CryptoCat's Blog
2025 Bug Bounty Writeups
Initializing search
CryptoCat's Blog
Home
CTF Writeups
CTF Writeups
Monthly Challenges
Monthly Challenges
YesWeHack
YesWeHack
11-25: APICrash
10-25: Ghost Whisper
09-25: Chainfection
08-25: Hardware Monitor
07-25: CCTV Manager
06-25: Hex Color Palette
Intigriti
Intigriti
04-25: HackDonalds
08-24: SafeNotes
01-24: Repo Woes
04-23: We Like To Sell Bricks
CryptoCat
CryptoCat
11-25: Mother Printers
10-25: Ultimate Calculator 3000
12-24: Summar-AI-ze
2025
2025
NahamCon (Winter)
NahamCon (Winter)
Misc
Misc
Hacky Christmas
Pwn
Pwn
VulnBank
Snorex 2K CCTV
PwnSec
PwnSec
Rev
Rev
Malayo
K17
K17
Rev
Rev
Secure Exam Browser
Bait and Switch
DefCamp
DefCamp
Pwn
Pwn
Nulle
Imaginary (iCTF)
Imaginary (iCTF)
Rev
Rev
Nimrod
Comparing
Weird App
Stacked
HackTheAgent
HackTheAgent
AI
AI
LLM Hacking (levels 1-5)
WHY
WHY
Web
Web
Shoe Shop
Planets
Buster
Why2025 CTF Time
Why2025 Planner
Fancy Login Form
N0PS
N0PS
Web
Web
Press Me If U Can
NahamCon
NahamCon
Web
Web
SNAD
Infinite Queue
TMCB
Method in the Madness
No Sequel
Advanced Screening
My First CTF
My Second CTF
My Third CTF
The Mission
Tsuku
Tsuku
Web
Web
len_len
Flash
YAMLwaf
CTF@CIT
CTF@CIT
Web
Web
Breaking Authentication
Commit & Order: Version Control Unit
How I Parsed your JSON
Mr. Chatbot
Keeping Up with the Credentials
2024
2024
Intigriti
Intigriti
Warmup
Warmup
BabyFlow
In Plain Sight
IrrORversible
Layers
Rigged Slot Machine 1
Game
Game
Bug Squash 1
Bug Squash 2
Rev
Rev
Secure Bank
Web
Web
Biocorp
Cat Club
Pizza Paradise
SafeNotes 2.0
Misc
Misc
Quick Recovery
Triage Bot 2
Pwn
Pwn
Floormat Sale
Retro2Win
Rigged Slot Machine 2
UAP
Crypto
Crypto
Schrodinger's Pad
Mobile
Mobile
Cold Storage
OSINT
OSINT
No Comment
Trackdown
Trackdown 2
Forensics
Forensics
CTF Mind Tricks
Hoarded Flag
Password Management
CSAW
CSAW
Web
Web
Playing on the Backcourts
Log Me In
Lost Pyramid
BucketWars
CyberSpace
CyberSpace
Web
Web
Feature Unlocked
UIU
UIU
Web
Web
Fare Evasion
Log Action
Wani
Wani
Web
Web
Bad Worker
PoW
One Day One Letter
Akasec
Akasec
Web
Web
Upload
HTB Cyber Apocalypse
HTB Cyber Apocalypse
Web
Web
Flag Command
TimeKORP
KORP Terminal
Labyrinth Linguist
Locktalk
SerialFlow
Testimonial
2023
2023
Intigriti
Intigriti
Gamepwn
Gamepwn
Dark Secrets
Misc
Misc
Triage Bot
OSINT
OSINT
Photographs
Pwn
Pwn
Floormat Store
Web
Web
Bug Report Repo
My Music
Imaginary (iCTF)
Imaginary (iCTF)
Web
Web
Blank
IDORiot
Inspection
Login
Perfect Picture
Roks
Google
Google
Pwn
Pwn
Write-Flag-Where
HTB Cyber Apocalypse
HTB Cyber Apocalypse
AI
AI
Last Hope
Mysterious Learnings
Crypto
Crypto
Perfect Synchronization
Pwn
Pwn
Getting Started
Labyrinth
Pandora's Box
Void
Rev
Rev
Cave System
Hunting License
Needle in a Haystack
Shattered Tablet
She Sells Sea Shells
Sekai
Sekai
Rev
Rev
Azusawa's Gacha World
Amateurs
Amateurs
Web
Web
Sanity
Waiting an Eternity
NahamCon
NahamCon
Web
Web
Hidden Figures
Marmalade 5
Obligatory
Star Wars
Stickers
Angstrom
Angstrom
Pwn
Pwn
Leek
2022
2022
Imaginary (iCTF)
Imaginary (iCTF)
Crypto
Crypto
ASE
Pwn
Pwn
Links 1
Links 2
Links 3
Open Doors
SEETF
SEETF
Pwn
Pwn
4mats
Easy Overflow
Rev
Rev
BabyReeee
Web
Web
Super-Secure-Requests-Forwarder
HTB Cyber Apocalypse
HTB Cyber Apocalypse
Pwn
Pwn
Hellbound
Angstrom
Angstrom
Pwn
Pwn
Really Obnoxious Problem
Wah
Whats My Name
Where Am I
Web
Web
Crumbs
Xtra Salty Sardines
NahamCon
NahamCon
Pwn
Pwn
Baby Steps
Web
Web
Flaskmetal Alchemist
Hacker Ts
Two for One
Pico
Pico
Forensics
Forensics
Side Channel
Pwn
Pwn
Buffer Overflow 1
Buffer Overflow 2
Buffer Overflow 3
Flag Leak
Function Overwrite
ROPfu
RPS
Stack Cache
Wine
X-Sixty-What
Rev
Rev
Wizardlike
Web
Web
Noted
Space Heroes
Space Heroes
Pwn
Pwn
Vader
Web
Web
Flag in Space
Intigriti
Intigriti
Pwn
Pwn
Bird
Cake
Easy Register
Search Engine
Dice
Dice
Pwn
Pwn
Interview Opportunity
2021
2021
Pico
Pico
Pwn
Pwn
Unsubscriptions Are Free
Crusaders of Rust (COR)
Crusaders of Rust (COR)
Crypto
Crypto
Fibinary
Pwn
Pwn
Chainblock
HTB Cyber Santa
HTB Cyber Santa
Crypto
Crypto
Meet Me Halfway
Xmas Spirit
Pwn
Pwn
Minimelfistic
Mr. Snowy
Naughty List
Sleigh
Rev
Rev
Infiltration
Intercept
K3rn3l
K3rn3l
Crypto
Crypto
Badseed
Twizzty Buzzinezz
HTB x Synack RedTeamFive
HTB x Synack RedTeamFive
Misc
Misc
Context
Hotel
Pwn
Pwn
Air Supplies
Injection Shot
Library
Recruitment
Rev
Rev
Knock Knock
Split
KillerQueen
KillerQueen
Pwn
Pwn
A Kind of Magic
Tweety Birb
Zoom2Win
HacktivityCon
HacktivityCon
Pwn
Pwn
Retcheck
The Library
Yabo
Web
Web
Availability
CSAW
CSAW
Pwn
Pwn
Alien Math
Password Checker
Rev
Rev
Checker
HackyHolidays
HackyHolidays
Crypto
Crypto
Cute Invoice
Mineslazer
Forensics
Forensics
Injection Traffic
Power Snacks
Pwn
Pwn
Deleted Flag
Engine Control
Web
Web
Skylark
HTB Cyber Apocalypse
HTB Cyber Apocalypse
Crypto
Crypto
Phasestream
Misc
Misc
Alien Camp
Build Yourself In
Pwn
Pwn
Controller
System Drop
Web
Web
Blitzprop
E-Tree
Wild Goose Hunt
Angstrom
Angstrom
Pwn
Pwn
Sanity Checks
Secure Login
Sticky Stacks
Tranquil
Rev
Rev
Free Flags
Jailbreak
Web
Web
Jar
Bug Bounty
Bug Bounty
10-25: IDOR Leads to Mass PII Exposure in Healthcare App
Vuln Research
Vuln Research
CVE Analysis
CVE Analysis
CVE-2025-31344: giflib Heap-based Buffer Overflow
CVE-2025-24813: Tomcat DefaultServlet Partial PUT
CVE-2025-54376: Hoverfly WebSocket Auth Bypass
Novel Research
2025 Bug Bounty Writeups
10-25: IDOR + Mass PII Exposure in a Healthcare App
Back to top