RIFFHACK 2026 writeup — twelve challenges solved across the darknet-marketplace themed Next.js CTF

RIFFHACK 2026 Writeup: 12 Challenges Solved (Web, SSRF, JWT, LFI, Format String)

RIFFHACK 2026 shipped its challenges as a fictional Next.js “exploit kit marketplace,” a darknet storefront themed around offensive tooling. Twelve distinct bugs live inside that codebase: seven core web track challenges (bitflag{...} format), four named cross-event challenges that reuse the same application from different angles, and one Mach-O ARM64 binary exploitation addendum on the escrow terminal (bitctf{{...}} format). Every one of them teaches a different primitive, and the event’s design signature is that the codebase is deliberately salted with flag-shaped strings so that whether a given string is the answer depends on which brief you’re currently reading. ...

July 1, 2026 · 33 min · 6818 words · CyberSecurity Elite Team
Hackastra CTF 2026 writeup — all 15 challenges across reverse, web, crypto, misc and forensics

Hackastra CTF 2026 Writeup: All 15 Challenges

Platform Hackastra CTF 2026 Difficulty Mixed (Easy → Hard) OS Jeopardy (Web, Crypto, Reverse, Misc, Forensics) Tags JWT, RS256/HS256 confusion, DSA known-nonce, Coppersmith, Feistel inversion, ARM64/x86_64 RE, WASM RE, AWS Cognito, blind SQLi, XSS, LSB stego Hackastra CTF 2026 ran as a jeopardy-style competition on CTFtime (event #3270) with fifteen challenges spanning reverse engineering, web exploitation, cryptography, forensics, and miscellaneous infrastructure bugs. The event’s name plays on the Sanskrit word अस्त्र (astra, meaning “weapon” or “missile”), and the challenges live up to it — every flag in this set rewards a specific, named technique rather than rote tooling. ...

May 30, 2026 · 19 min · 3856 words · CyberSecurity Elite Team
SQL Injection guide

SQL Injection: From Detection to Exploitation

SQL injection is twenty-five years old and still in the OWASP Top 10. This guide covers detection, exploitation, automation with sqlmap, and modern defenses — with examples that work on real, modern stacks. Detection: The First Tick The classic single-quote test still works against bad code: ...

April 15, 2026 · 3 min · 562 words · CyberSecurity Elite Team
Educational content for authorized testing only. · Disclaimer · Editorial Policy · Sitemap