Notes from the trenches — challenges solved, flags captured, and lessons learned.
A two-part OSINT-style hardware identification task resolving a roadside electrical suspension insulator to its ST classification and model numbers.
Reconstructing a Claude AI-generated steganography tool from an API event stream to extract a hidden flag.
Solving a one-line Python challenge involving Mersenne numbers and cyclic bit rotations.
Determining a laptop's original factory-shipped RAM capacity, RAM speed, SSD capacity, and SSD model part number using its Dell Service Tag.
Classic IDOR vulnerability via MD5-hashed URL parameters. The corridor presents 13 numbered doors — all MD5 hashes of integers 1–13. The hidden room? md5(0).
Decoded a steganographic message hidden inside a progressively mangled leetspeak copypasta by extracting anomalous suffix tokens.
Java reverse engineering challenge hiding a flag inside DNS TXT records. Decoded the steg scheme and extracted the flag from Java bytecode.
Investigated Docker layer history in an OCI image archive to recover a database password deleted in a later build layer.
Analyzed DNS traffic in a PCAP file to decode hexadecimal strings embedded in subdomains.
Historical newspaper research, postal barcode decoding, and tracing a 1925 maritime rescue event in Finistère. Deep-dive OSINT with archival sources.
Exploited an AI prompt injection vulnerability in a RAG-backed chatbot to leak constraints and bypass operational guardrails to retrieve a hidden flag.
Reversed a custom cipher validation algorithm from a stripped RISC-V ELF binary to recover a lost activation code.
Analyzed server logs to identify an unhandled exception leaking sensitive information and the flag in a local variables dump.
Decrypt a live encrypted radio broadcast from bunker XR-9 by exploiting a broken stream cipher nonce.
Reversed a rank-metric Loidreau cryptosystem over GF(2^43) by implementing a Gabidulin code Berlekamp-Welch decoder to decrypt the flag.