Archive

2026 ⁷

February ⁷

Dynamic Secret

February 28, 2026 · 2 min · giordii

HTTP Inputs

February 28, 2026 · 2 min · giordii

Math Solver

February 28, 2026 · 3 min · giordii

RevMe

February 28, 2026 · 2 min · giordii

Secure Admin Panel — Stack Canary Leak + ret2win

February 28, 2026 · 3 min · giordii

SQLi Cards — Union Injection into SQLite

February 28, 2026 · 2 min · giordii

XSS Escape — Breaking Out of a Script String Context

February 28, 2026 · 2 min · giordii

2025 ¹¹

March ³

Baity5 — Binary Exploitation

March 1, 2025 · 2 min · giordii

Bash Filter Bypass via Unicode Lookalikes

March 1, 2025 · 3 min · giordii

Segnalazione Cinghiali — Union-Based SQLi in Node/Express

March 1, 2025 · 2 min · giordii

January ⁸

Bank Logic Bypass — Scientific Notation Bypasses Integer Validation

January 1, 2025 · 3 min · giordii

Basic Calculator — Variable Shadowing Bug

January 1, 2025 · 3 min · giordii

Blind SQLi Login — Boolean-Based Character Extraction

January 1, 2025 · 3 min · giordii

Extract HTML Comments

January 1, 2025 · 2 min · giordii

Shell Four ORW — Open-Read-Write Shellcode with Seccomp

January 1, 2025 · 3 min · giordii

Shell One — Minimal Shellcode to Set EAX

January 1, 2025 · 2 min · giordii

Split — ret2win with ROP pop rdi Gadget

January 1, 2025 · 3 min · giordii

Unzip Matryoshka — 3000 Nested Zip Files

January 1, 2025 · 2 min · giordii

2024 ⁵⁵

January ⁵⁵

2048 — Arithmetic Server Bot

January 1, 2024 · 2 min · giordii

A Too Small Reminder — Session ID Enumeration

January 1, 2024 · 2 min · giordii

ASMR — Static XOR Reverse Engineering

January 1, 2024 · 2 min · giordii

Based and Encoded — Multi-Format Encoding Bot

January 1, 2024 · 3 min · giordii

Basic SQLi — Classic OR 1=1 Login Bypass

January 1, 2024 · 1 min · giordii

Byte Flag — Flag Hidden in Raw PNG Bytes

January 1, 2024 · 1 min · giordii

C-Style Login — PHP Type Juggling Array Bypass

January 1, 2024 · 1 min · giordii

Chaos — TCP Payload Reconstruction from PCAP

January 1, 2024 · 2 min · giordii

Click Me — Cookie Integer Forge to Reach Counter Target

January 1, 2024 · 1 min · giordii

Coffee Hash — Z3 Cyclic Hash Constraint Solving

January 1, 2024 · 2 min · giordii

Confuse Me — PHP Magic Hash 0e MD5 Bypass

January 1, 2024 · 1 min · giordii

Cookie Monster — Base64 JSON Cookie Role Elevation

January 1, 2024 · 2 min · giordii

Corrupted Flag — Fix GIF Magic Bytes then Extract Frames

January 1, 2024 · 2 min · giordii

CrackMat — Z3 Per-Character Quadratic Equations

January 1, 2024 · 3 min · giordii

Dashed — Six-Layer Encoding Chain: Morse → Hex → Binary → Base64 → Caesar

January 1, 2024 · 3 min · giordii

Doge Ransom — IBAN Buffer Overflow with Control Byte Injection

January 1, 2024 · 2 min · giordii

Doge Ransom 2 — ROP ret2puts Leak then ADMIN re-login

January 1, 2024 · 3 min · giordii

Emergency Call — ROP Syscall Chain for execve

January 1, 2024 · 2 min · giordii

Flags Shop — Price Parameter Tampering

January 1, 2024 · 1 min · giordii

Formatted — Format String Write with %n

January 1, 2024 · 2 min · giordii

Generatore Poco Casuale — Shellcode Injection via Leaked Stack Address

January 1, 2024 · 2 min · giordii

Guess The Number — Stack Overflow + Integer Overflow

January 1, 2024 · 2 min · giordii

Guess the Number 2 — ROP Chain GOT Overwrite via gets

January 1, 2024 · 2 min · giordii

Headache — Flag in HTTP Response Header

January 1, 2024 · 1 min · giordii

I Got Magic — GIF Polyglot Webshell Upload + RCE

January 1, 2024 · 2 min · giordii

Just a Reminder — Obfuscated JS Secret Key Recovery

January 1, 2024 · 2 min · giordii

Light or Dark — Path Traversal with Dot Obfuscation + Null Byte

January 1, 2024 · 2 min · giordii

Make a Wish — PHP GET Array Type Coercion Bypass

January 1, 2024 · 1 min · giordii

More Private Club — Simple ret2win Buffer Overflow

January 1, 2024 · 1 min · giordii

No Robots Here — Disallowed Path Discovery via robots.txt

January 1, 2024 · 1 min · giordii

No Time — UNION SQL Injection with Keyword Filter Bypass via OFFSET Injection

January 1, 2024 · 2 min · giordii

Password Changer 3000 — Insecure Token via Base64-Encoded Username

January 1, 2024 · 1 min · giordii

Quantum Transport Layer — TLS ALPN Flag via gnutls-cli

January 1, 2024 · 2 min · giordii

readdle — Two-Stage Shellcode via Stub Read Gadget

January 1, 2024 · 2 min · giordii

Rick Roller — Flag Behind a Redirect

January 1, 2024 · 1 min · giordii

Secret Vault — Heap Address Leak + Shellcode via Stack Overflow

January 1, 2024 · 2 min · giordii

Shell’s Revenge — GIF Polyglot PHP Webshell Upload

January 1, 2024 · 2 min · giordii

Shell’s Revenge 2 — GIF Polyglot Webshell via LFI Include

January 1, 2024 · 2 min · giordii

Sito Vuoto — Flag Hidden in Page Source

January 1, 2024 · 1 min · giordii

Sn4ck Sh3nan1gans — UNION SQL Injection via Base64 JSON Cookie

January 1, 2024 · 2 min · giordii

Sniff N Byte — Decode Hardcoded Hex Flag

January 1, 2024 · 1 min · giordii

SSA0x42 — XOR Key Recovery from Known-Plaintext PCAP Headers

January 1, 2024 · 2 min · giordii

Suoni Misteriosi — Morse Audio Decoder

January 1, 2024 · 1 min · giordii

Super Market — Integer Underflow Price Manipulation

January 1, 2024 · 1 min · giordii

Terminator — Canary Leak + Full ret2libc

January 1, 2024 · 3 min · giordii

That’s a Lot of Fs — Flag in Ethernet Destination MAC via Custom EtherType

January 1, 2024 · 2 min · giordii

Time Is Key — Timing Side-Channel Flag Extraction

January 1, 2024 · 2 min · giordii

TIMP — OS Command Injection with IFS and Null Byte Filter Bypass

January 1, 2024 · 2 min · giordii

Truly Random Signature — Predictable Session Token Analysis

January 1, 2024 · 2 min · giordii

Useless — Flag Hidden in PCAPNG via strings

January 1, 2024 · 1 min · giordii

Villa Pisani — DNS Maze DFS via CNAME Records

January 1, 2024 · 3 min · giordii

WordWang — Protocol Format Wrapping

January 1, 2024 · 1 min · giordii

You Complete Me — Binary Search Word Reconstruction

January 1, 2024 · 2 min · giordii

Zipception — 3000 Nested ZIPs

January 1, 2024 · 1 min · giordii

Zipception 2.0 — Nested ZIPs with Password Protection

January 1, 2024 · 2 min · giordii

2026 7

February 7

Dynamic Secret

HTTP Inputs

Math Solver

RevMe

Secure Admin Panel — Stack Canary Leak + ret2win

SQLi Cards — Union Injection into SQLite

XSS Escape — Breaking Out of a Script String Context

2025 11

March 3

Baity5 — Binary Exploitation

Bash Filter Bypass via Unicode Lookalikes

Segnalazione Cinghiali — Union-Based SQLi in Node/Express

January 8

Bank Logic Bypass — Scientific Notation Bypasses Integer Validation

Basic Calculator — Variable Shadowing Bug

Blind SQLi Login — Boolean-Based Character Extraction

Extract HTML Comments

Shell Four ORW — Open-Read-Write Shellcode with Seccomp

Shell One — Minimal Shellcode to Set EAX

Split — ret2win with ROP pop rdi Gadget

Unzip Matryoshka — 3000 Nested Zip Files

2024 55

January 55

2048 — Arithmetic Server Bot

A Too Small Reminder — Session ID Enumeration

ASMR — Static XOR Reverse Engineering

Based and Encoded — Multi-Format Encoding Bot

Basic SQLi — Classic OR 1=1 Login Bypass

Byte Flag — Flag Hidden in Raw PNG Bytes

C-Style Login — PHP Type Juggling Array Bypass

Chaos — TCP Payload Reconstruction from PCAP

Click Me — Cookie Integer Forge to Reach Counter Target

Coffee Hash — Z3 Cyclic Hash Constraint Solving

Confuse Me — PHP Magic Hash 0e MD5 Bypass

Cookie Monster — Base64 JSON Cookie Role Elevation

Corrupted Flag — Fix GIF Magic Bytes then Extract Frames

CrackMat — Z3 Per-Character Quadratic Equations

Dashed — Six-Layer Encoding Chain: Morse → Hex → Binary → Base64 → Caesar

Doge Ransom — IBAN Buffer Overflow with Control Byte Injection

Doge Ransom 2 — ROP ret2puts Leak then ADMIN re-login

Emergency Call — ROP Syscall Chain for execve

Flags Shop — Price Parameter Tampering

Formatted — Format String Write with %n

Generatore Poco Casuale — Shellcode Injection via Leaked Stack Address

Guess The Number — Stack Overflow + Integer Overflow

Guess the Number 2 — ROP Chain GOT Overwrite via gets

Headache — Flag in HTTP Response Header

I Got Magic — GIF Polyglot Webshell Upload + RCE

Just a Reminder — Obfuscated JS Secret Key Recovery

Light or Dark — Path Traversal with Dot Obfuscation + Null Byte

Make a Wish — PHP GET Array Type Coercion Bypass

More Private Club — Simple ret2win Buffer Overflow

No Robots Here — Disallowed Path Discovery via robots.txt

No Time — UNION SQL Injection with Keyword Filter Bypass via OFFSET Injection

Password Changer 3000 — Insecure Token via Base64-Encoded Username

Quantum Transport Layer — TLS ALPN Flag via gnutls-cli

readdle — Two-Stage Shellcode via Stub Read Gadget

Rick Roller — Flag Behind a Redirect

Secret Vault — Heap Address Leak + Shellcode via Stack Overflow

Shell’s Revenge — GIF Polyglot PHP Webshell Upload

Shell’s Revenge 2 — GIF Polyglot Webshell via LFI Include

Sito Vuoto — Flag Hidden in Page Source

Sn4ck Sh3nan1gans — UNION SQL Injection via Base64 JSON Cookie

Sniff N Byte — Decode Hardcoded Hex Flag

SSA0x42 — XOR Key Recovery from Known-Plaintext PCAP Headers

Suoni Misteriosi — Morse Audio Decoder

Super Market — Integer Underflow Price Manipulation

Terminator — Canary Leak + Full ret2libc

That’s a Lot of Fs — Flag in Ethernet Destination MAC via Custom EtherType

Time Is Key — Timing Side-Channel Flag Extraction

TIMP — OS Command Injection with IFS and Null Byte Filter Bypass

Truly Random Signature — Predictable Session Token Analysis

Useless — Flag Hidden in PCAPNG via strings

Villa Pisani — DNS Maze DFS via CNAME Records

WordWang — Protocol Format Wrapping

You Complete Me — Binary Search Word Reconstruction

Zipception — 3000 Nested ZIPs

Zipception 2.0 — Nested ZIPs with Password Protection

2026 ⁷

February ⁷

2025 ¹¹

March ³

January ⁸

2024 ⁵⁵

January ⁵⁵