Categories

Forensics

  • This isn't a Secure Line

    Forensics  · 

    Our suspect is getting noided. We’ve managed to retrieve this from his computer. What can you find? Checking the file type with file data reveals that it is yet another BTSnoop file.

  • Magic in the Air

    Forensics  · 

    We are investigating an individual we believe is connected to a group smuggling drugs into the country and selling them on social media. You have been posted on a stake out in the apartment above theirs and with the help of space-age eavesdropping technology have managed to extract some data from their computer.

Cryptography

  • CryptoGolf

    Cryptography  · 

    Our task is essentially the following: perform at most lim1 – 1 encryptions and send the decrypted challenge, so we need to uncover the secret in 128 – 1 == 127 queries.

  • RubiksCBC

    Cryptography  · 

    I implemented this really cool Rubiks CBC encryption algorithm and tested it on a document with my flag in it, but my dog ate my hard drive so I couldn’t decrypt the file :(

  • Grab Your Jisho

    Cryptography  · 

    これは文字化けか?それとも暗号…?The first clue is the title. Jisho is the Japanese word for dictionary and all of these characters are, you guessed it, Japanese Kanji.

OSINT

  • A Series of Tubes

    OSINT  · 

    Use the personal information uncovered from PI 1 to find out where our suspect’s contact lives, his full name and the next flight he is taking.

Reverse Engineering

  • PIL

    Reverse Engineering  · 

    We have a main and 2 functions. GetNextPiDigit’s purpose is obvious, although we originally had some confusion over whether the one-million-digits.txt started with 3.14, 314, or 14.

  • Nameless

    Reverse Engineering  · 

    The given executable is statically linked and stripped which means reversing will be a bit tougher. However, “main” isn’t too complicated and so we’ll be able to guess what functions are used.

Web Exploitation

  • SignStealingSoftware-P2

    Web Exploitation  · 

    As a result of the LFI, we have the ability to view a file’s content, but we don’t have the ability to locate files that we seek in the system. We thought of 2 different possible approaches:

Open-Source Intelligence

  • SpaceY Dump

    Open-Source Intelligence  · 

    SpaceY Dump was a fairly high marks question in the Misc category for UMDCTF 2020. The goal is to try and unmask the anonymous Twitter user claiming responsibility for a hack and subsequent data leak.