writeups
CTF writeups from The Flat Network Society (by TFNS)
ctf
Ctf solutions from p4 team (by p4-team)
Our great sponsors
The number of mentions indicates the total number of mentions that we've tracked plus the number of user suggested alternatives.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
writeups
Posts with mentions or reviews of writeups.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-06-24.
- Question about ECDSA
-
Reduced Round AES CTR Attacks
See: https://github.com/p4-team/ctf/tree/master/2016-03-12-0ctf/peoples_square and also https://github.com/TFNS/writeups/tree/master/2020-06-05-DefenitCTF/spn (this one is not AES but some toy SPN, but the idea is exactly the same and maybe easier to understand)
-
Supersingular Isogeny Key Exchange in Python
Not exactly purely in Python because with sage and also the goal was breaking SIDH, but: https://github.com/TFNS/writeups/tree/master/2020-04-17-PlaidCTF/sidhe
-
What are some real-world security issues in cryptography?
I'm not even mentioning big stuff like https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/ which interestingly enough is actually a vulnerability very similar to what exists in Java since the dawn of time -> https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/security/provider/DSA.java#L358 (see: https://github.com/TFNS/writeups/tree/master/2020-10-03-TastelessCTF/petition )
-
Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries
The same issue exists in Java JDK for quite a while (see: https://github.com/TFNS/writeups/tree/master/2020-10-03-TastelessCTF/petition ) ;) I suspect there are many more libraries with similar problem.
Seems like the same problem as exists in Java JDK in DSA -> https://github.com/TFNS/writeups/tree/master/2020-10-03-TastelessCTF/petition
-
How did this person manage to extract all the RSA prime numbers in this writeup?
Check my writeup https://github.com/TFNS/writeups/tree/master/2021-10-23-ASIS-quals/madras if you need to understand where this come from.
-
Using compromised algorithms.
See an example: https://github.com/TFNS/writeups/tree/master/2021-03-13-UTCTF/sleeves
ctf
Posts with mentions or reviews of ctf.
We have used some of these posts to build our list of alternatives
and similar projects. The last one was on 2022-06-24.
-
Audio Steganography
Audio can contain dial tones, or it can contain binary/morse code on some particular frequency, or it's not really "audio" but radio-transmission which needs to be decoded, or the audio can contain sounds of keyboard typing or even 3d printer head moving (like https://github.com/p4-team/ctf/tree/master/2020-05-10-spam-and-flags-teaser/3d_printer ), or maybe audio has multiple sources interleaved and you need to separate them and one has the flag, or maybe the audio file itself has specific format and some information can be passed there. There are infinite possibilities and it's impossible to say anything without analysing the file.
-
Failing to understand a flag
It's hard to say anything without actually seeing the page. Was there something inside the CSS files? You can do some crazy stuff there :) You can also do some fancy stuff like bypassing CSRF with CSS injection like in: https://github.com/p4-team/ctf/tree/master/2018-01-20-insomnihack/web_css
- CTF Question - reverse engineering keyboard Morse code
- Question about ECDSA
-
Stuck on a forensics challenge
One thing that immediately comes into mind is that archives are "weird", and an archive file can be also a totally different type of file at the same time. Just to clarify what I mean see: https://github.com/p4-team/ctf/blob/master/2016-04-15-plaid-ctf/web_pixelshop/README.md and specifically the magic file https://github.com/p4-team/ctf/blob/master/2016-04-15-plaid-ctf/web_pixelshop/exploit.png this is totally valid PNG file but at the same time it's also totally valid ZIP file with PHP shell inside.
-
Initial impact report about this week's EdDSA Double-PubKey Oracle attack in 40 affected crypto libs
Funny part is that even in CTF challenges made around this problem challenge authors were introducing some intentional bugs to account for this scenario, because they thought it would be too unrealistic otherwise :D See for example: https://github.com/p4-team/ctf/tree/master/2018-12-08-hxp/crypto_uff
-
Reduced Round AES CTR Attacks
See: https://github.com/p4-team/ctf/tree/master/2016-03-12-0ctf/peoples_square and also https://github.com/TFNS/writeups/tree/master/2020-06-05-DefenitCTF/spn (this one is not AES but some toy SPN, but the idea is exactly the same and maybe easier to understand)
-
Hey I was wondering if anyone knew a good place to post a challenge, a challenge with a reward
If it's some serious interesting cryptography (just to give you an example: https://github.com/p4-team/ctf/tree/master/2019-11-02-google-ctf/fractorization ), then perhaps consider talking to some CTF team to feature your challenge during an upcoming CTF
-
Help with factorizing n=p*q in an vulnerable RSA implementation
Also what you need doesn't require that much code, it's very similar to: https://github.com/p4-team/ctf/tree/master/2017-09-02-tokyo/crypto_rsa
- Cryptopals 2:12 - What real-world application of crypto does the solution actually break?
What are some alternatives?
When comparing writeups and ctf you can also consider the following projects:
tweetable-polyglot-png - Pack up to 3MB of data into a tweetable PNG polyglot file.
CTFd - CTFs as you need them
squarectf - The "code" for squarectf.com
RootTheBox - A Game of Hackers (CTF Scoreboard & Game Manager)
svachal - Automate writeup for vulnerable machines.
ed25519-unsafe-libs - List of unsafe ed25519 signature libs
cryptofuzz - Fuzzing cryptographic libraries. Magic bug printer go brrrr.
pwntools - CTF framework and exploit development library
HiddenWave - Hide Your Secret Message in any Wave Audio File.
libsodium - A modern, portable, easy to use crypto library.
hackingtool - ALL IN ONE Hacking Tool For Hackers
pwndbg - Exploit Development and Reverse Engineering with GDB Made Easy