All Writeups
Comprehensive collection of CTF challenges, solutions, and insights.
Filter by category:
Filter by tag:
All Tags
Raptor-Weekly (14)
ctf (3)
retrospective (3)
overview (3)
ECHELON (12)
DEADROP (37)
WHAMazon! (23)
pcap (13)
base64 (10)
network (10)
Club-Ouroboros (1)
acrostic (1)
aes (2)
aes-cbc (3)
aes-gcm (1)
alg-none (1)
algorithm-confusion (1)
anti-debug (1)
api (5)
api-chaining (1)
auth-bypass (1)
authentication-bypass (1)
autopsy (1)
bash (1)
beaconing (1)
binary (1)
block-cipher (1)
brute-force (3)
bytecode (2)
c2 (3)
cbc (2)
chacha20 (1)
chain (1)
classical-cipher (1)
cloud-metadata (1)
cloudflare-tunnel (1)
command-injection (3)
config-leak (1)
constraint-solving (1)
cookie-theft (2)
core-dump (1)
covert-channel (1)
credential-hunting (1)
credential-reuse (1)
crib-drag (3)
cross-site-scripting (1)
crypto (7)
csp-bypass (1)
cube-root (1)
custom-crypto (1)
custom-isa (2)
custom-properties (1)
cyberchef (2)
darknet-services (1)
decryption (1)
default-credentials (1)
deobfuscation (2)
diffie-hellman (1)
directory-traversal (1)
discrete-log (1)
disk-image (2)
dns (2)
dns-exfiltration (1)
docker (1)
docx (1)
dsa (2)
ecdlp (1)
elf (5)
elliptic-curve (1)
email-forensics (1)
eml (1)
encoding (1)
encoding-chains (1)
encryption (1)
enumeration (1)
error-correction (1)
eval (1)
event-handler (1)
exfiltration (3)
exif (1)
feistel (1)
fetch (1)
ffuf (2)
file-recovery (1)
firmware (1)
flask (3)
foia (1)
forensics (8)
ftp (2)
full-chain (1)
ghidra (4)
github (2)
headers (1)
hex (5)
hidden-partition (1)
hmac (1)
hs256 (1)
html (1)
https (1)
iam (1)
icmp (1)
idor (2)
image-forensics (1)
img-tag (1)
implementation (1)
information-schema (1)
internal-services (1)
iv-reuse (1)
jail-escape (1)
javascript (1)
jinja2 (2)
json (1)
jwt (6)
jwt.io (1)
key-reuse (1)
kill-chain (1)
known-plaintext (3)
lateral-movement (1)
ld-preload (1)
lfi (1)
linkedin (1)
linux (4)
listener (1)
llm-security (1)
local-file-inclusion (1)
localhost (1)
loopback (1)
low-nonce (1)
lsb (2)
ltrace (1)
malware-analysis (1)
marshal (1)
memory (1)
meta (1)
multi-artifact (1)
multi-machine (1)
multi-stage (2)
network-pentest (1)
no-padding (1)
nonce-reuse (2)
none-algorithm (1)
oaep (1)
obfuscation (4)
office-formats (1)
os-shell (1)
osint (4)
otp-reuse (1)
padding (1)
padding-oracle (1)
partial-key (1)
path-traversal (2)
pcapng (2)
pdf (1)
pe (1)
php-deserialization (1)
pkcs1 (1)
pkcs1-v15 (1)
plaintext (1)
png (2)
pohlig-hellman (2)
polyglot (1)
powershell (3)
pre-master-secret (1)
private-key-recovery (2)
privesc (1)
privilege-escalation (2)
prompt-injection (1)
pyarmor (1)
pycryptodome (1)
python (7)
rc4 (1)
rce (4)
readelf (1)
recon (4)
reconnaissance (1)
reconstruction (1)
red-vs-blue (1)
reed-solomon (1)
register-machine (1)
restricted-shell (1)
rev (6)
reverse-engineering (3)
rfc822 (1)
robots.txt (1)
rot13 (1)
rs256 (1)
rsa (4)
runtime-generation (1)
scapy (1)
security-misconfiguration (1)
server-side-request-forgery (1)
session-keys (1)
session-manipulation (1)
signature (2)
signature-forgery (1)
sleuthkit (1)
small-exponent (1)
smb (1)
smooth-order (1)
smt (1)
snmp (1)
socat (1)
social-media (1)
source-code (1)
source-review (1)
sqli (3)
sqlite (1)
ssrf (4)
ssti (2)
static-analysis (2)
steganography (6)
stegsolve (1)
stored-xss (1)
stream-cipher (1)
streams (1)
string-array (1)
strings (3)
symmetric (1)
template-injection (1)
tls (2)
tls-decryption (1)
token-forgery (3)
token-manipulation (1)
traffic-analysis (1)
tshark (4)
two-time-pad (1)
udp (1)
unicode (1)
union-injection (1)
unit7 (1)
vigenere (1)
vm (2)
web (5)
whitespace (1)
windows (3)
winrm (1)
wireshark (5)
xml (1)
xobject (1)
xor (5)
xss (2)
z3 (1)
zsteg (1)
2026-02-28
Reverse Engineering
Hard
WHAMazon! Rev 2 - Armor
Identifying a PyArmor v9.x protected Python script, generating the correct runtime to execute it, and extracting a base64-encoded flag from the crash dump it writes to disk.
pyarmor
python
obfuscation
deobfuscation
2026-02-28
Reverse Engineering
Easy
WHAMazon! Rev 1 - Stage ?
Peeling back two layers of PowerShell obfuscation, a base64-encoded outer script and a string-split encoded flag inside, to recover the plaintext flag.
powershell
obfuscation
base64
deobfuscation