As part of a university CTF with Securinets INSAT, I was tasked with creating challenges that would test players’ knowledge, encourage competition in a thrilling atmosphere, and introduce them to new concepts.

For this challenge, I wanted to move beyond traditional CTF tropes and simulate a modern Advanced Persistent Threat (APT) scenario. I designed this task to introduce players to the world of stealthy in-memory execution and non-standard communication channels.

The challenge features a custom-built malware sample that masquerades as a benign system utility. Instead of using obvious outbound connections, it weaponizes Steganography to hide Command & Control (C2) instructions inside ordinary desktop wallpapers and employs Reflective DLL Loading to operate entirely in memory. To solve it, players must bridge the gap between network traffic analysis and deep binary reverse engineering—reconstructing a fragmented puzzle that traditional security tools would completely miss.

Feel free to checkout the source code here: https://github.com/youssefnoob003/research-samples/tree/main/samples/wallpaper-c2