
LYKNCTF 2026 – Migrant Challenge Writeup
“Migrant” is a web challenge that, underneath a harmless-looking account-migration front-end, hides a textbook cryptographic flaw. Users are handed an encrypted migration token that encodes their profile (including their role) and are asked to paste it into a “System V2 Migration” form. The server decrypts the token, restores the profile, and echoes it back. The…

V1t CTF 2026 – StaleMate Challenge Writeup
StaleMate is a userland pwn challenge that ships a single stripped 64-bit ELF binary named pbuf_remap. Rather than exposing a classic stack- or heap-overflow, the binary is a small simulator of the Linux io_uring “provided buffer ring” (pbuf ring) subsystem glued to a hand-rolled virtual-memory engine. It models a tiny “physical” memory pool of 512…

LYKNCTF 2026 – LYKN Corp Challenge Writeup
“LYKN Corp” presents a fictional company’s internal webmail application called LYKN Mail. The application is a classic Flask (Python) web app placed behind an nginx reverse proxy. It exposes a login form, a per-user inbox with typical mail-client features (inbox, sent, drafts, trash, compose, flag/delete actions), and a privileged admin dashboard that displays the flag…

LYKNCTF 2026 – FU Career Challenge Writeup
FU Career is a PHP web challenge that models a small recruitment portal for “FPT Education”. It ships as a Docker container running php:8.2-apache with a MariaDB backend. Candidates can register, log in, request a password reset, upload a CV, and track their application status. An internal HR dashboard, gated behind an admin role, lets…

LYKNCTF 2026 – Follow The Layer Challenge Writeup
“Follow The Layer” is a blockchain forensics challenge that simulates a real-world anti-money-laundering (AML) investigation. Instead of a binary, a packet capture, or a disk image, the only “challenge file” we are handed is a single TRON transaction hash. From that single seed we are expected to reconstruct a laundering chain, follow the money hop…

boro CTF 2026 – Chicken Dinner Challenge Writeup
Chicken Dinner is a classic 64-bit Linux userland exploitation challenge. We are handed a small, menu-driven ELF binary (dinner_party) together with the exact runtime (libc.so.6, ld-linux-x86-64.so.2) and a Dockerfile describing how the service is deployed behind pwn.red/jail. The binary mixes several mitigations that, on their own, are routine but in combination form an interesting puzzle:…

SekaiCTF 2026 – ppp Challenge Writeup
The ppp challenge is a binary exploitation task built around a deliberately unusual trust boundary: instead of exploiting a custom file parser directly, the attacker talks to a real libimobiledevice Apple File Conduit client and behaves as the connected device. The provided service exposes an interactive command shell named afc_list; every command issued by the…


