Bread & Yolk (BAY) is a cybersecurity research group founded in 2022 in Jakarta, Indonesia. We combine business innovation with community-driven research, education, and collaboration to advance the security field.
Our work is divided into two main service areas:
- Blue Anvil — delivering DFIR exercise, tabletop exercises, and cyber drills to help organizations assess and strengthen their resilience.
- Hacksmiths — providing high-quality Capture The Flag (CTF) challenges and event support for learning, training, and competition.
Beyond services, BAY actively contributes to the global security community through:
- Presentations at international conferences such as Black Hat.
- Development of DFIR tools and malware simulation projects for defensive testing.
- Publishing educational articles and research on Medium.
BAY exists to support and empower the cybersecurity community. We are driven not by profit, but by purpose — fostering collaboration, education, and innovation in an ever-evolving threat landscape.
Plaguards is a powerful security tool that automates deobfuscation of obfuscated PowerShell scripts, helping teams quickly identify Indicators of Compromise (IOCs) and distinguish valid threats from false positives. Each analysis produces a detailed PDF report with actionable insights.
As a web app, Plaguards enables flexible, on-demand analysis from anywhere, making it invaluable for blue teams handling complex malware. It supports DFIR by improving investigation scope and attribution, efficiently processing large volumes of data to reveal malware TTPs and guide analysts to key artifacts—speeding up root cause analysis.
For SOC teams, Plaguards reduces response time to critical alerts by quickly deobfuscating suspicious scripts, allowing faster investigation and enriched alert reports with IOC lookups, helping meet tight SLA requirements.
| Schedule | Details |
|---|---|
 |
 |
 |
 |
JARY is a runtime for creating .jary rules to search and correlate log data from external sources. It allows users to define structured rules that filter, match, and analyze log entries to support data analysis and automation. The JARY runtime is a lightweight library written in C that can be dynamically linked with other programs. It provides functions to compile JARY rules, feed data into the runtime, and execute the rules, all accessible from a single library through function calls. The .jary rule syntax is derived from the YARA language developed by VirusTotal.
| Schedule | Details |
|---|---|
 |
 |
Kegembok is a Ransomware tools, a cross-platform (Linux, Mac, and Windows) ransomware made from the Golang programming language, encryption using AES-256-GCM, in this program you can use your own key. This program is for educational purposes only and helpful for simulation like tabletop or ransomware test.
HolmesGeo is an open-source Python tool designed for extracting and analyzing IP addresses from various data sources. It supports input from Apache log files, CSV files, and standard input, and provides geographic and network information for each IP address. The tool can generate reports in CSV and Excel formats, making it useful for tasks such as geolocation analysis and network diagnostics. HolmesGeo is modular and can be extended to support additional data sources and formats.
Sigurd is a research-focused artifact used for digital forensics, incident response training, and CTF challenges. It exhibits advanced threat behaviors, including remote command execution, file encryption, data exfiltration, Windows persistence, and stealth techniques. Its first public sample on VirusTotal provides a historical reference for analysts.
The CTF lab at Cyberyolk is designed with national standards in mind. Each challenge in the lab is crafted by experienced problem creators, ensuring engaging and relevant challenges in today’s cybersecurity landscape.
This CTF follows a Jeopardy theme, featuring a variety of categories including Binary Exploitation, Cryptography, Computer Forensics, OSINT, Reverse Engineering, and Web Exploitation. With this theme and range of categories, participants have the opportunity to sharpen diverse technical skills in cybersecurity.
In addition to the exciting competition experience, Cyberyolk also offers attractive incentives for participants. Prizes will be awarded to those who secure positions 1, 2, and 3 as an added motivation to strive harder. Winners will also receive an e-certificate as a prestigious acknowledgment they can add to their portfolio.
| The Creator | CBY Mascot |
|---|---|
 |
 |
| Appreciation Post for All the Challenge Author | Lab & Competition Poster |
|---|---|
 |
 |
| Banner | Scoreboard for Top 10 Users |
|---|---|
 |
 |
| Dashboard | Challs Page |
|---|---|
 |
 |
| Awarding Announcement for the Winner | Cyberyolk Broadcast at BINUS News |
|---|---|
 |
 |
| Article Name | Channel | Link to Article |
|---|---|---|
Detection of Audio Attacks (Deepfake) Using Time-Based and Cepstral Domain Features with Stacking Classifier |
IEEE | LINK |
