All Writeups
Comprehensive collection of CTF challenges, solutions, and insights.
Raptor Weekly 2 - ECHELON Web 1 - 1.1 ; OPEN CHANNEL
Chaining HTML comment enumeration to a disallowed robots.txt entry, pivoting through an exposed staging endpoint to recover an operator username, and extracting the portal password from a JSON debug response behind a custom request header.
Raptor Weekly 2 - ECHELON CTF - Event Overview & Retrospective
A full retrospective on the ECHELON CTF - 11 challenges across 5 clearance tiers, a hard-locked chain from login portal to composite key, what happened to NODE 07, and how it led to the creation of noncechalant.
Raptor Weekly 2 - ECHELON Rev 1 - 4.1 ; REMNANT
Reversing a stripped x86-64 ELF to recover Diffie-Hellman parameters with a smooth group order, applying Pohlig-Hellman to recover the private key, and decrypting a C2 beacon payload to extract a handshake key and the flag. Or just running the binary.
Raptor Weekly 2 - ECHELON Crypto 2 - 3.2 ; FREQUENCY
Recognizing a GCM nonce reuse vulnerability across two calibration reports, cancelling the keystream by XORing the ciphertexts, and recovering the anomaly report plaintext using a legacy diagnostic endpoint left running after decommission.
Raptor Weekly 2 - ECHELON JWT 1 - 1.2 ; NOISE FLOOR
Intercepting a JWT delivered in a non-standard HTTP response header, decoding the payload to recover the flag hidden in a custom claim, and recognizing the truncated signing key that will matter again two challenges later.
Raptor Weekly 2 - ECHELON Forensics 1 - 3.3 ; COLD CASE
Parsing a proprietary ECHELON memory snapshot format, deriving an AES-128-CBC decryption key from an operator certificate recovered in the prior challenge, and extracting a file access record from a process heap to reconstruct the TOP SECRET portal password.
Raptor Weekly 2 - ECHELON Network 2 - 4.2 ; EXFIL
Parsing a custom ECP/1.2 protocol capture, deriving a stream key via HMAC-SHA256 from the Tier 4 handshake key, decrypting three of four signing key chunks, and hunting down the missing chunk in a PCAP from two tiers and two days earlier.
Raptor Weekly 2 - ECHELON Web 2 - 3.1 ; PHANTOM NODE
Identifying an anomalous node on a SECRET tier dashboard, exploiting an SSRF vulnerability in the node status endpoint via path traversal and query string termination, and reading an internal data response that seeds the next two challenges.
Raptor Weekly 2 - ECHELON Crypto 3 - 5.1 ; ECHELON
Assembling three named artifacts recovered across five prior challenges, a signing key exfiltrated in four fragments, a C2 handshake key, and a certificate-derived access key. Then computing their HMAC-SHA256 combination to authenticate to the CODEWORD tier.
Raptor Weekly 2 - ECHELON JWT 2 - 2.3 ; SIGNED
Reconstructing a JWT signing secret from two hex fragments recovered across prior challenges, forging an HS256 token with elevated role claims, and submitting it to a verification endpoint to gain SECRET tier access.
Raptor Weekly 2 - ECHELON Network 1 - 2.1 ; INTERCEPT
Parsing a raw HTTP traffic capture to identify an authenticated session, replaying a stolen token against a restricted endpoint, and reading every response header carefully enough to find a value that won't make sense until Tier 4.
Raptor Weekly 2 - ECHELON Crypto 1 - 2.2 ; DEAD DROP
Extracting an RC4 key hidden in a request ID header from the Tier 2 network capture and using it to decrypt an intercepted message that reveals the second half of a JWT signing secret.