Exploit Archive

Ruohao writeup console

Writeups

Reproducible notes for CTF rooms and events: entry points, pivots, exploit chains, and the mistakes worth remembering.

20 writeups

3 platforms

3 events

5 categories

58 tags

Latest Activity

Newest writeups across the archive

Search archive

APT438

NorthSec 2026 / APT438

May 18, 2026

NorthSec Forensics windows dfir incident-response

The Germinator

NorthSec 2026 / The Germinator

May 18, 2026

NorthSec Reverse Engineering rust gdb license

Address Book

NorthSec 2026 / Address Book

May 18, 2026

NorthSec Web xpath xml path-traversal

Drone License

NorthSec 2026 / Drone License

May 18, 2026

NorthSec Web github-actions sqli llm prompt-injection

Hello Sunshine

NorthSec 2026 / Hello Sunshine

May 18, 2026

NorthSec Web mcp pyodide sandbox-escape

Cyber Saguenay CTF

6 write-ups

Forensics

1 entries

Pas un PDF

Cyber Saguenay CTF 2026 / Pas un PDF

Apr 08, 2026

pdf xor file-format

Pwn

1 entries

System

Cyber Saguenay CTF 2026 / System

Apr 08, 2026

ssh linux enumeration temp-files

Reverse Engineering

2 entries

Qui a implemente ca?

Cyber Saguenay CTF 2026 / Qui a implemente ca?

Apr 08, 2026

windows license md5 api

Vault42

Cyber Saguenay CTF 2026 / Vault42

Apr 08, 2026

android apk jni hardcoded-secrets

Web

2 entries

Escartem Gallery

Cyber Saguenay CTF 2026 / Escartem Gallery

Apr 08, 2026

javascript encoding nextjs reverse-engineering

ChefVault: La recette secrete 1

Cyber Saguenay CTF 2026 / ChefVault la recette secrete 1

Apr 08, 2026

php auth oracle credential-disclosure

NorthSec

8 write-ups

Forensics

1 entries

APT438

NorthSec 2026 / APT438

May 18, 2026

windows dfir incident-response

Pwn

1 entries

Sprinklers

NorthSec 2026 / Sprinklers

May 18, 2026

protocol scada auth-bypass

Reverse Engineering

1 entries

The Germinator

NorthSec 2026 / The Germinator

May 18, 2026

rust gdb license

Web

5 entries

Address Book

NorthSec 2026 / Address Book

May 18, 2026

xpath xml path-traversal

Drone License

NorthSec 2026 / Drone License

May 18, 2026

github-actions sqli llm prompt-injection

Hello Sunshine

NorthSec 2026 / Hello Sunshine

May 18, 2026

mcp pyodide sandbox-escape

Pesticide

NorthSec 2026 / Pesticide

May 18, 2026

wasm jwt auth

Save The Trees

NorthSec 2026 / Save The Trees

May 18, 2026

source-disclosure authorization php

TryHackMe

6 write-ups

Linux

1 entries

Wonderland

Feb 07, 2026

Medium

ssh sudo path-injection capabilities privilege-escalation

Web

5 entries

Love at First Breach 2026 - Advanced Track: Task 5

Love at First Breach / Love at First Breach 2026 - Advanced Track: Task 5

Feb 15, 2026

Hard

ssti jwt ssrf python-builtins

Hidden Deep Into My Heart

Love at First Breach / Hidden Deep Into My Heart

Feb 13, 2026

Easy

robots-txt-disclosure credential-disclosure forced-browsing

Valenfind

Love at First Breach / Valenfind

Feb 13, 2026

Medium

lfi

Dogcat

Feb 07, 2026

Medium

lfi rce docker privilege-escalation

Ultratech

Feb 07, 2026

Medium

rce nodejs docker hashes privilege-escalation