LYKNCTF 2026 forensics writeup — four challenges solved covering PNG metadata XOR, red-channel LSB stego, JPEG-as-PNG ZIP append, and TRON USDT OFAC chain trace

LYKNCTF 2026 Forensics Writeup: 4 Challenges Solved

LYKNCTF 2026’s forensics track is small but well-shaped: four challenges that cover the whole spectrum of file-format triage, from PNG chunk parsing and repeating-key XOR through steganographic LSB extraction and polyglot ZIP appending to a real on-chain USDT trace on TRON that ends at an OFAC-sanctioned wallet before landing in a Bitget hot wallet. Each challenge deliberately ships a decoy layer (an EXIF cover story, an IEND trailer with a fake “password hint,” a .png extension that lies about the container format, a suggestive first hop) that looks like the answer if you stop reading too early. ...

July 11, 2026 · 22 min · 4503 words · CyberSecurity Elite Team
TraceBash CTF 2026 OSINT writeup — geocaching, Plus Codes, NYC DOB open data, and cross-platform handle pivoting

TraceBash CTF 2026 OSINT Writeup: 4 Challenges Solved

Second post in the TraceBash CTF 2026 series on this site. The crypto writeup covered four cryptographic mistakes (small-subgroup DH, shared RSA prime, harmonic-XOR key recovery, 16-bit-seed brute). This one covers the four OSINT challenges in the same step-by-step format. The TraceBash OSINT track is a careful mix of techniques. echo-chamber is about filtering one specific clue out of a noisy forum post. missing-friend chains visual anchors in two photos into a Google Plus Code. permit-pending is the 310-point headline: a single street-scene photo plus the NYC Department of Buildings open-data API. retired-hacker is cross-platform handle pivoting (Komoot → GitHub → Threads → a Romanian tram stop). None of these challenges requires private databases, paid scrapers, or shady tools. All four use public web records, official open-data APIs, or open-source platforms in their normal documented modes. ...

June 27, 2026 · 18 min · 3755 words · CyberSecurity Elite Team
HASBLCTF 2026 forensics writeup — all 5 challenges (Quick Response, Logo, Digits, Pamuk, Magic Numbers)

HASBLCTF 2026 Forensics Writeup: All 5 Challenges Solved

Platform HASBL CTF 2026 Difficulty Mixed (Easy → Medium) OS Jeopardy — Forensics (Linux toolchain) Tags QR-code decoding with Reed-Solomon tolerance, JPEG metadata extraction (EXIF, COM, XMP), base64/base32 encoding fingerprints, bit-stream-to-JPEG reconstruction, magic-byte surgical repair, file-header recognition HASBL CTF 2026 is a multi-category jeopardy event with Reverse Engineering, Pwn, Web, and Forensics tracks. This writeup is dedicated to the Forensics track — the five forensics challenges (Quick Response, Logo, Digits, our sweet cat, Pamuk, and The Magic of "Magic Numbers") were all solved, and each one teaches a different file-forensics primitive: QR-code decoding despite a visual overlay, JPEG metadata extraction across EXIF and COM segments, bit-stream-to-JPEG byte reconstruction, base64-wrapped JPEG with hex content, and surgical magic-byte repair plus XMP metadata walking. ...

June 1, 2026 · 17 min · 3527 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap