writeup
Alpaca CTF 2026: Vending Machine
Exploit Python's list.pop(-1) silent fallback: drain an item's stock so find() returns -1, then pop(-1) retrieves the flag character appended at the end of the stock string
#ctf
#misc
#python
+4 writeup
2024 Cyber Apocalypse: Writing on the Wall
Exploit off-by-one vulnerability and strcmp null byte behavior
#htb
#ctf
#pwn
+3