An event organized by a French CTF team with many challenges in ranging various difficulties. We placed 11th in the end and most notably found a few different unintended solutions to solve challenges quicker.

Post thumbnail
WebReversingSSRFRCE+481 points


Find an Insecure Deserialization vulnerability in a Machine Learning library to get RCE after an admin triggers your uploaded model

Post thumbnail
RCEMiscellaneousFilter Bypass+475 points

GCC Online

Provide any arguments to a GCC compiler to run arbitrary code at compile-time. Eventually, bypass a ban list filter to pass dangerous options

Post thumbnail
WebLFIRCE+100 points

frenzy flask

This directory traversal challenge has two solutions, one to read the flag and another resulting in RCE that can bypass more filters.

Post thumbnail
Web+839 points

Genie Pwn Adventure (+ Revenge)

A dashboard representing LockBit's chat function with an administrator bot. This one was solved in a completely unintended way that did not involve a bot at all, just logic!

Post thumbnail
ScriptingCrypto+404 points


A cryptography challenge involving a combination of a flawed Linear Congruential Generator (LCG) and a custom AES mode. Recover part of the plaintext to leak the repeated flag from a repeating keystream.

Post thumbnail
ForensicsReversingEncoding+431 points

Bad Habit

Reverse engineer a smart card protocol in Wireshark to recover the card number and expiry date from a USB capture