We are given a Python Flask webapp that allows us to store and retrieve a Python object. The app stores our secret with pickle in a cookie named location. To protect the cookie from malicious user modifications, a simple MAC scheme is impl…

We are given a PNG file, let's check it for any steg data with zsteg: $ zsteg aee487a2-49cd-4f1f-ada6-b2d398342d99.SteinsGate /usr/lib/ruby/2.3.0/open3.rb:199: warning: Insecure world writable dir /mnt/c/ProgramData/Oracle/Java in PATH, mo…

We are given a .vmem file, which is a memory file generated by VMware. The problem description indicates that this VM might be infected with a malware, so let's use Volatility to analyze this memory dump. Let's check what OS this memory du…

The given site has a simple form that allows us to upload a file, and after uploading gives us a file name with the extension of the file we uploaded. With some simple recon we can see that the server is running on PHP and IIS (which is kn…