Challenges

Clear
All 138 Web 14 Pwn 11 Crypto 11 Forensics 11 Rev 10 Misc 11 OSINT 10 network 11 Mobile 14 Cloud 14 web3 12 Linux 9
Forensics Easy

Hidden in Plain Sight

A flag is hidden inside an image file using LSB steganography. Extract the hidden message from the image.

100 pts
9 solves 🩸
Forensics Easy

Hidden in Plain Sight PT:2

A PNG image with the flag hidden in its metadata (tEXt chunk). Use exiftool or strings to extract.

100 pts
5 solves 🩸
Forensics Easy

USB Device Forensics

A disk image of a Windows workstation is provided. An employee is suspected of data exfiltration via USB. Recover the USB device serial number from the registry (SYSTEM hive → USBSTOR), find the last-written timestamp, and extract the flag from a deleted file on the USB's shadow copy.

150 pts
Forensics Medium

Corrupted Archive Recovery

A ZIP file containing the flag has been corrupted. The magic bytes are wrong. Can you fix the file header and extract the flag?

200 pts
8 solves 🩸
Forensics Medium

Pixel Secrets (LSB Stego)

The flag is hidden in the Least Significant Bit of the Red channel of a PNG image.

250 pts
5 solves 🩸
Forensics Medium

Windows Event Log Analysis

A Windows .evtx Security event log is provided from a compromised host. Find the attacker's lateral movement: a successful network logon (Event ID 4624, Logon Type 3) from an unusual IP, followed by a scheduled task creation (Event ID 4698). The task name IS the flag.

300 pts
Forensics Medium

Wire Shark (PCAP)

HTTP network capture with the flag hidden in a custom HTTP response header (X-Secret-Token).

300 pts
5 solves 🩸
Forensics Hard

Memory Forensics

Binary memory dump. Find the XOR-encoded flag (key=0x42) and also a base64-encoded copy buried deeper.

400 pts
4 solves 🩸
Forensics Hard

Steganography — DCT Coefficient LSB

A JPEG image hides a message in the LSB of the DCT (Discrete Cosine Transform) coefficients — not pixel LSBs. Standard stego tools won't find it. Write a script using scipy/numpy to extract DCT coefficients, collect their LSBs in zigzag order, and decode the hidden ASCII flag.

400 pts
Forensics Hard

Volatility Memory — Injected DLL

A Windows 10 memory dump is provided. A malicious DLL was injected into explorer.exe using classic reflective DLL injection. Use Volatility3 to find the injected region (VAD with PAGE_EXECUTE_READWRITE, no mapped file), dump it, and find the flag string in the dump.

400 pts
Forensics Insane

Disk Recovery (FAT)

FAT12 disk image with a deleted file. Recover the file by finding entries with 0xE5 first byte and reading their data cluster.

500 pts
4 solves 🩸