Posts

Complete walkthrough of Rust Tickler 3, a multi-stage Rust reverse engineering challenge from Huntress CTF 2025. Covers dynamic analysis, memory extraction, custom PRNG XOR cipher, and AES-256-CBC decryption techniques.

Complete writeup for “No Limits” PWN challenge from Huntress CTF 2025. Exploit a parent-child process architecture to bypass seccomp restrictions using /proc/pid/mem and GOT hijacking techniques.

A reverse engineering challenge involving XOR decoding and memory comparison to retrieve the flag from a remote industrial gateway.

This writeup details the solution to the “You Shall Not Passss” reverse engineering challenge from SwampCTF, involving dynamic analysis with Ghidra and gdb to decrypt the flag, and analysis of shellcode execution.

Try Hack Me Hackfinity Battle CTF Writeups

Exploit writeup for the Sqlate challenge from IrisCTF 2025 by lambda, involving a buffer overflow in a custom encoding mechanism to escalate privileges and retrieve the flag.

My notes on five challenges from Huntress CTF 2024: Whamazon, Keyboard Junkie, MOVEable, Strange Calc and OceanLocust. The challenges were solved as part of the Dombusters team.

Ignite it to steal the cookie!

A Ghidra script that automates the tedious process of identifying and decrypting obfuscated strings in Mirai malware samples. Built to work across multiple processor architectures.

Why Use This?

Mirai malware variants obfuscate their strings using various encryption methods to evade static analysis. Manually identifying and decrypting these strings is time-consuming and error-prone. This script automates the entire process, allowing you to focus on analyzing the malware’s behavior rather than fighting with encryption routines.