair, file-header recognition HASBL CTF 2026 is a multi-category jeopardy event with Reverse Engineering, Pwn, Web, and Forensics tracks. This writeup is dedicated to the Forensics track — the five forensics challenges (Quick Response, Logo, Digits, our sweet cat, Pamuk, and The Magic of "Magic Numbers") were all solved, and each one teaches a different file-forensics primitive: QR-code decoding despite a visual overlay, JPEG metadata extraction across EXIF and COM segments, bit-stream-to-JPEG byte reconstruction, base64-wrapped JPEG with hex content, and surgical magic-byte repair plus XMP metadata walking. ...

June 1, 2026 · 17 min · 3527 words · CyberSecurity Elite Team
HASBLCTF 2026 pwn writeup — all 5 binary exploitation challenges (baby-bufferoverflow, candy-store, baby-shellcoder, jumper, padawan-pwn)

HASBLCTF 2026 Pwn Writeup: All 5 Challenges Solved

Platform HASBL CTF 2026 Difficulty Mixed (Easy → Medium) OS Jeopardy — Pwn (Linux x86-64) Tags ret2win with movaps stack alignment, int16 signed overflow, mmap RWX shellcode injection, register-controlled jmp into pre-built gadget chain, classic ROP with SysV-ABI argument-register setup, pwntools payload construction, checksec mitigation analysis HASBL CTF 2026 is a multi-category jeopardy event with Reverse Engineering, Pwn, Web, and Forensics tracks. This writeup is dedicated to the Pwn track — the five pwn challenges (baby-bufferoverflow, candy-store, baby-shellcoder, jumper, padawan-pwn) were all solved, and each one teaches a different beginner-to-intermediate binary-exploitation primitive: ret2win with the movaps 16-byte stack-alignment trap, a signed-vs-unsigned integer-width bug exploitable via menu interaction, direct shellcode execution on an mmap’d RWX page, a 7-byte shellcode budget that has to set rdx for a hard-coded jmp rdx into the binary’s own gadget chain, and a full ROP chain that loads three argument registers before calling a flag-printing function. ...

June 1, 2026 · 21 min · 4423 words · CyberSecurity Elite Team
HASBLCTF 2026 reverse engineering writeup — all 4 rev challenges (baby-go, DebugMe, Pr0t0c0l1337, PamukTheCat)

HASBLCTF 2026 Reverse Engineering: All 4 Challenges Solved

Platform HASBL CTF 2026 Difficulty Mixed (Easy → Medium) OS Jeopardy — Reverse Engineering Tags Go binary triage, static-only flag recovery, PE anti-debug bypass (PEB.BeingDebugged, x64dbg process scan, NtCreateThreadEx), custom binary protocol parsing, game-logic reverse engineering HASBL CTF 2026 is a multi-category jeopardy event covering Reverse Engineering, Pwn, Web, and Forensics. This writeup is dedicated to the Reverse Engineering track — the four rev challenges (baby-go, DebugMe, Pr0t0c0l1337, PamukTheCat) were all solved, and each one teaches a different reverse-engineering skill: static-only recognition on a Go binary with debug symbols, anti-debug bypass on a Windows PE, custom binary-protocol parsing on a Linux PIE, and game-logic reverse engineering on a JRPG-shaped crackme. ...

June 1, 2026 · 14 min · 2772 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap