All Writeups

Comprehensive collection of CTF challenges, solutions, and insights.

Filter by category:
All Web (16) Meta (3) Reverse Engineering (9) Crypto (15) JWT (5) Forensics (7) Network (12) Misc (7) Pentest (1)

Filter by tag:
All Tags Raptor-Weekly (14) ctf (3) retrospective (3) overview (3) ECHELON (12) DEADROP (37) WHAMazon! (23) pcap (13) base64 (10) network (10)
2026-05-10 Network Hard

Raptor Weekly 2 - ECHELON Network 2 - 4.2 ; EXFIL

Parsing a custom ECP/1.2 protocol capture, deriving a stream key via HMAC-SHA256 from the Tier 4 handshake key, decrypting three of four signing key chunks, and hunting down the missing chunk in a PCAP from two tiers and two days earlier.

network crypto pcap aes-cbc
2026-05-10 Network Easy

Raptor Weekly 2 - ECHELON Network 1 - 2.1 ; INTERCEPT

Parsing a raw HTTP traffic capture to identify an authenticated session, replaying a stolen token against a restricted endpoint, and reading every response header carefully enough to find a value that won't make sense until Tier 4.

network pcap ECHELON Raptor-Weekly
2026-03-01 Network Insane

DEADROP Network 6 - OPERATION NIGHTJAR

A single PCAP containing a complete attack kill chain, reconnaissance, exploitation, C2 establishment, lateral movement, data staging, and exfiltration. Each stage requires a different analysis technique. Read the whole story from first SYN to final exfil packet.

network pcap kill-chain wireshark
2026-03-01 Network Hard

DEADROP Network 5 - C2 Beacon

A PCAP containing C2 beacon traffic with a polyglot payload hiding a second flag. Identify the beaconing pattern, extract and decode the C2 communications, then analyse the payload for the embedded flag.

network pcap c2 beaconing
2026-03-01 Network Hard

DEADROP Network 4 - ICMP Exfil

A PCAP containing ICMP echo requests with flag data hidden in the payload fields. Use Scapy or tshark to extract and reassemble the payload bytes across the packet sequence.

network pcap icmp exfiltration
2026-03-01 Network Medium

DEADROP Network 3 - TLS Session

A TLS-encrypted PCAP paired with a session key log file. Load both into Wireshark to decrypt the traffic and recover the flag from the plaintext HTTP response.

network pcap tls decryption
2026-03-01 Network Medium

DEADROP Network 2 - DEADROP C2

A PCAP containing DNS exfiltration traffic where the flag is split across hex-encoded subdomain labels in a series of TXT queries. Extract and reassemble the labels in sequence to reconstruct and decode the flag.

network pcap dns exfiltration
2026-03-01 Network Easy

DEADROP Network 1 - Breach Traffic

A PCAP containing FTP traffic with credentials and file transfers sent in plaintext. Follow the TCP stream in Wireshark to extract the flag directly.

network pcap ftp wireshark
2026-02-28 Network Medium

WHAMazon! Network 4 - What's UDP with you?

Extracting multiple base64-encoded keys hidden across different protocols in a packet capture, then running a UDP listener to receive an exfiltrated flag after submitting the correct credential.

pcap udp strings base64
2026-02-28 Network Easy

WHAMazon! Network 1 - It's on the wires

Extracting a plaintext flag from a packet capture by running strings, no Wireshark required!

pcap pcapng strings network