Posts
Articles and guides of various topics, techniques, and so on in relation to CTF challenges.
Stream Ciphers in CTFs: LFSR, Vigenere, and Keystream Reuse
Three weaknesses break almost every stream cipher in picoCTF: short keys, reused keystreams, linear feedback. Berlekamp-Massey, Kasiski, and two-time-pad XOR with working Python and CTF receipts.
May 4, 2026
Smart Contract CTF: Four Bugs That Already Drained Mainnet
Four bug classes the Solidity compiler can't fix. picoCTF 2026 ships each one as a primitive; mainnet already paid over $500M for the lessons. The map from CTF challenge to attacker calldata to defensive grep.
May 2, 2026
AES for CTF: Read the Ciphertext, Not the Math
AES bugs in picoCTF are mode bugs, not math bugs. Three modes (ECB, CBC, CTR), three visible ciphertext fingerprints, three one-line attacks, three picoCTF receipts.
April 30, 2026
pwntools for CTF: A Foundational Guide from import to Shell
pwntools is four pillars (Tubes, ELF, ROP, gdb) pretending to be one library, plus a utility belt. Six idioms cover 90% of pwn for CTF, with picoCTF receipts (buffer overflow 1, ROPfu, format string 2, PIE TIME) and the GitHub issues that catch every beginner.
April 28, 2026
XSS for CTF: A Ladder from alert(1) to CSP Bypass
Cross-Site Scripting isn't dead, it climbed. A four-rung ladder from reflected to CSP bypass with paste-ready payloads, picoCTF receipts (noted, live-art, secure-email-service, paper-2), and 2024-2026 production CVEs at every rung.
April 27, 2026
Frida and Binary Instrumentation for CTFs: A Beginner's Path
A practical Frida walkthrough anchored in picoCTF's binary-instrumentation ladder, from 2025's strings cheats to 2026's send-to-the-void. Install, hook a Win32 export, fix args at runtime, and bridge to stripped Linux ELFs where ASLR moves the address every run.
April 26, 2026
When strings Won't Cut It: Volatility 3 for CTF Memory Forensics
Five Volatility 3 plugins in the right order solve most CTF memory dumps. A decision tree for CTF players, plus a two-way walkthrough of picoCTF 2025 Bitlocker-2.
April 24, 2026
Heap Exploitation for CTF: From heap Overflow to tcache Poisoning
The four heap exploitation primitives that still work against modern glibc (2.35+), anchored to the picoCTF heap 0-3 series plus Heap Havoc, Pizza Router, tea-cash, and Horsetrack. With pwntools templates and the kill-list of dead techniques.
April 21, 2026
Command Injection for CTF: From Ping Boxes to Blind Exfil
A practical guide to command injection in CTF competitions: shell metacharacters, in-band reads, blind time and out-of-band techniques, filter bypass with IFS and globs, dash vs bash gotchas, and the picoCTF Ping Cmd walkthrough.
April 18, 2026
ROP Beyond ret2libc: The Gadget Ladder for CTF Exploitation
Build a ROP chain without a libc leak. Five techniques (ret2plt, ret2syscall, ret2dlresolve, ret2csu, SROP) plus stack pivots, with pwntools code and CTF receipts.
April 16, 2026
What picoCTF Web Challenges Teach You About Real Bugs in Production
Every picoCTF web challenge maps to a specific mistake that still ships in production. A field guide to the five surfaces those challenges train, with writeups and the real incidents they rhyme with.
April 15, 2026
The Complete picoCTF Beginner's Guide: Learning Path, Tools & Every Category
Everything you need to start picoCTF: recommended category order, essential tools to install, how to approach each challenge type, and beginner-friendly challenges to try first.
April 14, 2026
Hash Cracking for CTF: MD5, SHA-1, SHA-256 and Beyond (picoCTF 2025)
A complete guide to hash cracking for CTF competitions: identifying hash types, using hashcat and John the Ripper, rainbow tables, online lookup tools, and picoCTF 2025 hash challenges with step-by-step solutions.
April 13, 2026
Cookie and JWT Attacks for CTF Web Challenges (picoCTF Guide)
A complete guide to web cookie and JWT attacks for CTF competitions: session hijacking, base64-encoded cookies, Flask signed sessions, JWT alg:none and confusion attacks, and Burp Suite interception - with picoCTF challenge links throughout.
April 13, 2026
Bypassing ASLR and PIE in CTF Binary Exploitation (picoCTF Guide)
A deep-dive guide to bypassing ASLR and PIE in CTF binary exploitation: memory leak techniques, ret2libc, ROP chains, one_gadget, partial overwrites, and real pwntools scripts - with picoCTF challenge links throughout.
April 13, 2026
Using GDB for CTF Reverse Engineering
A practical guide to GDB for CTF competitions: running binaries, setting breakpoints, reading registers, inspecting memory, and tracing through the Bit-O-Asm and GDB baby step challenge series.
April 12, 2026
Wireshark and pcap Analysis for CTF Forensics
A hands-on guide to analyzing network packet captures (pcap files) in CTF competitions using Wireshark and tshark: following TCP streams, finding credentials, extracting files, and applying display filters.
April 12, 2026
Format String Vulnerabilities for CTF Binary Exploitation
A beginner-friendly guide to format string vulnerabilities in CTF binary exploitation: how printf leaks memory, finding the format string offset, writing arbitrary values with %n, and walking through the picoCTF format string series.
April 12, 2026
Beginner's Guide to Netcat for CTFs
A beginner-friendly guide to using netcat (nc) in CTF competitions: connecting to challenge servers, piping payloads, automating with Python pwntools, and reading challenge output.
April 11, 2026
How to Use Ghidra for Reverse Engineering CTF Challenges
A practical guide to using Ghidra for CTF reverse engineering challenges -- importing binaries, reading decompiled C, finding flags in strings, and tracing logic with the Symbol Tree.
April 11, 2026
Linux Command Line Basics for CTF Competitions
The essential Linux commands every CTF beginner needs: file inspection, text searching, permissions, base64 decoding, ssh, and more -- with examples from real picoCTF General Skills challenges.
April 11, 2026
How to Read and Analyze Hex Dumps
Learn to read and analyze hex dumps for CTF challenges -- understanding the xxd format, spotting magic bytes, finding hidden strings, and using hex editors to inspect binary files.
April 11, 2026
Steganography Techniques for CTF Competitions
A systematic guide to solving CTF steganography challenges -- from LSB pixel manipulation to file-within-file extraction, audio spectrograms, metadata analysis, and when to use each technique.
April 11, 2026
Base64, Hex, and Common CTF Encodings Explained
Identify and decode every encoding you will encounter in CTF competitions: Base64, hex, binary, octal, ROT13, URL encoding, Morse code, and more -- with one-liners for each.
April 11, 2026
SQL Injection for CTF: From Authentication Bypass to Data Extraction
A practical guide to SQL injection techniques used in CTF competitions: authentication bypass, UNION-based extraction, blind SQLi, NoSQL injection, and sqlmap automation - with picoCTF challenge links throughout.
April 4, 2026
RSA Attacks for CTF Cryptography
A complete guide to RSA attack techniques that appear in CTF competitions: small public exponent, weak modulus factoring, common modulus, Wiener's attack, and RSA oracle decryption - with picoCTF challenge links throughout.
April 4, 2026
Buffer Overflow and Binary Exploitation for CTF
A practical guide to binary exploitation techniques in CTF competitions: stack buffer overflows, ret2win, format string attacks, heap exploitation, and ASLR/PIE bypass - with picoCTF challenge links for each technique.
April 4, 2026
Networking Tools for CTF Challenges
A hands-on guide to netcat, curl, Wireshark, and nmap for solving picoCTF web exploitation and general skills challenges.
March 28, 2026
Python for CTF: Essential Scripting Techniques
A practical guide to using Python in CTF competitions: automating tasks, handling binary data, decoding encodings, socket connections, and writing exploit scripts.
March 25, 2026
Introduction to Steganography Tools for CTF
A practical guide to the most common steganography tools used in CTF competitions: zsteg, steghide, stegcracker, Stegsolve, Stepic, and binwalk, with installation commands and when to reach for each one.
March 10, 2026
File Upload Exploitation
Complete guide to file upload vulnerabilities, exploitation techniques, bypass methods, web shells, and defensive strategies. Learn through practical picoCTF challenge and real-world scenarios.
December 8, 2025