All Writeups
Comprehensive collection of CTF challenges, solutions, and insights.
Filter by category:
Filter by tag:
All Tags
Raptor-Weekly (15)
ECHELON (12)
ctf (3)
retrospective (3)
overview (3)
DEADROP (37)
WHAMazon! (23)
pcap (13)
base64 (10)
network (10)
3lectric-Igloo (1)
Club-Ouroboros (1)
acrostic (1)
aes (3)
aes-cbc (3)
aes-gcm (1)
alg-none (1)
algorithm-confusion (1)
anti-debug (1)
api (5)
api-chaining (1)
auth-bypass (1)
authentication-bypass (1)
autopsy (1)
bash (1)
beaconing (1)
binary (1)
block-cipher (1)
brute-force (3)
bytecode (2)
c2 (3)
cbc (2)
chacha20 (1)
chain (1)
classical-cipher (1)
cloud-metadata (1)
cloudflare-tunnel (1)
command-injection (4)
config-leak (1)
constraint-solving (1)
cookie-theft (2)
core-dump (1)
covert-channel (1)
credential-hunting (1)
credential-reuse (2)
crib-drag (3)
cross-site-scripting (1)
crypto (7)
csp-bypass (1)
cube-root (1)
custom-crypto (1)
custom-isa (2)
custom-properties (1)
cve-2026-43284 (1)
cve-2026-43500 (1)
cve-2026-48778 (1)
cyberchef (2)
darknet-services (2)
decryption (1)
default-credentials (1)
deobfuscation (2)
diffie-hellman (1)
directory-traversal (1)
dirty-frag (1)
discrete-log (1)
disk-image (2)
dns (2)
dns-exfiltration (1)
docker (2)
docx (1)
dsa (2)
ecdlp (1)
ecdsa (1)
elf (5)
elliptic-curve (1)
email-forensics (1)
eml (1)
encoding (1)
encoding-chains (1)
encryption (1)
enumeration (1)
env-leak (1)
error-correction (1)
eval (1)
event-handler (1)
exfiltration (3)
exif (1)
feistel (1)
fetch (1)
ffuf (2)
file-recovery (1)
firmware (1)
flask (4)
foia (1)
forensics (8)
ftp (2)
full-chain (1)
ghidra (4)
github (2)
headers (1)
hex (5)
hidden-partition (1)
hmac (1)
hs256 (1)
html (1)
https (1)
iam (1)
icmp (1)
idor (3)
image-forensics (1)
img-tag (1)
implementation (1)
information-schema (1)
internal-services (1)
iv-reuse (1)
jail-escape (1)
javascript (1)
jinja2 (2)
json (1)
jwt (6)
jwt.io (1)
kernel-exploit (1)
key-reuse (1)
kill-chain (1)
known-plaintext (3)
lateral-movement (1)
ld-preload (1)
lfi (2)
linkedin (1)
linux (4)
listener (1)
llm-security (1)
local-file-inclusion (1)
localhost (1)
loopback (1)
low-nonce (1)
lsb (2)
ltrace (1)
malware-analysis (1)
marshal (1)
mcp (1)
memory (1)
meta (1)
multi-artifact (1)
multi-machine (2)
multi-stage (2)
network-pentest (2)
network-pivot (1)
no-padding (1)
nonce-reuse (3)
none-algorithm (1)
oaep (1)
obfuscation (4)
office-formats (1)
os-shell (1)
osint (4)
otp-reuse (1)
padding (1)
padding-oracle (1)
partial-key (1)
path-traversal (3)
pcapng (2)
pdf (1)
pe (1)
php-deserialization (1)
pkcs1 (1)
pkcs1-v15 (1)
plaintext (1)
png (2)
pohlig-hellman (2)
polyglot (1)
powershell (3)
pre-master-secret (1)
private-key-recovery (2)
privesc (1)
privilege-escalation (2)
prompt-injection (2)
pyarmor (1)
pycryptodome (1)
python (7)
race-condition (1)
rc4 (1)
rce (5)
readelf (1)
recon (5)
reconnaissance (1)
reconstruction (1)
red-vs-blue (1)
reed-solomon (1)
register-machine (1)
restricted-shell (1)
rev (6)
reverse-engineering (3)
rfc822 (1)
robots.txt (1)
rot13 (1)
rs256 (1)
rsa (4)
runtime-generation (1)
scapy (1)
security-misconfiguration (1)
server-side-request-forgery (1)
session-keys (1)
session-manipulation (1)
signature (2)
signature-forgery (1)
sleuthkit (1)
small-exponent (1)
smb (1)
smooth-order (1)
smt (1)
snmp (1)
socat (1)
social-media (1)
source-code (1)
source-review (1)
sqli (3)
sqlite (1)
ssrf (5)
ssti (2)
static-analysis (2)
steganography (6)
stegsolve (1)
stored-xss (1)
stream-cipher (1)
streams (1)
string-array (1)
strings (3)
symmetric (1)
template-injection (1)
tls (2)
tls-decryption (1)
toctou (1)
token-forgery (3)
token-manipulation (1)
traffic-analysis (1)
tshark (4)
two-time-pad (1)
udp (1)
unicode (1)
union-injection (1)
unit7 (1)
vigenere (1)
vm (2)
web (5)
whitespace (1)
windows (3)
winrm (1)
wireshark (5)
xml (1)
xml-injection (1)
xobject (1)
xor (5)
xss (2)
z3 (1)
zsteg (1)
2026-05-10
JWT
Easy
Raptor Weekly 2 - ECHELON JWT 1 - 1.2 ; NOISE FLOOR
Intercepting a JWT delivered in a non-standard HTTP response header, decoding the payload to recover the flag hidden in a custom claim, and recognizing the truncated signing key that will matter again two challenges later.
web
crypto
jwt
ECHELON
2026-05-10
JWT
Medium
Raptor Weekly 2 - ECHELON JWT 2 - 2.3 ; SIGNED
Reconstructing a JWT signing secret from two hex fragments recovered across prior challenges, forging an HS256 token with elevated role claims, and submitting it to a verification endpoint to gain SECRET tier access.
web
crypto
jwt
ECHELON
2026-02-28
JWT
Medium
WHAMazon! JWT 3 - RSA Revenge
Using provided RSA private key components to manually implement PKCS#1 v1.5 signing and forge a valid RS256 JWT admin token.
jwt
rs256
rsa
pkcs1-v15
2026-02-28
JWT
Easy
WHAMazon! JWT 2 - Forge
Exploiting the JWT 'none' algorithm vulnerability to forge an unsigned admin token without knowing the signing secret.
jwt
none-algorithm
algorithm-confusion
token-forgery
2026-02-28
JWT
Easy
WHAMazon! JWT 1 - WHAM Token
Extracting a JWT signing key from a netcat service, forging an admin token with jwt.io, and submitting it to gain elevated access and retrieve the flag.
jwt
hs256
token-forgery
privilege-escalation