All Writeups
Comprehensive collection of CTF challenges, solutions, and insights.
Raptor Weekly 2 - ECHELON Rev 1 - 4.1 ; REMNANT
Reversing a stripped x86-64 ELF to recover Diffie-Hellman parameters with a smooth group order, applying Pohlig-Hellman to recover the private key, and decrypting a C2 beacon payload to extract a handshake key and the flag. Or just running the binary.
Raptor Weekly 2 - ECHELON Crypto 2 - 3.2 ; FREQUENCY
Recognizing a GCM nonce reuse vulnerability across two calibration reports, cancelling the keystream by XORing the ciphertexts, and recovering the anomaly report plaintext using a legacy diagnostic endpoint left running after decommission.
Raptor Weekly 2 - ECHELON JWT 1 - 1.2 ; NOISE FLOOR
Intercepting a JWT delivered in a non-standard HTTP response header, decoding the payload to recover the flag hidden in a custom claim, and recognizing the truncated signing key that will matter again two challenges later.
Raptor Weekly 2 - ECHELON Network 2 - 4.2 ; EXFIL
Parsing a custom ECP/1.2 protocol capture, deriving a stream key via HMAC-SHA256 from the Tier 4 handshake key, decrypting three of four signing key chunks, and hunting down the missing chunk in a PCAP from two tiers and two days earlier.
Raptor Weekly 2 - ECHELON Crypto 3 - 5.1 ; ECHELON
Assembling three named artifacts recovered across five prior challenges, a signing key exfiltrated in four fragments, a C2 handshake key, and a certificate-derived access key. Then computing their HMAC-SHA256 combination to authenticate to the CODEWORD tier.
Raptor Weekly 2 - ECHELON JWT 2 - 2.3 ; SIGNED
Reconstructing a JWT signing secret from two hex fragments recovered across prior challenges, forging an HS256 token with elevated role claims, and submitting it to a verification endpoint to gain SECRET tier access.
Raptor Weekly 2 - ECHELON Crypto 1 - 2.2 ; DEAD DROP
Extracting an RC4 key hidden in a request ID header from the Tier 2 network capture and using it to decrypt an intercepted message that reveals the second half of a JWT signing secret.