All my certificates in 2025 ๐ค
ุนุงู ุฌุฏูุฏ ุณุนูุฏ ููู ู ุจ ุงุฐู ุงููู ู ู ุชุทูุฑ ูู ุชุทูุฑ ููุง ุฌู ูุนุง ๐ค
ุนุงู ุฌุฏูุฏ ุณุนูุฏ ููู ู ุจ ุงุฐู ุงููู ู ู ุชุทูุฑ ูู ุชุทูุฑ ููุง ุฌู ูุนุง ๐ค
โค4
ุจุนุฏ ู
ุง ุฑุงุฌุนุช ู ุงุชุงูุฏ ุงุชุนูู
ุช ุญุงุฌู ุฌุฏูุฏู ุงูู ู
ุด ุงุณุชุนุฌู ุนูู ุงูุญุงุฌู
ุตุญูุญ ุดูููุง ูุจุงู ุงููุง ูุนูุง xss ุจุณ ุงูุญูููู ูุง ู ูุฑุจุท ู ูููู ุฏู ุจูู ุดุฆ
ุทูู ุง ู ููุด impact ู ููุด Vulnerability
ุงูุนูุจ ู ุด ูู ุบูุท ุงูุนูุจ ุงูู ุงุตุญุญ ุงูุบูุท ู ุงูู ุฑู ุงูุฌุงูู ูุชุงูุฏ ู ูุช ู ุฑู ู ุดูุฑุง ููู ูุงุญุฏ ูุงูู ููู ู ูููุณู ู ุดูุฑุง ุจุฑุฏู ุงูู ููู ููู ู ูุญุดู
ู ูุงุชููู ุงูุง ุงุชุนูู ุช ู ุงุณุชูุฏุช
ู ุงูุช ุงููุฏ ููู ุจุชูุฑุงุก ุงุณุชูุฏุช ู ู ุงูู ููู ุฏุง ู ุงุดูููู ุนูู ุฎูุฑ ๐คโ๐ป
ุตุญูุญ ุดูููุง ูุจุงู ุงููุง ูุนูุง xss ุจุณ ุงูุญูููู ูุง ู ูุฑุจุท ู ูููู ุฏู ุจูู ุดุฆ
ุทูู ุง ู ููุด impact ู ููุด Vulnerability
ุงูุนูุจ ู ุด ูู ุบูุท ุงูุนูุจ ุงูู ุงุตุญุญ ุงูุบูุท ู ุงูู ุฑู ุงูุฌุงูู ูุชุงูุฏ ู ูุช ู ุฑู ู ุดูุฑุง ููู ูุงุญุฏ ูุงูู ููู ู ูููุณู ู ุดูุฑุง ุจุฑุฏู ุงูู ููู ููู ู ูุญุดู
ู ูุงุชููู ุงูุง ุงุชุนูู ุช ู ุงุณุชูุฏุช
ู ุงูุช ุงููุฏ ููู ุจุชูุฑุงุก ุงุณุชูุฏุช ู ู ุงูู ููู ุฏุง ู ุงุดูููู ุนูู ุฎูุฑ ๐คโ๐ป
โค3
๐ฉ New CTF Writeup โ Breizh CTF
Iโve just published a technical writeup for the Authentification challenge from Breizh CTF, focusing on a flawed implementation of AES-GCM at the counter management level.
This is not just about โnonce reuse is badโ.
The writeup walks through how :
Misusing the Jโ counter
Breaks both confidentiality and integrity
Allows recovery of the GHASH key (H)
And enables full forgery of a valid admin token
The goal was to explain why this class of bugs is terminal in AEAD schemes, not just how to exploit it.
๐ Full writeup on Medium :
https://spider1sec.medium.com/breizh-ctf-authentification-9707750140bc
#BreizhCTF #CTF #Cryptography #AESGCM #CyberSecurity #InfoSec #Writeup #Medium
Iโve just published a technical writeup for the Authentification challenge from Breizh CTF, focusing on a flawed implementation of AES-GCM at the counter management level.
This is not just about โnonce reuse is badโ.
The writeup walks through how :
Misusing the Jโ counter
Breaks both confidentiality and integrity
Allows recovery of the GHASH key (H)
And enables full forgery of a valid admin token
The goal was to explain why this class of bugs is terminal in AEAD schemes, not just how to exploit it.
๐ Full writeup on Medium :
https://spider1sec.medium.com/breizh-ctf-authentification-9707750140bc
#BreizhCTF #CTF #Cryptography #AESGCM #CyberSecurity #InfoSec #Writeup #Medium
โค1
Quo vadis? โ ECSC 2024 (Italy)
I recently solved โQuo vadis?โ, a cryptography challenge from ECSC 2024 (Italy), published on CryptoHack.
The challenge was solved by only 8 participants, and I also wrote a full technical write-up explaining the solution in depth.
What made this challenge special wasnโt implementation difficulty, but the core idea :
Working with Galois Rings rather than common finite fields
Exploiting isomorphisms between different ring constructions
Reducing the problem to linear algebra over โค / 2แตโค
Using Newton lifting to move solutions across ring levels
This was a reminder that advanced crypto CTFs are often less about tools, and more about mathematical understanding and clean reasoning.
I shared a detailed write-up covering:
The mathematical insight behind the challenge
The full solving strategy
Implementation details in Sage
๐ Write-up :
https://spider1sec.medium.com/quo-vadis-ecsc-2024-italy-cryptohack-70cd091be2b8
#Cryptography #AppliedCryptography #Mathematics
I recently solved โQuo vadis?โ, a cryptography challenge from ECSC 2024 (Italy), published on CryptoHack.
The challenge was solved by only 8 participants, and I also wrote a full technical write-up explaining the solution in depth.
What made this challenge special wasnโt implementation difficulty, but the core idea :
Working with Galois Rings rather than common finite fields
Exploiting isomorphisms between different ring constructions
Reducing the problem to linear algebra over โค / 2แตโค
Using Newton lifting to move solutions across ring levels
This was a reminder that advanced crypto CTFs are often less about tools, and more about mathematical understanding and clean reasoning.
I shared a detailed write-up covering:
The mathematical insight behind the challenge
The full solving strategy
Implementation details in Sage
๐ Write-up :
https://spider1sec.medium.com/quo-vadis-ecsc-2024-italy-cryptohack-70cd091be2b8
#Cryptography #AppliedCryptography #Mathematics
โค5
This media is not supported in your browser
VIEW IN TELEGRAM
ุงูุง ู ุงูู ููุฑ ุนุฑูุชู ู ุญูุงุชู
โค3
ุงูุจุซ ููู
ุงูุฌู
ุนู ุงูุฌุงูู ๐ค
The broadcast will be at the end of the week ๐ค
The broadcast will be at the end of the week ๐ค
โค1
Solved Wonky AES cryptography challenge on Hack The Box ๐
The challenge involved an AES implementation with an intentional fault injection during encryption.
By analyzing the source code and
applying Differential Fault Analysis (DFA)
I was able to :
Recover the AES round-10 key
Reverse the AES key schedule
Decrypt the encrypted flag successfully
This challenge was a great reminder that cryptography breaks often come from implementation flaws, not the algorithm itself.
Full write-up ๐
https://spider1sec.medium.com/hackthebox-wonky-aes-1c94e0f94666
#CTF #Cryptography #HackTheBox #CyberSecurity #AES
The challenge involved an AES implementation with an intentional fault injection during encryption.
By analyzing the source code and
applying Differential Fault Analysis (DFA)
I was able to :
Recover the AES round-10 key
Reverse the AES key schedule
Decrypt the encrypted flag successfully
This challenge was a great reminder that cryptography breaks often come from implementation flaws, not the algorithm itself.
Full write-up ๐
https://spider1sec.medium.com/hackthebox-wonky-aes-1c94e0f94666
#CTF #Cryptography #HackTheBox #CyberSecurity #AES
โค2