: Players had to reverse the arc-httpd binary to find hidden endpoints or hardcoded credentials used for "spying" on the server's traffic.

CTF Writeup: Trellix HAX 2023 - "Spying Through the Webdoor"

This multi-part challenge (worth 200–500 points) is a common candidate for a "hAX 2023" archive.

Based on the official Trellix HAX 2023 repository , here are the primary challenges that typically start with ZIP file downloads: 1. Free Yo' Radicals (Parts I, II, & III)

: You must analyze how the server_binary processes input. Successful exploiters noted that the server expects specific packet headers and data formats before it returns the "Bye bye!" message or the flag.

: Further details can be found at this Spying Through the Webdoor Writeup . 3. Additional Challenges