1 of 6

Forensics

Amnesia

Download file, run volatility for profile, install chromehistory plugin, run it on file and flag.

Flag: flag{forensic_cookie_huntet}

Mercury

good ol' strings + grep

Flag: flag{version_control_for_the_solar_system}

Mobility

Used apkstudio, had a look in MainActivity.smali, saw an array which seemed to have chars in the ascii range, so decoded those and got the flag.

Flag: flag{classic_apk_decompile_shenanigans}

Patchwork Quilt

We're provided with a download of the VScode source code, slightly modified. The name hinted at a patch happening, so I ran git diff and found a 'backdoor' leading to congonator.me/?id=ZmxhZ3tkb250X3RydXN0X2RvZGd5X2Rvd25sb2Fkc30%3D&key= when a key was pressed. I just decoded the id paramater, which revealed the flag.

flag{dont_trust_dodgy_downloads}

Spy Cam

Open the pcap in wireshark, some TCP packets have a long length. Once converting the hexdump of these to an image, you'll eventually get the flag of:

Forensics

Amnesia

Flag: flag{forensic_cookie_huntet}

Mercury

Flag: flag{version_control_for_the_solar_system}

Mobility

Flag: flag{classic_apk_decompile_shenanigans}

Patchwork Quilt

flag{dont_trust_dodgy_downloads}

Spy Cam

Flag: flag{i_spy_with_my_little_eye}

Spy Cam

Flag: flag{i_spy_with_my_little_eye}

Mercury

Flag: flag{version_control_for_the_solar_system}

Amnesia

Flag: flag{forensic_cookie_huntet}

Mobility

Flag: flag{classic_apk_decompile_shenanigans}

Patchwork Quilt

flag{dont_trust_dodgy_downloads}

Forensics

Forensics

Amnesia

hashtagFlag: flag{forensic_cookie_huntet}

Mercury

hashtagFlag: flag{version_control_for_the_solar_system}

Mobility

hashtagFlag: flag{classic_apk_decompile_shenanigans}

Patchwork Quilt

hashtagflag{dont_trust_dodgy_downloads}

Spy Cam

hashtagFlag: flag{i_spy_with_my_little_eye}

Spy Cam

hashtagFlag: flag{i_spy_with_my_little_eye}

Mercury

hashtagFlag: flag{version_control_for_the_solar_system}

Amnesia

hashtagFlag: flag{forensic_cookie_huntet}

Mobility

hashtagFlag: flag{classic_apk_decompile_shenanigans}

Patchwork Quilt

hashtagflag{dont_trust_dodgy_downloads}

Forensics

Flag: flag{forensic_cookie_huntet}

Flag: flag{version_control_for_the_solar_system}

Flag: flag{classic_apk_decompile_shenanigans}

flag{dont_trust_dodgy_downloads}

Flag: flag{i_spy_with_my_little_eye}

Flag: flag{i_spy_with_my_little_eye}

Flag: flag{version_control_for_the_solar_system}

Flag: flag{forensic_cookie_huntet}

Flag: flag{classic_apk_decompile_shenanigans}

flag{dont_trust_dodgy_downloads}