picoCTF Solutions: Step-by-Step Writeups
513+ picoCTF solutions spanning 2019 through 2026 and the picoGym Exclusive practice set. Every writeup walks through the exact commands, the reasoning behind each step, and the relevant tools, so you can finish the challenge and actually understand it.
Browse by competition
- picoCTF 202670 writeups
- picoCTF 202541 writeups
- picoCTF 202447 writeups
- picoCTF 202342 writeups
- picoCTF 202265 writeups
- picoCTF 202186 writeups
- picoCTF 2020 Mini-Competition6 writeups
- picoCTF 201986 writeups
- Beginner picoMini 202214 writeups
- picoMini by CMU-Africa13 writeups
- picoMini by redpwn21 writeups
- picoGym Exclusive22 writeups
Technique guides
- Reversing Custom Ciphers for CTF: Breaking Homebrew Encryption
- JavaScript Deobfuscation for CTF: Hook the Sink, Not the Source
- The picoCTF Forensics Roadmap: file, strings, and Everything After
- The picoCTF Web Exploitation Roadmap: Recon to RCE
- The picoCTF Cryptography Roadmap: From Caesar to Elliptic Curves
- The picoCTF Reverse Engineering Roadmap: From Disassembly to Decompiler
- The picoCTF Binary Exploitation Roadmap: Stack to Heap to ROP
- USB and HID PCAP Forensics for CTF: Reconstructing Keystrokes
- SROP and ret2dlresolve: Advanced ROP Without a libc Leak
- Go and Rust Binary Reversing for CTF: Taming the Fat Binary
- CSRF for CTF: Forging Requests and Bypassing Tokens
- GraphQL Exploitation for CTF: From /graphql to the Flag
- Bash Scripting for CTF Automation: Loops, Pipes, and Brute-Force Harnesses
- Image Metadata and EXIF Forensics for CTF
- radare2 and rizin for CTF: A Beginner's Workflow
- Archive and Zip Password Cracking for CTF
- Diffie-Hellman and Discrete Log for CTF: Breaking Weak Key Exchanges
- Audio Steganography and Spectrograms for CTF Forensics
- File Carving and Magic Bytes: Repairing Corrupted Files for CTF
- Use-After-Free for CTF: Dangling Pointers and tcache
- ARM Assembly for CTF: The ARMssembly Series
- Hash Length Extension Attacks for CTF: Forging a MAC Without the Secret
- Insecure Randomness for CTF: Predicting PRNGs and the Mersenne Twister
- Padding Oracle and CBC Bit-Flipping Attacks for CTF
- Authentication Bypass and IDOR for CTF: The Broken Access Control Playbook
- XXE for CTF: XML External Entity Attacks
- NoSQL Injection for CTF: Bypassing Login Without SQL
- Recipe Chain: Decode Multi-Layer CTF Encodings Without CyberChef
- ret2libc for CTF: Leaking libc and Returning to system()
- Web Recon for CTF: robots.txt, Page Source, DevTools, and Hidden Endpoints
- Java Reverse Engineering for CTF: Decompiling JARs and the Vault Door Series
- x86-64 Assembly for CTF: Reading Disassembly From Scratch
- Python Reversing for CTF: Bytecode, Frozen Binaries, and Obfuscated Scripts
- Stack Canary Bypass for CTF: Leak It, Brute It, or Walk Around It
- z3 for CTF: Constraint Solving from Keychecks to Crypto
- Writing x86-64 Shellcode for CTF: From Syscall to Shell
- Android APK Reverse Engineering for CTF: From .apk to Flag
- SSRF for CTF: From localhost Pivots to Cloud Metadata
- Elliptic Curves for CTF: The Discrete Log Is the Whole Game
- Classical Ciphers for CTF: Caesar, Vigenère, and Substitution
- Insecure Deserialization for CTF: Pickle, __reduce__, and RCE
- Git Forensics for CTF: What to Do When git log Returns Nothing
- CTF Disk Forensics: What to Do When Strings Returns Nothing
- Server-Side Template Injection for CTF: Detection, Gadgets, and Filter Bypass
- Python Sandbox Bypass for CTF: The Filter-Breaker Playbook
- LFI for CTF: From /etc/passwd to RCE
- Burp Suite for picoCTF: From Proxy Setup to Repeater Tricks
- Linux Privilege Escalation for CTF
- angr from First Principles: A picoCTF Tutorial for Beginners Tired of Magic
- Stream Ciphers in CTFs: LFSR, Vigenere, and Keystream Reuse
- Smart Contract CTF: Four Bugs That Already Drained Mainnet
- AES for CTF: Read the Ciphertext, Not the Math
- pwntools for CTF: A Foundational Guide from import to Shell
- XSS for CTF: A Ladder from alert(1) to CSP Bypass
- Frida and Binary Instrumentation for CTFs: A Beginner's Path
- When strings Won't Cut It: Volatility 3 for CTF Memory Forensics
- Heap Exploitation for CTF: From heap Overflow to tcache Poisoning
- Command Injection for CTF: From Ping Boxes to Blind Exfil
- ROP Beyond ret2libc: The Gadget Ladder for CTF Exploitation
- What picoCTF Web Challenges Teach You About Real Bugs in Production
- The Complete picoCTF Beginner's Guide: Learning Path, Tools & Every Category
- Hash Cracking for CTF: MD5, SHA-1, SHA-256 and Beyond (picoCTF 2025)
- Cookie and JWT Attacks for CTF Web Challenges (picoCTF Guide)
- Bypassing ASLR and PIE in CTF Binary Exploitation (picoCTF Guide)
- Using GDB for CTF Reverse Engineering
- Wireshark and pcap Analysis for CTF Forensics
- Format String Vulnerabilities for CTF Binary Exploitation
- Beginner's Guide to Netcat for CTFs
- How to Use Ghidra for Reverse Engineering CTF Challenges
- Linux Command Line Basics for CTF Competitions
- How to Read and Analyze Hex Dumps
- Steganography Techniques for CTF Competitions
- Base64, Hex, and Common CTF Encodings Explained
- SQL Injection for CTF: From Authentication Bypass to Data Extraction
- RSA Attacks for CTF Cryptography
- Buffer Overflow and Binary Exploitation for CTF
- Networking Tools for CTF Challenges
- Python for CTF: Essential Scripting Techniques
- Introduction to Steganography Tools for CTF
- File Upload Exploitation