CTF Writeups

CTF Writeup Aggregation Post!

Project URL:

For as long as I'm doing CTFs, this project will be pinned. You can check out my writeups for CTFs at the URL above. Currently documented CTFS:

    • Hack the Box - Business CTF 2022
      • Breakout
        • Challenge: A C2 implant's interface was left exposed on a victim's webserver. Break into the interface and enumerate its functionality.
        • Compromised the C2 interface and extracted a non-native binary, 'bkd.'
        • Performed analysis on the binary and extracted the flag from multiple strings present in the compiled code.
      • Chromeminer
        • Challenge: A browser extension is believed to host cryptomining malware. Investigate.
        • Downloaded and unzipped the .crx (browser extension) file.
        • Reverse engineered heavily obfuscated malicious javascript code to retrieve the flag.
      • Lina's Invitation
        • Challenge: A CEO's password vault has been compromised after receiving an email with an attachment. Review the provided PCAP file and attachment to determine how he was compromised.
        • Unzipped the attachment (a .docx file), used OLE Tools suite to analyze its contents, and discovered malicious VBA macros calling out to a fake Windows Update site and containing a part of the flag.
        • Analyzed the provided PCAP file and found two indicators of compromised: a malicious HTML payload and some obfuscated PowerShell commands.
        • De-obfuscated the malicious HTML payload to discover part of the flag.
        • De-obfuscated and reverse-engineered the PowerShell payload to reveal the final part of the flag.