writeups
svachal
Our great sponsors
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
writeups
- Question about ECDSA
-
Reduced Round AES CTR Attacks
See: https://github.com/p4-team/ctf/tree/master/2016-03-12-0ctf/peoples_square and also https://github.com/TFNS/writeups/tree/master/2020-06-05-DefenitCTF/spn (this one is not AES but some toy SPN, but the idea is exactly the same and maybe easier to understand)
-
Supersingular Isogeny Key Exchange in Python
Not exactly purely in Python because with sage and also the goal was breaking SIDH, but: https://github.com/TFNS/writeups/tree/master/2020-04-17-PlaidCTF/sidhe
-
What are some real-world security issues in cryptography?
I'm not even mentioning big stuff like https://research.nccgroup.com/2021/11/08/technical-advisory-arbitrary-signature-forgery-in-stark-bank-ecdsa-libraries/ which interestingly enough is actually a vulnerability very similar to what exists in Java since the dawn of time -> https://github.com/openjdk/jdk/blob/master/src/java.base/share/classes/sun/security/provider/DSA.java#L358 (see: https://github.com/TFNS/writeups/tree/master/2020-10-03-TastelessCTF/petition )
-
Technical Advisory – Arbitrary Signature Forgery in Stark Bank ECDSA Libraries
The same issue exists in Java JDK for quite a while (see: https://github.com/TFNS/writeups/tree/master/2020-10-03-TastelessCTF/petition ) ;) I suspect there are many more libraries with similar problem.
Seems like the same problem as exists in Java JDK in DSA -> https://github.com/TFNS/writeups/tree/master/2020-10-03-TastelessCTF/petition
-
How did this person manage to extract all the RSA prime numbers in this writeup?
Check my writeup https://github.com/TFNS/writeups/tree/master/2021-10-23-ASIS-quals/madras if you need to understand where this come from.
-
Using compromised algorithms.
See an example: https://github.com/TFNS/writeups/tree/master/2021-03-13-UTCTF/sleeves
svachal
-
Automate writeup for vulnerable machines
Link for the source repo is in tweet linked in above image descriptions and here.
-
Commandline access for VulnHub, TryHackMe and HackTheBox machines
https://github.com/7h3rAm/svachal - Helps me with automating machine writeups. It has a graphviz wrapper to auto generate these graphs from nested text descriptions. An example killchain here is converted to the following dotfile which is then rendered as the graph above.
What are some alternatives?
tweetable-polyglot-png - Pack up to 3MB of data into a tweetable PNG polyglot file.
starcli - :sparkles: Browse trending GitHub projects from your command line
squarectf - The "code" for squarectf.com
brotab - Control your browser's tabs from the command line
cryptofuzz - Fuzzing cryptographic libraries. Magic bug printer go brrrr.
GTFONow - Automatic privilege escalation for misconfigured capabilities, sudo and suid binaries using GTFOBins.
HiddenWave - Hide Your Secret Message in any Wave Audio File.
hackthebox - Notes Taken for HTB Machines & InfoSec Community.
hackingtool - ALL IN ONE Hacking Tool For Hackers
reverse-shell-generator - Hosted Reverse Shell generator with a ton of functionality. -- (Great for CTFs)
SIKE-Python - A python implementation of Supersingular Isogeny Key Exchange (SIKE) using the optimized reference algorithms
writeups - Writeups for vulnerable machines.