All my certificates in 2025 ๐ค
ุนุงู ุฌุฏูุฏ ุณุนูุฏ ููู ู ุจ ุงุฐู ุงููู ู ู ุชุทูุฑ ูู ุชุทูุฑ ููุง ุฌู ูุนุง ๐ค
ุนุงู ุฌุฏูุฏ ุณุนูุฏ ููู ู ุจ ุงุฐู ุงููู ู ู ุชุทูุฑ ูู ุชุทูุฑ ููุง ุฌู ูุนุง ๐ค
โค4
ุจุนุฏ ู
ุง ุฑุงุฌุนุช ู ุงุชุงูุฏ ุงุชุนูู
ุช ุญุงุฌู ุฌุฏูุฏู ุงูู ู
ุด ุงุณุชุนุฌู ุนูู ุงูุญุงุฌู
ุตุญูุญ ุดูููุง ูุจุงู ุงููุง ูุนูุง xss ุจุณ ุงูุญูููู ูุง ู ูุฑุจุท ู ูููู ุฏู ุจูู ุดุฆ
ุทูู ุง ู ููุด impact ู ููุด Vulnerability
ุงูุนูุจ ู ุด ูู ุบูุท ุงูุนูุจ ุงูู ุงุตุญุญ ุงูุบูุท ู ุงูู ุฑู ุงูุฌุงูู ูุชุงูุฏ ู ูุช ู ุฑู ู ุดูุฑุง ููู ูุงุญุฏ ูุงูู ููู ู ูููุณู ู ุดูุฑุง ุจุฑุฏู ุงูู ููู ููู ู ูุญุดู
ู ูุงุชููู ุงูุง ุงุชุนูู ุช ู ุงุณุชูุฏุช
ู ุงูุช ุงููุฏ ููู ุจุชูุฑุงุก ุงุณุชูุฏุช ู ู ุงูู ููู ุฏุง ู ุงุดูููู ุนูู ุฎูุฑ ๐คโ๐ป
ุตุญูุญ ุดูููุง ูุจุงู ุงููุง ูุนูุง xss ุจุณ ุงูุญูููู ูุง ู ูุฑุจุท ู ูููู ุฏู ุจูู ุดุฆ
ุทูู ุง ู ููุด impact ู ููุด Vulnerability
ุงูุนูุจ ู ุด ูู ุบูุท ุงูุนูุจ ุงูู ุงุตุญุญ ุงูุบูุท ู ุงูู ุฑู ุงูุฌุงูู ูุชุงูุฏ ู ูุช ู ุฑู ู ุดูุฑุง ููู ูุงุญุฏ ูุงูู ููู ู ูููุณู ู ุดูุฑุง ุจุฑุฏู ุงูู ููู ููู ู ูุญุดู
ู ูุงุชููู ุงูุง ุงุชุนูู ุช ู ุงุณุชูุฏุช
ู ุงูุช ุงููุฏ ููู ุจุชูุฑุงุก ุงุณุชูุฏุช ู ู ุงูู ููู ุฏุง ู ุงุดูููู ุนูู ุฎูุฑ ๐คโ๐ป
โค3
๐ฉ New CTF Writeup โ Breizh CTF
Iโve just published a technical writeup for the Authentification challenge from Breizh CTF, focusing on a flawed implementation of AES-GCM at the counter management level.
This is not just about โnonce reuse is badโ.
The writeup walks through how :
Misusing the Jโ counter
Breaks both confidentiality and integrity
Allows recovery of the GHASH key (H)
And enables full forgery of a valid admin token
The goal was to explain why this class of bugs is terminal in AEAD schemes, not just how to exploit it.
๐ Full writeup on Medium :
https://spider1sec.medium.com/breizh-ctf-authentification-9707750140bc
#BreizhCTF #CTF #Cryptography #AESGCM #CyberSecurity #InfoSec #Writeup #Medium
Iโve just published a technical writeup for the Authentification challenge from Breizh CTF, focusing on a flawed implementation of AES-GCM at the counter management level.
This is not just about โnonce reuse is badโ.
The writeup walks through how :
Misusing the Jโ counter
Breaks both confidentiality and integrity
Allows recovery of the GHASH key (H)
And enables full forgery of a valid admin token
The goal was to explain why this class of bugs is terminal in AEAD schemes, not just how to exploit it.
๐ Full writeup on Medium :
https://spider1sec.medium.com/breizh-ctf-authentification-9707750140bc
#BreizhCTF #CTF #Cryptography #AESGCM #CyberSecurity #InfoSec #Writeup #Medium
โค1
Quo vadis? โ ECSC 2024 (Italy)
I recently solved โQuo vadis?โ, a cryptography challenge from ECSC 2024 (Italy), published on CryptoHack.
The challenge was solved by only 8 participants, and I also wrote a full technical write-up explaining the solution in depth.
What made this challenge special wasnโt implementation difficulty, but the core idea :
Working with Galois Rings rather than common finite fields
Exploiting isomorphisms between different ring constructions
Reducing the problem to linear algebra over โค / 2แตโค
Using Newton lifting to move solutions across ring levels
This was a reminder that advanced crypto CTFs are often less about tools, and more about mathematical understanding and clean reasoning.
I shared a detailed write-up covering:
The mathematical insight behind the challenge
The full solving strategy
Implementation details in Sage
๐ Write-up :
https://spider1sec.medium.com/quo-vadis-ecsc-2024-italy-cryptohack-70cd091be2b8
#Cryptography #AppliedCryptography #Mathematics
I recently solved โQuo vadis?โ, a cryptography challenge from ECSC 2024 (Italy), published on CryptoHack.
The challenge was solved by only 8 participants, and I also wrote a full technical write-up explaining the solution in depth.
What made this challenge special wasnโt implementation difficulty, but the core idea :
Working with Galois Rings rather than common finite fields
Exploiting isomorphisms between different ring constructions
Reducing the problem to linear algebra over โค / 2แตโค
Using Newton lifting to move solutions across ring levels
This was a reminder that advanced crypto CTFs are often less about tools, and more about mathematical understanding and clean reasoning.
I shared a detailed write-up covering:
The mathematical insight behind the challenge
The full solving strategy
Implementation details in Sage
๐ Write-up :
https://spider1sec.medium.com/quo-vadis-ecsc-2024-italy-cryptohack-70cd091be2b8
#Cryptography #AppliedCryptography #Mathematics
โค5