All Writeups

Comprehensive collection of CTF challenges, solutions, and insights.

Filter by category:
All Web (16) Meta (3) Reverse Engineering (9) Crypto (15) JWT (5) Forensics (7) Network (12) Misc (7) Pentest (1)

Filter by tag:
All Tags Raptor-Weekly (14) ctf (3) retrospective (3) overview (3) ECHELON (12) DEADROP (37) WHAMazon! (23) pcap (13) base64 (10) network (10)
2026-03-01 Forensics Hard

DEADROP Forensics 4 - Redacted Blueprint

A PDF floor plan whose rooms spell OOPS from above, hiding a flag in an orphaned FlateDecode XObject with no page tree reference, invisible to all standard PDF viewers. Requires parsing raw PDF streams or hex editing to find and base64-decode the hidden object.

forensics pdf xobject streams
2026-03-01 Forensics Medium

DEADROP Forensics 3 - svchost_1337

An ELF core dump with a flag encoded through four layers, ROT13, base64, hex, and XOR 0x7d, hidden in the NT_PRPSINFO note section. readelf -n and working backwards through each encoding layer recovers it.

forensics core-dump elf readelf
2026-03-01 Reverse Engineering Medium

DEADROP Rev 2 - Clearance Check

A multi-layer obfuscated Python script hiding its payload behind base64, marshal bytecode, and a runtime exec chain. Peel back each layer to recover the deobfuscated comparison and the flag.

rev python obfuscation marshal
2026-03-01 Misc Insane

DEADROP Misc 6 - //CHAOS

A meta-challenge hidden across the DEADROP platform. No challenge listing, no files, no hints. Four flag fragments concealed using four different techniques, favicon MD5 steganography, a hidden 404 endpoint, zero-width Unicode in a checksum field, and a non-standard base64 meta attribute. Unit 7 says hello.

meta steganography osint unicode
2026-03-01 Misc Hard

DEADROP Misc 4 - SIGINT PUZZLE

Three fake declassified SIGINT documents hide base64 flag fragments in the least significant bits of the red channel. The lore tells you the order; extract, concatenate, decode.

steganography lsb png image-forensics
2026-03-01 Misc Medium

DEADROP Misc 3 - INTERNAL MEMO CHAIN

A 12-email thread about pigeon fleet budget allocation hides flag fragments in X-Agency-Ref headers across the quoted chain. Opening in a mail client shows you the body while reading the raw source shows you everything.

email-forensics eml headers base64
2026-02-28 Reverse Engineering Hard

WHAMazon! Rev 2 - Armor

Identifying a PyArmor v9.x protected Python script, generating the correct runtime to execute it, and extracting a base64-encoded flag from the crash dump it writes to disk.

pyarmor python obfuscation deobfuscation
2026-02-28 Network Medium

WHAMazon! Network 4 - What's UDP with you?

Extracting multiple base64-encoded keys hidden across different protocols in a packet capture, then running a UDP listener to receive an exfiltrated flag after submitting the correct credential.

pcap udp strings base64
2026-02-28 Reverse Engineering Easy

WHAMazon! Rev 1 - Stage ?

Peeling back two layers of PowerShell obfuscation, a base64-encoded outer script and a string-split encoded flag inside, to recover the plaintext flag.

powershell obfuscation base64 deobfuscation
2026-02-28 Network Easy

WHAMazon! Network 2 - The AI gets mixed up when you rev it

Decrypting TLS traffic in Wireshark using a provided pre-master secret log, then following the TLS stream to find a base64-encoded flag in captured shell session output.

pcap tls wireshark tls-decryption