đź”´ RED PicoCTF Walkthroughđź”´
Furkan Sayyed
đźš© Challenge Overview
Challenge Name: RED
Category: Forensics (Steganography)
Difficulty: Easy (~100 points)
File Provided:
red.png(a red square image)
At first glance, it’s just a plain red PNG—but that’s usually a hint to look deeper.
đź’ˇ Step 1: Observe & Hypothesize
The image appears uniform—no hidden text or visual cues. In forensics CTFs, this typically signals steganography or hidden metadata.
A clever hint mentioned in some write‑ups: “check whatever Facebook is called now”—Meta → pointing to metadata or hidden layers.
🔍 Step 2: Inspect Metadata (Optional)
You can inspect metadata with exiftool red.png. Though nothing crucial may pop up, it’s good habit. Let’s jump to the heavy‑hitting tool.
đź› Step 3: Run zsteg
This tool digs out hidden data in images:
zsteg -a red.png
Look for lines like and copy the encoded string:
🧩 Step 4: Decode the Hidden Message
Grab that Base64 string and decode using online tool like : Cyberchef and you get the flag
âś… Summary & Tips
| Task | Tool & Technique |
| Hidden in image | zsteg -a red.png (check LSBs) |
| Base64 extraction | Found in hidden text |
| Flag format | Always picoCTF{...} style |
The blank red image is a visual clue—often used to hide info in static color channels.
Hints like “Meta” or “LSB” are there for a reason.
Good to know:
zstegtargets PNG/BMP LSB hides, while exiftool helps with metadata.
Subscribe to my newsletter
Read articles from Furkan Sayyed directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by