HackTheBox

A ransomware decryption challenge where the encryption scheme looks custom at first but turns out to be a misused AES implementation.

A disk image challenge involving a Windows host used to exfiltrate data. The interesting part was figuring out which file was the payload and which was a decoy.

A pcap analysis challenge where credentials get stolen over an unencrypted protocol.

Three days. A heavily obfuscated PowerShell dropper, a second-stage payload living entirely in memory, and a flag hidden in a registry key that should not exist.