My goal for this blog is to help others learn new analysis skills through detailed walkthroughs and write-ups of Capture the Flag (CTF) challenges. I plan on writing for beginner-level CTFs first, slowly graduating to more advanced challenges over time. Posts will be tagged with one of three difficulty levels:

  • Beginner - Challenges that can be solved between seconds to a few minutes for an experienced CTF player. These write-ups will be aimed towards people with little CTF or other analysis experience. Even if the challenge can be solved in seconds, these posts will be lengthy enough to cover the mindset behind why certain tools or techniques were used to get to the flag, enabling beginners to come to the same conclusions on their own in future challenges.
  • Intermediate - Challenges that take multiple steps to solve or require writing custom scripts. These write-ups will still focus on the why to aid in learning, but it will assume you already understand the tools and techniques taught in beginner challenges.
  • Advanced - Similar to intermediate but may take an hour or longer for experienced individuals to solve. Again, these write-ups will address the why but won’t spend time explaining concepts from lower-level challenges that should already make sense to you.

Posts will also be tagged with one or more challenge types:

  • Crypto - Decrypting ciphertext.
  • Network - Analyzing packet captures.
  • Pwn - Exploiting binaries.
  • Reverse Engineering - Analyzing binaries.
  • Stego - Finding data hidden inside files.
  • Web - Exploiting website vulnerabilities.
  • Misc - Other tasks.

Analysis of Apache Guacamole

### OverviewThis post will be focusing on an analysis of Apache Guacamole's web traffic. From their website:> Apache Guacamole is a clien...… Continue reading

SHA2017 Junior CTF - Rotation

Published on August 14, 2017

SHA2017 Junior CTF - Zipfile One

Published on August 10, 2017