Welcome to Bread & Yolk (BAY) — a non-profit, community-driven cybersecurity collective based in Jakarta, Indonesia. Since our founding in 2022, BAY has remained committed to advancing the cybersecurity field through collaborative research, practical education, and service to the community.
As a small and passionate group of practitioners, we specialize in offering select services that include hosting Capture The Flag (CTF) competitions, developing cybersecurity tooling under our Blue Anvil Projects initiative, and publishing in-depth cybersecurity articles on Medium.
Our Jeopardy-style CTF challenges are crafted to provide hands-on learning and real-world problem-solving for both aspiring and seasoned professionals. Simultaneously, our Blue Anvil Projects deliver malware simulation and blue team tooling to help organizations test their detection and defense mechanisms.
As a non-commercial initiative, BAY exists to support the global cybersecurity community, driven not by profit, but by purpose. We are always open to collaboration, education, and exploration in the ever-evolving security landscape.
Serving as a vendor to design and host engaging Jeopardy-style cybersecurity challenges for hands-on skill development.
Developing malware and defensive tools to support cybersecurity research and operations.
Publishing comprehensive cybersecurity articles on Medium to educate and inspire.
Our latest work and ongoing developments
The CTF lab at Cyberyolk is designed with national standards in mind. Each challenge in the lab is crafted by experienced problem creators, ensuring engaging and relevant challenges in today’s cybersecurity landscape.
This CTF follows a Jeopardy theme, featuring a variety of categories including Binary Exploitation, Cryptography, Computer Forensics, OSINT, Reverse Engineering, and Web Exploitation. With this theme and range of categories, participants have the opportunity to sharpen diverse technical skills in cybersecurity.
BAY was outsourced as a challenge vendor for the Telkom University Gemastik Internal Selection 2025, contributing a set of high-quality Capture The Flag (CTF) challenges to support the selection process.
Details coming soon. Currently in progress.
Our latest work and ongoing developments
Plaguards is a powerful security tool that automates deobfuscation of obfuscated PowerShell scripts, helping teams quickly identify Indicators of Compromise (IOCs) and distinguish valid threats from false positives. Each analysis produces a detailed PDF report with actionable insights. As a web app, Plaguards enables flexible, on-demand analysis from anywhere, making it invaluable for blue teams handling complex malware. It supports DFIR by improving investigation scope and attribution, efficiently processing large volumes of data to reveal malware TTPs and guide analysts to key artifacts, speeding up root cause analysis.
JARY is a runtime for creating .jary rules to search and correlate log data from external sources. It allows users to define structured rules that filter, match, and analyze log entries to support data analysis and automation. The JARY runtime is a lightweight library written in C that can be dynamically linked with other programs. It provides functions to compile JARY rules, feed data into the runtime, and execute the rules, all accessible from a single library through function calls. The .jary rule syntax is derived from the YARA language developed by VirusTotal.
Kegembok is a Ransomware tools, a cross-platform (Linux, Mac, and Windows) ransomware made from the Golang programming language, encryption using AES-256-GCM, in this program you can use your own key. This program is for educational purposes only and helpful for simulation like tabletop or ransomware test.
HolmesGeo is an open-source Python tool designed for extracting and analyzing IP addresses from various data sources. It supports input from Apache log files, CSV files, and standard input, and provides geographic and network information for each IP address. The tool can generate reports in CSV and Excel formats, making it useful for tasks such as geolocation analysis and network diagnostics. HolmesGeo is modular and can be extended to support additional data sources and formats.
Details coming soon. Currently in progress.
Insights and thoughts from our team
Presented at ICODSA 2025 and under review by the IEEE team. Details coming soon.
Conquering a challenging 64-bit, PIE-enabled binary from CyberGonCTF by leveraging a hidden format-string option in a debug menu to overwrite the Global Offset Table (GOT). The write-up demonstrates how the attacker leaks both PIE and libc addresses via %p format specifiers, computes their respective base addresses, and uses a crafted fmtstr_payload to replace printf@GOT with system—ultimately gaining remote code execution and capturing the flag.
Walks through a practical, step-by-step approach to exploiting a 64‑bit PIE-enabled binary using a ret2libc attack. It starts by identifying key protections (PIE, NX, full RELRO, no canary), then uses a format-string vulnerability to leak both PIE and libc addresses. With those leaks, the attacker computes the respective base addresses, finds necessary gadgets (like pop rdi and ret), and finally crafts a payload to call system("/bin/sh"), successfully spawning a shell. It’s a clear, hands‑on tutorial for bypassing modern memory protections in binary exploitation.
Founders of BAY Cyber Security
Founder & Blue Anvil Lead
Co-Founder & CTF Engineer Lead
Co-Founder & Content Writer Lead
Graphic Design Artist
2D Artist & Story Writer
Board Members
Reverse Engineering Lead
Web Exploitation Lead
Binary Exploitation Lead
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
Contributor
