Love At First Breach CTF 2026
A beginner friendly, live red-teaming CTF designed to help you fall in love with breaking things... safely.
View event on TryHackMe//Rooms
Valenfind
MediumStep-by-step Valenfind TryHackMe writeup from Love At First Breach CTF 2026: LFI path traversal, Flask app source leak, and admin API key leading to the flag.
→Hidden Deep Into my Heart
EasyHidden Deep Into my Heart TryHackMe writeup — Love At First Breach 2026: robots.txt disclosure, directory fuzzing, and default credentials to Cupid's secret vault flag.
→Signed Messages
MediumSigned Messages TryHackMe writeup — Love At First Breach 2026: LoveNote deterministic RSA, /debug key leak, and PSS signature forgery to capture the flag.
→Corp Website
MediumCorp Website TryHackMe writeup — Love At First Breach 2026: CVE-2025-55182 React2Shell unauthenticated RCE, Dockerfile leak, and sudo python3 privilege escalation.
→CupidBot
EasyCupidBot TryHackMe writeup — Love At First Breach 2026: prompt injection, system prompt leakage, and role impersonation to capture all three flags.
→TryHeartMe
EasyTryHeartMe TryHackMe writeup — Love At First Breach 2026: JWT decode, role tampering without re-signing, and access to hidden ValenFlag for the flag.
→Speed Chatting
EasySpeed Chatting TryHackMe writeup — Love At First Breach 2026: profile picture upload, Python reverse shell, and root RCE to capture the flag.
→Cupid's Matchmaker
EasyCupid's Matchmaker TryHackMe writeup — Love At First Breach 2026: stored XSS in survey, admin bot review, and exfiltration of /flag to capture the flag.
→Love Letter Locker
EasyLove Letter Locker TryHackMe writeup — Love At First Breach 2026: predictable letter IDs and missing ownership check leading to IDOR and flag.
→When Hearts Collide
MediumWhen Hearts Collide TryHackMe writeup — Love At First Breach 2026: MD5 match logic flaw, generic collision with fastcoll, and flag from duplicate-hash match.
→