Categories

Reverse Engineering

  • PIL

    We have a main and 2 functions. GetNextPiDigit’s purpose is obvious, although we originally had some confusion over whether the one-million-digits.txt started with 3.14, 314, or 14.

  • Nameless

    The given executable is statically linked and stripped which means reversing will be a bit tougher. However, “main” isn’t too complicated and so we’ll be able to guess what functions are used.


Open-Source Intelligence

  • SpaceY Dump

    SpaceY Dump was a fairly high marks question in the Misc category for UMDCTF 2020. The goal is to try and unmask the anonymous Twitter user claiming responsibility for a hack and subsequent data leak.


Forensics

  • This isn't a Secure Line

    Our suspect is getting noided. We’ve managed to retrieve this from his computer. What can you find? Checking the file type with file data reveals that it is yet another BTSnoop file.

  • Magic in the Air

    We are investigating an individual we believe is connected to a group smuggling drugs into the country and selling them on social media. You have been posted on a stake out in the apartment above theirs and with the help of space-age eavesdropping technology have managed to extract some data from their computer.


Cryptography

  • CryptoGolf

    Our task is essentially the following: perform at most lim1 – 1 encryptions and send the decrypted challenge, so we need to uncover the secret in 128 – 1 == 127 queries.

  • RubiksCBC

    I implemented this really cool Rubiks CBC encryption algorithm and tested it on a document with my flag in it, but my dog ate my hard drive so I couldn’t decrypt the file :(

  • Grab Your Jisho

    これは文字化けか?それとも暗号…?The first clue is the title. Jisho is the Japanese word for dictionary and all of these characters are, you guessed it, Japanese Kanji.


OSINT

  • A Series of Tubes

    Use the personal information uncovered from PI 1 to find out where our suspect’s contact lives, his full name and the next flight he is taking.


Web Exploitation

  • SignStealingSoftware-P2

    As a result of the LFI, we have the ability to view a file’s content, but we don’t have the ability to locate files that we seek in the system. We thought of 2 different possible approaches: