BroncoCTF 2026 beginner + forensics + misc writeup — six challenges solved covering an A/H binary-encoded file that decodes to more laughter, a silent nc service with a 76-byte buffer and a one-byte overflow into an adjacent gate variable, an OSINT photo of The Coffee Mill in Oakland with the pizza shop found via odd/even street numbering, a Krita resource bundle whose brush preset PNG carries a zTXt chunk with a kis_text_brush element hiding the flag, two files with a one-line insertion that misaligns a naive diff and hides the payload among case-flip decoys, and a 1251-layer archive stack cycling gzip / tar / bzip2 / 7z / zip whose per-layer 7z password is leaked by content-only encryption keeping filenames in the plaintext header

BroncoCTF 2026 Beginner + Forensics + Misc Writeup: 6 Solved

BroncoCTF 2026 (bronco flag prefix, hosted by Cal Poly Pomona’s Cyber Security Club) rounds out its harder pwn/reverse/web/crypto tracks with three softer categories designed to teach one habit each. Beginner (three challenges) drills on the first-thirty-seconds reflexes: run file(1) before trusting the extension, notice when a file uses exactly two distinct symbols, sweep payload size against a silent nc service until you find the step function. Forensics (one challenge) walks a five-layer format staircase (Krita .bundle → .kpp (PNG) → zTXt chunk → zlib → XML → CDATA-wrapped XML → attribute) where every layer is a well-known standard on its own; the difficulty is only recognising they’re stacked. Misc (two challenges) hides its payload behind a decoy: Spot The Difference uses a one-line insertion to misalign a naive line-by-line diff and case-flips as a Baconian red herring, while Zip, Zip, Hooray! wraps a flag in 1,251 recursive compression layers whose per-layer 7z password is given away by content-only encryption leaving filenames in the plaintext header. ...

July 16, 2026 · 26 min · 5482 words · CyberSecurity Elite Team
Junior.Crypt 2026 forensic + misc + OSINT writeup — eight challenges solved covering a WinZip-AES phishing corpus filtered by the Portuguese Fatura Emitida subject template, a Cyrillic acrostic ГИТЛОГ hint pointing at git log first-byte SHA-1 abbreviations, MIDI pitch-wheel +2304/-2304 pair steganography over a Tokyo Ghoul theme, SVG glyph paths referenced only through clip-path so they never reach the raster, DOCX customXml/item1.xml carrying a fake revisionLog whose per-step inserted chunks replay the flag, model.pkl calling payload.install_supply_chain_probe with a LedgerModel.infer backdoor triggered by a four-word history hash, Grodno fire watchtower mural identification, and Belarusian Higher League broadcast clock reading

Junior.Crypt 2026 Forensic + Misc + OSINT Writeup: 8 Solved

Junior.Crypt 2026 (grodno flag prefix) rounded out its web, crypto, pwn, and reverse tracks with three softer categories that are still surprisingly rich: forensic (two challenges), misc (four), and OSINT (two). None of them require heavy tooling: every solve in this writeup is either a stdlib Python script, a browser render of an extracted SVG fragment, an unzip -l size disparity, or a bilingual Yandex reverse-image query. What the eight challenges do share is a pattern-recognition discipline that a defender’s eye can be trained on: password-protected malware zips (Infected password → live samples), first-byte-of-SHA-1 covert channels in git log, pitch-wheel event pairs as a MIDI bit channel, clip-path references that consume glyph geometry without painting it, customXml/item1.xml outweighing document.xml in a near-empty DOCX, .pyc shipped next to a .pkl that hands the loader RCE, and OSINT chains that lean on Russian-language search over English for post-Soviet targets. ...

July 15, 2026 · 33 min · 6986 words · CyberSecurity Elite Team
TJCTF 2026 ALL 21 CHALLENGES SOLVED writeup — CTF challenge breakdown

TJCTF 2026 Writeups: All 21 Challenges Solved

Platform TJCTF 2026 (Thomas Jefferson CTF) Difficulty Easy → Hard OS Mixed: Linux, macOS ARM64, WebAssembly, Network captures Tags JWT crafting, SSRF via URL normalization, Zip Slip, RSA parity oracle, ECDSA timing/Minerva, invalid-curve attacks, Chebyshev matrix exponentiation, ReDoS as side channel, pickle exploitation, PCK parsing, polyglot files, RTP LSB steganography TJCTF 2026 was the kind of multi-day event that rewards breadth — twenty-one challenges spread across web, reverse engineering, cryptography, forensics, and misc, with no single technique cracking more than two boxes. This writeup is the consolidated solve log: one paragraph of prompt + trick + solution per challenge, the actual flag, and the moments worth quoting verbatim. ...

May 17, 2026 · 14 min · 2881 words · CyberSecurity Elite Team
MIDNIGHT SUN 2026 EMPOLS writeup — CTF challenge breakdown

Midnight Sun 2026 empols: Auto-Solving 20 x86-64 ELFs with radare2

Platform Midnight Sun CTF 2026 Quals Difficulty Hard OS Linux x86-64 Tags Templated binary RE, radare2 scripting, automated static analysis empols is the kind of challenge that punishes you for trying to solve binaries by hand. The server hands you twenty fresh, randomly-generated x86-64 ELFs in one session and demands the validating input string for each — and you almost certainly cannot reverse-engineer twenty unique binaries fast enough to fit inside the session timeout. The intended path is to recognise that the binaries are generated from a small set of templates, then write a static-analysis engine that detects the template and extracts the answer from disassembly. ...

May 16, 2026 · 6 min · 1186 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap