Breizhctf-2026 - Category - Zarkyo's bloghttps://zarkyo.fr/categories/breizhctf-2026/Breizhctf-2026 - Category - Zarkyo's blogHugo -- gohugo.ioenCC BY-NC 4.0Sat, 23 May 2026 22:00:00 +0200BreizhCTF 2026 - Ghost Operatorhttps://zarkyo.fr/ghost-operator/Sat, 23 May 2026 22:00:00 +0200xxxxhttps://zarkyo.fr/ghost-operator/

Ghost Operator

  • Difficulty: Medium
  • Category: Forensic
  • Author: Lamarr

Description

Breizh Aero Survey operates a fleet of 5 mapping drones (ALPHA, BRAVO, CHARLIE, DELTA, ECHO) along the Breton coast. The aircraft communicate with the ground station via a standard aeronautical telemetry protocol.

This morning, during a routine flight, one of the drones stopped responding to commands and left its trajectory heading toward an isolated area. The network team had an active tcpdump on the drone/ground link during the incident.

]]>BreizhCTF 2026 - Keys, Keys, Keyshttps://zarkyo.fr/keys-keys-keys/Sat, 23 May 2026 22:00:00 +0200xxxxhttps://zarkyo.fr/keys-keys-keys/

Keys, Keys, Keys

  • Difficulty: Easy
  • Category: Forensic
  • Author: Zlippy

Description

A white living room console from the mid-2000s, famous for its motion-controller, was briefly “borrowed” from its owner. A partial dump of its external storage is provided.

Your mission: identify the name of the game being played, and recover a second flag fragment hidden in the artifacts.

Flag format: BZHCTF{GameName_artifact}

Files:

  • image.dd

Solve

Step 1 — Identify the image

file image.dd
# image.dd: DOS/MBR boot sector, code offset 0x58+2, OEM-ID "mkfs.fat", FAT (32 bit)

A FAT32 partition image. Mount it to explore its contents:

]]>BreizhCTF 2026 - Phantom Processhttps://zarkyo.fr/phantom-process/Sat, 23 May 2026 22:00:00 +0200xxxxhttps://zarkyo.fr/phantom-process/

Phantom Process

  • Difficulty: Medium
  • Category: Forensic
  • Author: Lamarr

Description

The operations server of Breizh Aero Survey (ops-srv01) has been showing suspicious outbound HTTPS connections to an unknown IP for a few days. The IT team captured a memory dump with LiME before isolating the machine.

Your mission:

  • Identify the initial infection vector
  • Find the implant running on the server
  • Extract the flag from the exfiltrated data

Files:

  • debian-6.1.0-44.json — Volatility 3 ISF profile for the Debian 6.1.0-44 kernel
  • evidence.lime — memory dump in LiME format

Solve

Setup — Volatility 3

The .json file is an ISF (Intermediate Symbol File), the profile format used by Volatility 3.

]]>BreizhCTF 2026 - Seems Emptyhttps://zarkyo.fr/seems-empty/Sat, 23 May 2026 22:00:00 +0200xxxxhttps://zarkyo.fr/seems-empty/

Seems Empty

  • Difficulty: Very Easy
  • Category: Reverse
  • Author: AntwortEinesLebens

Description

During an audit, a strange binary was only displaying a bland message. No network activity, no suspicious writes — nothing but perfectly harmless output. Dismissed among unremarkable artifacts, it was nonetheless tampered with by a malware group.

Even what seems empty can hide a secret.

Files:

  • seems-empty.pyc — Python bytecode compiled for CPython 3.12

Solve

Step 1 — Reconnaissance

file seems-empty.pyc
# seems-empty.pyc: Byte-compiled Python module for CPython 3.12 or newer,
# timestamp-based, .py timestamp: Sun Apr  5 12:20:40 2026 UTC, .py size: 1132 bytes

A .pyc is a compiled Python file (bytecode). The source text is not directly readable. First reflex: run strings to look for readable hints.

]]>BreizhCTF 2026 - Totally Securehttps://zarkyo.fr/totally-secure/Sat, 23 May 2026 22:00:00 +0200xxxxhttps://zarkyo.fr/totally-secure/

Totally Secure

  • Difficulty: Easy
  • Category: Forensic
  • Author: Zlippy

Description

A friend set up his own “secure” server using copy-paste and ChatGPT prompts. He’s very proud and keeps saying everything is “encrypted” and nobody can see anything on the network.

He shared a network capture and some files recovered from his machine, convinced you won’t understand a thing. Your mission: prove him wrong and recover what was traveling through his supposedly unbreakable communications.

]]>