CTF Writeups

CTF Writeup Aggregation Post!


Currently documented CTFS:

  • Hack the Box - Business CTF 2022

    • Breakout

      • Challenge: A C2 implant's interface was left exposed on a victim's webserver. Break into the interface and enumerate its functionality.

      • Compromised the C2 interface and extracted a non-native binary, 'bkd.'

      • Performed analysis on the binary and extracted the flag from multiple strings present in the compiled code.

    • Chromeminer

      • Challenge: A browser extension is believed to host cryptomining malware. Investigate.

      • Downloaded and unzipped the .crx (browser extension) file.

      • Reverse engineered heavily obfuscated malicious javascript code to retrieve the flag.

    • Lina's Invitation

      • Challenge: A CEO's password vault has been compromised after receiving an email with an attachment. Review the provided PCAP file and attachment to determine how he was compromised.

      • Unzipped the attachment (a .docx file), used OLE Tools suite to analyze its contents, and discovered malicious VBA macros calling out to a fake Windows Update site and containing a part of the flag.

      • Analyzed the provided PCAP file and found two indicators of compromised: a malicious HTML payload and some obfuscated PowerShell commands.

      • De-obfuscated the malicious HTML payload to discover part of the flag.

      • De-obfuscated and reverse-engineered the PowerShell payload to reveal the final part of the flag.


Remember when you had time for CTFs? I remember when I had time for CTFs.

Last updated