+300 points
TrapTrack
A hard web challenge where we attack a back-end Redis server through SSRF to deserialize our payload getting Remote Code Execution
+325 points
Interstellar C2
Investigate malware from a packet capture to reverse engineer a Command & Control (C2) server program, and decrypt messages including the final screenshot. One of my biggest writeups yet
+300 points
Secret Code
Reverse engineer a hardware circuit to decode recorded signals. Read the flag from a 7-segment display at the end
+300 points
Hijack
An easy YAML deserialization challenge to get Remote Code Execution when loading a config
+300 points
Cave System
A reversing challenge that would be a nightmare to do manually, but can be solved within minutes using Angr