All my certificates in 2025 🤍

عام جديد سعيد لكم و ب اذن الله من تطور لي تطور لنا جميعا 🤍

بعد ما راجعت و اتاكد اتعلمت حاجه جديده اني مش استعجل علي الحاجه

صحيح شكلها يبان انها فعلا xss بس الحقيقه لا و هربط مقوله دي بكل شئ

طلما مفيش impact مفيش Vulnerability


العيب مش فل غلط العيب اني اصحح الغلط و المره الجايه هتاكد ميت مره و شكرا لكل واحد قالي كلمه كويسه و شكرا بردو الي قلي كلمه وحشه

ف لاتنين انا اتعلمت و استفدت

و انت اكيد يلي بتقراء استفدت من الموقف دا و اشوفكم على خير 🤍✌🏻

🚩 New CTF Writeup – Breizh CTF


I’ve just published a technical writeup for the Authentification challenge from Breizh CTF, focusing on a flawed implementation of AES-GCM at the counter management level.


This is not just about “nonce reuse is bad”.


The writeup walks through how :


Misusing the J₀ counter


Breaks both confidentiality and integrity
Allows recovery of the GHASH key (H)


And enables full forgery of a valid admin token


The goal was to explain why this class of bugs is terminal in AEAD schemes, not just how to exploit it.


🔗 Full writeup on Medium :


https://spider1sec.medium.com/breizh-ctf-authentification-9707750140bc


#BreizhCTF #CTF #Cryptography #AESGCM #CyberSecurity #InfoSec #Writeup #Medium

Quo vadis? — ECSC 2024 (Italy)

I recently solved “Quo vadis?”, a cryptography challenge from ECSC 2024 (Italy), published on CryptoHack.
The challenge was solved by only 8 participants, and I also wrote a full technical write-up explaining the solution in depth.

What made this challenge special wasn’t implementation difficulty, but the core idea :

Working with Galois Rings rather than common finite fields
Exploiting isomorphisms between different ring constructions
Reducing the problem to linear algebra over ℤ / 2ᵏℤ
Using Newton lifting to move solutions across ring levels

This was a reminder that advanced crypto CTFs are often less about tools, and more about mathematical understanding and clean reasoning.

I shared a detailed write-up covering:

The mathematical insight behind the challenge

The full solving strategy

Implementation details in Sage


🔗 Write-up :

https://spider1sec.medium.com/quo-vadis-ecsc-2024-italy-cryptohack-70cd091be2b8

#Cryptography #AppliedCryptography #Mathematics

انا و اول هكر عرفتو ف حياتي

البث يوم الجمعه الجايه 🤍

The broadcast will be at the end of the week 🤍

Solved Wonky AES cryptography challenge on Hack The Box 🔐

The challenge involved an AES implementation with an intentional fault injection during encryption.

By analyzing the source code and

applying Differential Fault Analysis (DFA)

I was able to :

Recover the AES round-10 key

Reverse the AES key schedule

Decrypt the encrypted flag successfully
This challenge was a great reminder that cryptography breaks often come from implementation flaws, not the algorithm itself.

Full write-up 👇

https://spider1sec.medium.com/hackthebox-wonky-aes-1c94e0f94666

#CTF #Cryptography #HackTheBox #CyberSecurity #AES

عشان الناس مش عارفه ان انا و تيم بتاعي بقالنا اسبوعين متصدرين القايمه عالميه

و الحمدلله طبعا بفضل لله ثما مجهودنا قدرنا نجيب مركز كويس

لعلم كنا متصدرين مركز 21

البث الساعه 6 المغرب بتوقيت مصر 🤍

اللهم صلّ وسلم على نبينا محمد


من قرأ سورةَ ( الكهفِ ) في يومِ الجمعةِ أضاء له من النورِ ما بين الجمُعَتَين



خلاصة حكم المحدث : صحيح
الراوي : أبو سعيد الخدري | المحدث : الألباني | المصدر : صحيح الترغيب | الصفحة أو الرقم : 736
| التخريج : أخرجه البيهقي (6209) واللفظ له، وأخرجه الحاكم (3392) باختلاف يسير

البث بداء

الحمدالله 🤍

انا و تيم MindCrafters مركز 28 في 0xL4ugh CTF v5 و من نجاح لي نجاح ان شاء الله




Alhamdulillah 🤍

Proud to share that my team MindCrafters achieved 28th place in 0xL4ugh CTF v5.

Grateful for the teamwork, late nights, and collective mindset that turned challenges into learning wins.
Onward to sharper skills, tougher battles, and higher ranks 🚀🔐