CTF writeups, OSINT notes, crypto solves, and systems engineering deep dives.https://blog.02labs.me/enAstrohttps://blog.02labs.me/posts/monkeintel/https://blog.02labs.me/posts/monkeintel/If LSB, why not LSB shaped?Sat, 09 May 2026 00:00:00 GMTWe are given an image monkethinkin.png, which contains the famous Thinking Monkey meme.btsctfstegolsbwriteuphttps://blog.02labs.me/posts/permission-denied-2/https://blog.02labs.me/posts/permission-denied-2/At this point I don't know what to put here part 2Fri, 01 May 2026 00:00:00 GMTIn today's Daily AlpacaHack challenge, we have the same goal as yesterday: read flag.txt from a Debian Trixie shell. The flag file is created by root in the alpaca user's home directory (/ho...alpacahackmiscunix permissionshttps://blog.02labs.me/posts/permission-denied/https://blog.02labs.me/posts/permission-denied/At this point I don't know what to put here.Thu, 30 Apr 2026 00:00:00 GMTIn this Daily AlpacaHack challenge, we are given a simple goal: read flag.txt from a Debian Trixie shell. The flag file is created by root in /app, the container's WORKDIR, and then set to m...alpacahackmiscunix permissionshttps://blog.02labs.me/posts/2blue2hen/https://blog.02labs.me/posts/2blue2hen/Locating a player in a Minecraft world using bottom bedrock patterns.Sat, 25 Apr 2026 00:00:00 GMTIn 2Blue2Hen, we are given a Minecraft 1.12 screenshot with a visible $10\times10$ bedrock floor pattern, and we are asked to find the coordinates where the player who took the screenshot is...blue-hens-ctfmiscminecraftbruteforcehttps://blog.02labs.me/posts/camelid-match/https://blog.02labs.me/posts/camelid-match/How a 1 changes a complete mess into a pattern that can be checkedFri, 24 Apr 2026 00:00:00 GMTThis Daily AlpacaHack challenge gives us a 5-card binary string and asks whether Alice and Bob both like a certain animal. From this point on, we will refer to ♡ as 1 and ♧ as 0: two bits re...alpacahackcryptomultiparty-computationhttps://blog.02labs.me/posts/is-nan/https://blog.02labs.me/posts/is-nan/Not all NaNs are created equalWed, 22 Apr 2026 00:00:00 GMTThe challenge presents us with some files, the most important of which is chal.c. It mostly performs basic rule validation and parsing, and if the checks are successful, it prints the flag.alpacahackmiscfloating-pointieee-754https://blog.02labs.me/posts/a-logical-deduction/https://blog.02labs.me/posts/a-logical-deduction/Propositional logic reversing???Wed, 22 Apr 2026 00:00:00 GMTIn this Blue Hens CTF 2026 challenge, we are given an image that seems heavily modified/obfuscated for artificial vision. The image contains a propositional logic formula represented as a ci...bluehensreversingpropositional-logicboolean-satisfiabilityhttps://blog.02labs.me/posts/wither/https://blog.02labs.me/posts/wither/Statistical recovery and law of large numbers, isn't that a bit overkill?Tue, 14 Apr 2026 00:00:00 GMTThis time in Daily AlpacaHack, we are given a "cipher" in which each bit of the plaintext is ANDed with a cryptographically secure pseudorandomly generated key os.urandom() by using the secr...alpacahackcryptobitwise-andhttps://blog.02labs.me/posts/aes-is-dead/https://blog.02labs.me/posts/aes-is-dead/AES probably not, ECB definitely.Fri, 10 Apr 2026 00:00:00 GMTThis challenge presents us with quite a different scenario than most cryptography challenges. We are given a Python script that encrypts data using the Python Crypto library's AES implementa...alpacahackcryptoaesecbcipher-modehttps://blog.02labs.me/posts/no-content/https://blog.02labs.me/posts/no-content/HTTP is just a social constructTue, 07 Apr 2026 00:00:00 GMTI almost never write web writeups, mostly because I do not really enjoy web challenges. Still, this one was simple and funny enough that I thought it would be a good excuse to write a bit ab...alpacahackwebhttptcpwiresharkhttps://blog.02labs.me/posts/the-horn/https://blog.02labs.me/posts/the-horn/The failures in previous challenges become the solution for this one.Mon, 06 Apr 2026 00:00:00 GMTThis time we are presented with a "familiar" setting, just as in Carry the Flame we are given an "SPN"-style block cipher, but this time with some twists. First of all we are working with a...alpacahackcryptospnblock-ciphershttps://blog.02labs.me/posts/zipped/https://blog.02labs.me/posts/zipped/Why the hell are ZIP challenges always so hard?Sat, 04 Apr 2026 00:00:00 GMTFor this challenge, we are given a ZIP file, zipped.zip, that contains two encrypted files: a PNG image (BeautifulDetailedSunset.png) that occupies most of the archive's size (2.3 MB), and a...ritseccryptoforensicsknown-plaintext-attackhttps://blog.02labs.me/posts/phantom-2/https://blog.02labs.me/posts/phantom-2/Could private forks on GitHub be not as private as we think?Fri, 27 Mar 2026 00:00:00 GMTIn Phantom2 (the second part of a 2-part challenge during TAMUctf 2026), we are given once again a link to an almost "empty" GitHub repository with a single commit and a single README.md fil...tamuctfgitgithubforensicshttps://blog.02labs.me/posts/bloom/https://blog.02labs.me/posts/bloom/How does a single number convert a perfect secrecy encryption scheme into a completely insecure one?Tue, 24 Mar 2026 00:00:00 GMTDaily AlpacaHack - Bloom presents us with a One-Time Pad encryption scheme where every byte of the plaintext is XORed with a cryptographically secure random byte (generated from os.urandom u...alpacahackcryptoxorone-time-padhttps://blog.02labs.me/posts/carry-the-flame/https://blog.02labs.me/posts/carry-the-flame/Goal: recover the 40-bit per-session key for the remote 1024-round SPN, submit it on the same connection, and obtain the flag.Sun, 08 Mar 2026 00:00:00 GMTThis challenge presents us with a 1024-round SPN (Rijndael S-box, fixed 40-bit permutation) with a 40-bit key. The key is sampled separately for each connection, so the final guess must be s...dicectfcryptogpuhttps://blog.02labs.me/posts/eyes-on-the-sky-1-and-2/https://blog.02labs.me/posts/eyes-on-the-sky-1-and-2/Goal: Determine the aircraft’s marketed flight number (operating airline) and the baggage carousel number.Sun, 22 Feb 2026 00:00:00 GMTIn this OSINT challenge for Batman’s kitchen CTF, we were given a single photo (sky.jpg) containing a mountain and a small aircraft silhouette above it. And 2 tasks were given with this:bkctfosintaviation