writeup resources
find ctf writeups by category.
writeups are the best way to learn — see exactly how someone solved a challenge after you've tried it yourself.
search writeups by category
SQL injection, XSS, SSRF, SSTI, IDOR, command injection, deserialization.
RSA attacks, AES mode weaknesses, XOR ciphers, padding oracle, classical ciphers.
Buffer overflow, ROP chains, format string, heap exploitation, ret2libc.
Steganography, PCAP analysis, memory forensics, file carving, metadata.
Crackme, license checks, anti-debug, custom encoding, VM-based challenges.
Geolocation, username search, domain research, social media investigation.
Jail escapes, encoding puzzles, programming challenges, game exploitation.
writeup sources
- CTFtime writeups ↗
The primary writeup aggregator for CTF competitions. Browse by team, event, or use the search to filter by challenge tag (pwn, web, crypto, etc.).
- GitHub CTF writeups topic ↗
Repositories tagged ctf-writeup on GitHub. Many teams publish their full solve scripts alongside explanations.
- picoCTF walkthroughs ↗
picoCTF is the most beginner-friendly CTF and has an enormous library of archived challenges. Searching "picoCTF [challenge name] writeup" usually finds walkthroughs.
when to read a writeup
read writeups after you've spent meaningful time on a challenge — not before. the goal is to understand the gap between your approach and the solution. if you're stuck and not making progress, ask for a hint first. writeups are most valuable when you almost solved it or when you want to see a more elegant approach after getting the flag.