MSMolly Sohaneyinmollysohaney.hashnode.dev·5d ago · 3 min readCTF Writeup: Negative Bread | RE | Beginner | BroncoCTF 2026Description Your account starts at $100. The flag costs $1,000,000. Deposits are capped. Withdrawals can't go below zero. No strings attached. We don't even need to guard the vault. This bank is impe00
MSMolly Sohaneyinmollysohaney.hashnode.dev·6d ago · 12 min readCTF Writeup: C++ Unplugged | RE | BroncoCTF 2026Description I can understand getting a song stuck in your head, but when your life revolves around music so much that you start writing code using song titles, there may be a problem. I mean, what do00
MSMolly Sohaneyinmollysohaney.hashnode.dev·6d ago · 4 min readCTF Writeup: Mirror Mirror | RE | BroncoCTF 2026Description I've been told that this magic mirror will only clear when I give it the flag. Can you help me figure out what I should say? We're given: mirror.py Overview This challenge revolves arou00
MSMolly Sohaneyinmollysohaney.hashnode.dev·6d ago · 6 min readCTF Writeup: Cat Simulator | RE | BroncoCTF 2026Description Make the purrfect choices over 5 days to win your owner's heart… and maybe something more? Meow carefully. We're given: cat-sim-mac Overview This challenge is a "cat simulator" CLI game00
YPYogeshwar Peelainexploitnotes.hashnode.dev·Jul 12 · 7 min readBroncoCTF : Atomic Substitution Theory WriteupChallenge We're given secret.txt, a single line of comma-separated tuples wrapped in what looks like braces and underscores: (4, 17), (2, 16), (2, 15), (4, 9), { , (3, 2, 1), (5, 3), _ , (2, 17), ... 11A
YPYogeshwar Peelainexploitnotes.hashnode.dev·Jul 12 · 5 min readBroncoCTF : Negative Bread WriteupChallenge We're given a single ELF binary, bank: $ file bank bank: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, not stripped Runni00
RPRudra Ponksheinblog.realrudrap.dev·Jul 8 · 11 min readI Found the Live C2 Server Controlling Thousands of Infected DevicesIf you've been following along, here's where we are: a spam SMS dropped an APK, the APK was a dropper that XOR-decrypted a multi-DEX container, HMAC-validated it, AES-decrypted it, and loaded the resu20
SDSaikat Dasinblog.saikat.in·Jul 7 · 3 min readHow I Cracked Paasa's Secret Hiring ChallengeI was scrolling the internet doing absolutely nothing productive (classic) when someone dropped a link: challenge.paisa.com. The page said: "We're hiring developers. Find the three words hidden in th30
RPRudra Ponksheinblog.realrudrap.dev·Jun 26 · 16 min readThe Media Player that wasn'tContinuing from the first part of the series, where I left off with the DEX file from r_4dfb.bin, it claimed to be a media player. Spoiler alert, it wasn't, and it never was Cracking the container He30
RPRudra Ponksheinblog.realrudrap.dev·Jun 24 · 15 min readThe Spam SMS that turned into a rabbit hole⚠ WARNING: If you received a SMS claiming your vehicle has an outstanding RTO challan with a link which downloads an .apk file, do not open it. This is an active malware campaign as of June 2026 imper30