BroncoCTF 2026 beginner + forensics + misc writeup — six challenges solved covering an A/H binary-encoded file that decodes to more laughter, a silent nc service with a 76-byte buffer and a one-byte overflow into an adjacent gate variable, an OSINT photo of The Coffee Mill in Oakland with the pizza shop found via odd/even street numbering, a Krita resource bundle whose brush preset PNG carries a zTXt chunk with a kis_text_brush element hiding the flag, two files with a one-line insertion that misaligns a naive diff and hides the payload among case-flip decoys, and a 1251-layer archive stack cycling gzip / tar / bzip2 / 7z / zip whose per-layer 7z password is leaked by content-only encryption keeping filenames in the plaintext header

BroncoCTF 2026 Beginner + Forensics + Misc Writeup: 6 Solved

BroncoCTF 2026 (bronco flag prefix, hosted by Cal Poly Pomona’s Cyber Security Club) rounds out its harder pwn/reverse/web/crypto tracks with three softer categories designed to teach one habit each. Beginner (three challenges) drills on the first-thirty-seconds reflexes: run file(1) before trusting the extension, notice when a file uses exactly two distinct symbols, sweep payload size against a silent nc service until you find the step function. Forensics (one challenge) walks a five-layer format staircase (Krita .bundle → .kpp (PNG) → zTXt chunk → zlib → XML → CDATA-wrapped XML → attribute) where every layer is a well-known standard on its own; the difficulty is only recognising they’re stacked. Misc (two challenges) hides its payload behind a decoy: Spot The Difference uses a one-line insertion to misalign a naive line-by-line diff and case-flips as a Baconian red herring, while Zip, Zip, Hooray! wraps a flag in 1,251 recursive compression layers whose per-layer 7z password is given away by content-only encryption leaving filenames in the plaintext header. ...

July 16, 2026 · 26 min · 5482 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap