All Writeups

Comprehensive collection of CTF challenges, solutions, and insights.

Filter by category:
All Web (16) Meta (3) Reverse Engineering (9) Crypto (15) JWT (5) Forensics (7) Network (12) Misc (7) Pentest (1)

Filter by tag:
All Tags Raptor-Weekly (14) ctf (3) retrospective (3) overview (3) ECHELON (12) DEADROP (37) WHAMazon! (23) pcap (13) base64 (10) network (10)
2026-05-10 Forensics Hard

Raptor Weekly 2 - ECHELON Forensics 1 - 3.3 ; COLD CASE

Parsing a proprietary ECHELON memory snapshot format, deriving an AES-128-CBC decryption key from an operator certificate recovered in the prior challenge, and extracting a file access record from a process heap to reconstruct the TOP SECRET portal password.

forensics memory aes-cbc ECHELON
2026-03-01 Forensics Insane

DEADROP Forensics 6 - NIGHTJAR AFTERMATH

A ZIP containing six post-incident artifacts, logs, a photo, a config, a README, a binary, and a pcap. Each hides one fragment of the flag using a different technique. The README encodes the final fragment via trailing-space whitespace steganography across 47 lines.

forensics multi-artifact steganography whitespace
2026-03-01 Forensics Hard

DEADROP Forensics 5 - Field Laptop

A disk image with an encrypted hidden partition. The passphrase is GPS coordinates extracted from image EXIF data. The ChaCha20 key derivation parameters and salt are embedded in a self-describing plaintext header in the hidden region, recoverable with strings alone.

forensics disk-image encryption chacha20
2026-03-01 Forensics Hard

DEADROP Forensics 4 - Redacted Blueprint

A PDF floor plan whose rooms spell OOPS from above, hiding a flag in an orphaned FlateDecode XObject with no page tree reference, invisible to all standard PDF viewers. Requires parsing raw PDF streams or hex editing to find and base64-decode the hidden object.

forensics pdf xobject streams
2026-03-01 Forensics Medium

DEADROP Forensics 3 - svchost_1337

An ELF core dump with a flag encoded through four layers, ROT13, base64, hex, and XOR 0x7d, hidden in the NT_PRPSINFO note section. readelf -n and working backwards through each encoding layer recovers it.

forensics core-dump elf readelf
2026-03-01 Forensics Medium

DEADROP Forensics 2 - Safehouse

A PNG with a flag hidden in the least significant bits of pixel data. Classic LSB steganography, stegsolve or zsteg extracts it directly.

forensics steganography lsb png
2026-03-01 Forensics Easy

DEADROP Forensics 1 - Whistleblower

A disk image containing deleted files recoverable via Autopsy or Sleuthkit. The flag was deleted but not wiped, file carving brings it straight back.

forensics disk-image file-recovery autopsy
2026-03-01 Misc Hard

DEADROP Misc 5 - Flatearth Committee Minutes

Meeting minutes from the agency's Flat Earth Contingency Planning Committee hide four flag pieces across the docx XML structure, white-on-white text, an XML comment, a custom document property, and a Word comment. A .docx is a ZIP, unzip it.

docx xml forensics steganography