The objective of this challenge is to investigate a phishing email and trace its payload chain through clipboard injection, remote code execution, and multiple layers of obfuscation. Identify and extract the attacker’s final payload and recover the embedded flag through reverse engineering or memory forensics.
The objective of this challenge is to analyze a memory dump to identify post-exploitation artifacts, uncover suspicious process behavior, decrypt and execute in-memory payloads, and extract the attacker’s intended shellcode or flag.
This page contains my review on the certifications I took this year, including CMPen (iOS & Android), Pentest+, CRTA, PT1 and CPTS.
The goal of the challenge is to perform an adversarial attack against two provided YOLO (You Only Look Once) models. Craft an image such that the two models produce **significantly different predictions**, demonstrating an understanding of adversarial machine learning techniques.
A basic sanity check challenge meant to ensure players can access and retrieve files from a shared forensic resource. Serves as a warm-up to verify setup and tool readiness.
Investigate a compromised WordPress server, identify the attack vector, and determine which file was uploaded by the attacker using forensic analysis of the web server structure and logs.
Investigate a suspected privilege escalation attack on a compromised Linux system. Identify traces of exploitation, determine the method used (e.g., kernel-level exploits), and locate the attacker’s payload or tool to recover the flag.
Analyze a suspected command-and-control (C2) component discovered in a previously compromised system. Reverse engineer the binary to identify communication mechanisms, retrieve the bot token, and understand or replicate the exfiltration process.
Identify evidence of attacker persistence by analyzing remnants left on a compromised system, including outbound communication artifacts such as Pastebin links. Use digital forensic techniques to trace how the attacker maintained access or control.
The goal of this challenge is to reverse engineer an obfuscated **Khronos SPIR-V binary**, reconstruct the logic used to generate an output image, and recover the original flag hidden within its data transformations.