Welcome to the Lab
CTF writeups, malware analysis, and digital forensics adventures. Breaking things down, byte by byte.
Recent Writeups
Raptor Weekly 2 - ECHELON Web 1 - 1.1 ; OPEN CHANNEL
Chaining HTML comment enumeration to a disallowed robots.txt entry, pivoting through an exposed staging endpoint to recover an operator username, and extracting the portal password from a JSON debug response behind a custom request header.
Raptor Weekly 2 - ECHELON CTF - Event Overview & Retrospective
A full retrospective on the ECHELON CTF - 11 challenges across 5 clearance tiers, a hard-locked chain from login portal to composite key, what happened to NODE 07, and how it led to the creation of noncechalant.
Raptor Weekly 2 - ECHELON Rev 1 - 4.1 ; REMNANT
Reversing a stripped x86-64 ELF to recover Diffie-Hellman parameters with a smooth group order, applying Pohlig-Hellman to recover the private key, and decrypting a C2 beacon payload to extract a handshake key and the flag. Or just running the binary.
Raptor Weekly 2 - ECHELON Crypto 2 - 3.2 ; FREQUENCY
Recognizing a GCM nonce reuse vulnerability across two calibration reports, cancelling the keystream by XORing the ciphertexts, and recovering the anomaly report plaintext using a legacy diagnostic endpoint left running after decommission.
Raptor Weekly 2 - ECHELON JWT 1 - 1.2 ; NOISE FLOOR
Intercepting a JWT delivered in a non-standard HTTP response header, decoding the payload to recover the flag hidden in a custom claim, and recognizing the truncated signing key that will matter again two challenges later.