11-32-03~2.png: 2022-06-03

The first step in any forensics challenge is to verify the file type and examine basic metadata.

: Locate the IHDR section (usually starts at offset 0x0C ). The four bytes following IHDR are the width, and the four after that are the height. 2022-06-03 11-32-03~2.png

If repairing the header doesn't reveal the flag, the next step is checking for hidden data: The first step in any forensics challenge is

After repairing the height or running StegSolve on the "Gray Bits" or "Red 0" planes, a text string (the flag) typically appears at the bottom of the image or in a separate output window. It usually follows the format CTF{...} or FLAG{...} . If repairing the header doesn't reveal the flag,

The most common solution for this specific file involves . Many CTF creators intentionally modify the height or width values in the PNG header so the image doesn't render correctly or hides the flag at the bottom. Tool : Hex Editor (like HxD or hexedit ).

: Use StegSolve to cycle through the color planes. Often, the flag is hidden in the Least Significant Bits (LSB) of the Red, Green, or Blue channels.