BroncoCTF 2026 beginner + forensics + misc writeup — six challenges solved covering an A/H binary-encoded file that decodes to more laughter, a silent nc service with a 76-byte buffer and a one-byte overflow into an adjacent gate variable, an OSINT photo of The Coffee Mill in Oakland with the pizza shop found via odd/even street numbering, a Krita resource bundle whose brush preset PNG carries a zTXt chunk with a kis_text_brush element hiding the flag, two files with a one-line insertion that misaligns a naive diff and hides the payload among case-flip decoys, and a 1251-layer archive stack cycling gzip / tar / bzip2 / 7z / zip whose per-layer 7z password is leaked by content-only encryption keeping filenames in the plaintext header

BroncoCTF 2026 Beginner + Forensics + Misc Writeup: 6 Solved

BroncoCTF 2026 (bronco flag prefix, hosted by Cal Poly Pomona’s Cyber Security Club) rounds out its harder pwn/reverse/web/crypto tracks with three softer categories designed to teach one habit each. Beginner (three challenges) drills on the first-thirty-seconds reflexes: run file(1) before trusting the extension, notice when a file uses exactly two distinct symbols, sweep payload size against a silent nc service until you find the step function. Forensics (one challenge) walks a five-layer format staircase (Krita .bundle → .kpp (PNG) → zTXt chunk → zlib → XML → CDATA-wrapped XML → attribute) where every layer is a well-known standard on its own; the difficulty is only recognising they’re stacked. Misc (two challenges) hides its payload behind a decoy: Spot The Difference uses a one-line insertion to misalign a naive line-by-line diff and case-flips as a Baconian red herring, while Zip, Zip, Hooray! wraps a flag in 1,251 recursive compression layers whose per-layer 7z password is given away by content-only encryption leaving filenames in the plaintext header. ...

July 16, 2026 · 26 min · 5482 words · CyberSecurity Elite Team
Junior.Crypt 2026 forensic + misc + OSINT writeup — eight challenges solved covering a WinZip-AES phishing corpus filtered by the Portuguese Fatura Emitida subject template, a Cyrillic acrostic ГИТЛОГ hint pointing at git log first-byte SHA-1 abbreviations, MIDI pitch-wheel +2304/-2304 pair steganography over a Tokyo Ghoul theme, SVG glyph paths referenced only through clip-path so they never reach the raster, DOCX customXml/item1.xml carrying a fake revisionLog whose per-step inserted chunks replay the flag, model.pkl calling payload.install_supply_chain_probe with a LedgerModel.infer backdoor triggered by a four-word history hash, Grodno fire watchtower mural identification, and Belarusian Higher League broadcast clock reading

Junior.Crypt 2026 Forensic + Misc + OSINT Writeup: 8 Solved

Junior.Crypt 2026 (grodno flag prefix) rounded out its web, crypto, pwn, and reverse tracks with three softer categories that are still surprisingly rich: forensic (two challenges), misc (four), and OSINT (two). None of them require heavy tooling: every solve in this writeup is either a stdlib Python script, a browser render of an extracted SVG fragment, an unzip -l size disparity, or a bilingual Yandex reverse-image query. What the eight challenges do share is a pattern-recognition discipline that a defender’s eye can be trained on: password-protected malware zips (Infected password → live samples), first-byte-of-SHA-1 covert channels in git log, pitch-wheel event pairs as a MIDI bit channel, clip-path references that consume glyph geometry without painting it, customXml/item1.xml outweighing document.xml in a near-empty DOCX, .pyc shipped next to a .pkl that hands the loader RCE, and OSINT chains that lean on Russian-language search over English for post-Soviet targets. ...

July 15, 2026 · 33 min · 6986 words · CyberSecurity Elite Team
TraceBash CTF 2026 OSINT writeup — geocaching, Plus Codes, NYC DOB open data, and cross-platform handle pivoting

TraceBash CTF 2026 OSINT Writeup: 4 Challenges Solved

Second post in the TraceBash CTF 2026 series on this site. The crypto writeup covered four cryptographic mistakes (small-subgroup DH, shared RSA prime, harmonic-XOR key recovery, 16-bit-seed brute). This one covers the four OSINT challenges in the same step-by-step format. The TraceBash OSINT track is a careful mix of techniques. echo-chamber is about filtering one specific clue out of a noisy forum post. missing-friend chains visual anchors in two photos into a Google Plus Code. permit-pending is the 310-point headline: a single street-scene photo plus the NYC Department of Buildings open-data API. retired-hacker is cross-platform handle pivoting (Komoot → GitHub → Threads → a Romanian tram stop). None of these challenges requires private databases, paid scrapers, or shady tools. All four use public web records, official open-data APIs, or open-source platforms in their normal documented modes. ...

June 27, 2026 · 18 min · 3755 words · CyberSecurity Elite Team
Anti-Slop CTF 2026 OSINT writeup — Observers GitHub artifact-trail pivot and Geoguessr H3-cell client-side crypto

Anti-Slop CTF 2026 OSINT Writeup: Observers Are All You Need + Geoguessr

Seventh and last per-category post in the Anti-Slop CTF 2026 series. The earlier ones cover web, reverse, pwn, crypto, blockchain, and the misc Baby Maths prompt-injection trap. This one walks the two OSINT challenges in the same step-by-step format. Observers Are All You Need is the GitHub-pivot variant of OSINT: read a cryptic prompt, identify the right project to pivot to, then walk the project’s public artifact trail (profile, issues, PRs) to assemble the flag in three fragments. Geoguessr is the cooler hybrid: ten panoramas look like a pure geolocation puzzle, but the web client uses each location as a key derivation input for Shamir-shared decryption, and you only need 9 of 10 locations to recover the flag. Once the verification crypto is understood, you don’t need pixel-perfect coordinates. You need the correct H3 resolution-8 cell. ...

June 24, 2026 · 17 min · 3473 words · CyberSecurity Elite Team
THCON 2026 RULES / INFO PAGE writeup — CTF challenge breakdown

THCON 2026 Rules: Flag Hidden on the CTF Platform's Own /info Page

Platform THCON 2026 (Toulouse Hacking Convention) Difficulty Easy OS OSINT Tags Reading prompts literally, CTF platform recon Most “find the hidden flag on a webpage” challenges teach you to look harder. This one teaches the opposite — that the most-obvious destination in the prompt is a decoy, and the answer is whatever a literal reading of the wording actually points at. The trick is recognising the misdirection before sinking thirty minutes into the wrong target. ...

May 16, 2026 · 3 min · 593 words · CyberSecurity Elite Team
THCON 2026 SOCIALS writeup — CTF challenge breakdown

THCON 2026 Socials: Half-Flag Each on LinkedIn and X

Platform THCON 2026 (Toulouse Hacking Convention) Difficulty Easy OS OSINT Tags Social media OSINT, leetspeak THCON’s Socials is the kind of warm-up OSINT challenge that’s not about tooling — it’s about reading the prompt twice and noticing the CTF authors have done something cute with their social media presence. The flag is split between two posts on two platforms, with each post hiding the other half behind an ellipsis. Visit both, stitch the halves, done. ...

May 16, 2026 · 3 min · 447 words · CyberSecurity Elite Team
OSINT investigation techniques for beginners

OSINT Investigation Techniques for Beginners

OSINT — open-source intelligence — is the systematic collection of public data to answer a specific question. Done well, it’s the single highest-leverage skill in incident response, threat intel, due diligence, and bug bounty recon. Done poorly, it’s hours of dead Google links. ...

April 29, 2026 · 4 min · 710 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap