WRITE-UP-HACKDAY-2026

Collection of technical write-ups for the HackDay 2026 CTF.

The goal of this repository is to keep clean, reproducible solutions for each challenge, with a focus on:

• precise exploitation steps,
• clear reverse-engineering / forensic methodology,
• and security takeaways for each vulnerability class.

All write-ups are in Markdown and organized by category.

Repository Structure

WRITE-UP-HACKDAY-2026/
├── forensic/
│   └── Jack_in_with_Chaptain.md
├── reverse/
│   └── Time_Rope.md
├── steganography/
│   └── deep_filter.md
├── web3/
│   └── Administration_Console.md
└── LICENSE

forensic/

• Jack_in_with_Chaptain.md Network / RADIUS forensic challenge. Focus: Wireshark/tshark analysis, RADIUS shared secret recovery, PAP password decryption, reconstruction of legacy VPN credentials and flag format.

reverse/

• Time_Rope.md x86-64 reversing challenge on a small ELF binary. Focus: control-flow reconstruction, analysis of “button” functions, extraction of flag fragments, and SHA-256 computation of the final phrase.

steganography/

• deep_filter.md PNG steganography challenge. Focus: PNG internals, IDAT decoding, filter bytes abuse (per-row filter type used as a covert channel), bit extraction and reconstruction of the hidden flag.

web3/

• Administration_Console.md Smart contract / Web3 security challenge. Focus: Ethereum testnet interaction, truncated Keccak-256 (24-bit) collision attack, misuse of a costETH modifier, abuse of SELFDESTRUCT for forced ETH transfers, and ownership takeover of the admin contract.