LYKNCTF 2026 forensics writeup — four challenges solved covering PNG metadata XOR, red-channel LSB stego, JPEG-as-PNG ZIP append, and TRON USDT OFAC chain trace

LYKNCTF 2026 Forensics Writeup: 4 Challenges Solved

LYKNCTF 2026’s forensics track is small but well-shaped: four challenges that cover the whole spectrum of file-format triage, from PNG chunk parsing and repeating-key XOR through steganographic LSB extraction and polyglot ZIP appending to a real on-chain USDT trace on TRON that ends at an OFAC-sanctioned wallet before landing in a Bitget hot wallet. Each challenge deliberately ships a decoy layer (an EXIF cover story, an IEND trailer with a fake “password hint,” a .png extension that lies about the container format, a suggestive first hop) that looks like the answer if you stop reading too early. ...

July 11, 2026 · 22 min · 4503 words · CyberSecurity Elite Team
BhAcKAri CTF 2026 writeup — all 8 challenges across web, misc, crypto, and reverse engineering

BhAcKAri CTF 2026 Writeup: All 8 Challenges Solved

Platform BhAcKAri CTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy — Web, Misc, Crypto, Reverse (Italian event) Tags JavaScript deobfuscation + AES-256-CBC cookie C2 + sed shell-glob bypass, lighttpd HTTP CONNECT tunneling past url.access-deny, patched d8 V8 sandbox eval escape via shop-trusted credits, seed-keyed LSB steganography with shuffle order, Minecraft 1.21.10 .mcfunction Vigenère with floor-mod, Coppersmith partial-prime small-roots via Howgrave-Graham lattice, deterministic Python C-extension stage chain with SHA-256/CRC32 key derivation, manual Windows PE loader with 4-byte patches into 7-Zip's GetHandlerProperty2 BhAcKAri CTF 2026 is an Italian-themed jeopardy event whose infrastructure lives on the .it TLD (challs.ctf.bhackari.it) and whose challenges drip with Venetian flavour — the name itself is a play on bacari, the small wine-and-cicchetti taverns of Venice. The 2026 edition runs eight challenges across four categories (Web, Misc, Crypto, Reverse) and rewards careful reading of source code, binary disassembly, and protocol logs in roughly equal measure. ...

June 2, 2026 · 31 min · 6449 words · CyberSecurity Elite Team
Hackastra CTF 2026 writeup — all 15 challenges across reverse, web, crypto, misc and forensics

Hackastra CTF 2026 Writeup: All 15 Challenges

Platform Hackastra CTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy (Web, Crypto, Reverse, Misc, Forensics) Tags JWT, RS256/HS256 confusion, DSA known-nonce, Coppersmith, Feistel inversion, ARM64/x86_64 RE, WASM RE, AWS Cognito, blind SQLi, XSS, LSB stego Hackastra CTF 2026 ran as a jeopardy-style competition on CTFtime (event #3270) with fifteen challenges spanning reverse engineering, web exploitation, cryptography, forensics, and miscellaneous infrastructure bugs. The event’s name plays on the Sanskrit word अस्त्र (astra, meaning “weapon” or “missile”), and the challenges live up to it — every flag in this set rewards a specific, named technique rather than rote tooling. ...

May 30, 2026 · 19 min · 3856 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap