All Writeups
Comprehensive collection of CTF challenges, solutions, and insights.
Filter by category:
Filter by tag:
All Tags
Raptor-Weekly (14)
ctf (3)
retrospective (3)
overview (3)
ECHELON (12)
DEADROP (37)
WHAMazon! (23)
pcap (13)
base64 (10)
network (10)
Club-Ouroboros (1)
acrostic (1)
aes (2)
aes-cbc (3)
aes-gcm (1)
alg-none (1)
algorithm-confusion (1)
anti-debug (1)
api (5)
api-chaining (1)
auth-bypass (1)
authentication-bypass (1)
autopsy (1)
bash (1)
beaconing (1)
binary (1)
block-cipher (1)
brute-force (3)
bytecode (2)
c2 (3)
cbc (2)
chacha20 (1)
chain (1)
classical-cipher (1)
cloud-metadata (1)
cloudflare-tunnel (1)
command-injection (3)
config-leak (1)
constraint-solving (1)
cookie-theft (2)
core-dump (1)
covert-channel (1)
credential-hunting (1)
credential-reuse (1)
crib-drag (3)
cross-site-scripting (1)
crypto (7)
csp-bypass (1)
cube-root (1)
custom-crypto (1)
custom-isa (2)
custom-properties (1)
cyberchef (2)
darknet-services (1)
decryption (1)
default-credentials (1)
deobfuscation (2)
diffie-hellman (1)
directory-traversal (1)
discrete-log (1)
disk-image (2)
dns (2)
dns-exfiltration (1)
docker (1)
docx (1)
dsa (2)
ecdlp (1)
elf (5)
elliptic-curve (1)
email-forensics (1)
eml (1)
encoding (1)
encoding-chains (1)
encryption (1)
enumeration (1)
error-correction (1)
eval (1)
event-handler (1)
exfiltration (3)
exif (1)
feistel (1)
fetch (1)
ffuf (2)
file-recovery (1)
firmware (1)
flask (3)
foia (1)
forensics (8)
ftp (2)
full-chain (1)
ghidra (4)
github (2)
headers (1)
hex (5)
hidden-partition (1)
hmac (1)
hs256 (1)
html (1)
https (1)
iam (1)
icmp (1)
idor (2)
image-forensics (1)
img-tag (1)
implementation (1)
information-schema (1)
internal-services (1)
iv-reuse (1)
jail-escape (1)
javascript (1)
jinja2 (2)
json (1)
jwt (6)
jwt.io (1)
key-reuse (1)
kill-chain (1)
known-plaintext (3)
lateral-movement (1)
ld-preload (1)
lfi (1)
linkedin (1)
linux (4)
listener (1)
llm-security (1)
local-file-inclusion (1)
localhost (1)
loopback (1)
low-nonce (1)
lsb (2)
ltrace (1)
malware-analysis (1)
marshal (1)
memory (1)
meta (1)
multi-artifact (1)
multi-machine (1)
multi-stage (2)
network-pentest (1)
no-padding (1)
nonce-reuse (2)
none-algorithm (1)
oaep (1)
obfuscation (4)
office-formats (1)
os-shell (1)
osint (4)
otp-reuse (1)
padding (1)
padding-oracle (1)
partial-key (1)
path-traversal (2)
pcapng (2)
pdf (1)
pe (1)
php-deserialization (1)
pkcs1 (1)
pkcs1-v15 (1)
plaintext (1)
png (2)
pohlig-hellman (2)
polyglot (1)
powershell (3)
pre-master-secret (1)
private-key-recovery (2)
privesc (1)
privilege-escalation (2)
prompt-injection (1)
pyarmor (1)
pycryptodome (1)
python (7)
rc4 (1)
rce (4)
readelf (1)
recon (4)
reconnaissance (1)
reconstruction (1)
red-vs-blue (1)
reed-solomon (1)
register-machine (1)
restricted-shell (1)
rev (6)
reverse-engineering (3)
rfc822 (1)
robots.txt (1)
rot13 (1)
rs256 (1)
rsa (4)
runtime-generation (1)
scapy (1)
security-misconfiguration (1)
server-side-request-forgery (1)
session-keys (1)
session-manipulation (1)
signature (2)
signature-forgery (1)
sleuthkit (1)
small-exponent (1)
smb (1)
smooth-order (1)
smt (1)
snmp (1)
socat (1)
social-media (1)
source-code (1)
source-review (1)
sqli (3)
sqlite (1)
ssrf (4)
ssti (2)
static-analysis (2)
steganography (6)
stegsolve (1)
stored-xss (1)
stream-cipher (1)
streams (1)
string-array (1)
strings (3)
symmetric (1)
template-injection (1)
tls (2)
tls-decryption (1)
token-forgery (3)
token-manipulation (1)
traffic-analysis (1)
tshark (4)
two-time-pad (1)
udp (1)
unicode (1)
union-injection (1)
unit7 (1)
vigenere (1)
vm (2)
web (5)
whitespace (1)
windows (3)
winrm (1)
wireshark (5)
xml (1)
xobject (1)
xor (5)
xss (2)
z3 (1)
zsteg (1)
2026-05-10
Reverse Engineering
Hard
Raptor Weekly 2 - ECHELON Rev 1 - 4.1 ; REMNANT
Reversing a stripped x86-64 ELF to recover Diffie-Hellman parameters with a smooth group order, applying Pohlig-Hellman to recover the private key, and decrypting a C2 beacon payload to extract a handshake key and the flag. Or just running the binary.
reverse-engineering
crypto
diffie-hellman
pohlig-hellman