Security Architect
Applied-level certification for security architects. Covers cloud IAM architecture, AppSec patterns, identity architecture, and logging/monitoring design.
Threat Modeling and Architecture Requirements [Non-CTF]
No cards in this course yet.
Cloud Architecture, IAM and Containers
Vigenère Cipher Cryptanalysis: Kasiski Examination and Index of Coincidence Attack
Cracking Columnar Transposition Ciphers: Key-Length Detection and Column Reordering
AES-ECB Block Alignment Attack: Exploiting Deterministic Encryption for Oracle Leakage
CBC Padding Oracle Attack: Byte-by-Byte Plaintext Recovery via PKCS#7 Error Responses
AES-CTR Nonce Reuse Attack: XOR-Based Keystream Recovery and Plaintext Decryption
Exploiting Symmetric Key Reuse Across Users: Cross-Account Ciphertext Oracle Attacks
Extracting Hardcoded Symmetric Keys from Binaries via Static Reverse Engineering
Attacking Weak Key Derivation Functions: Dictionary Attacks on Under-Iterated Password Hashing
XOR Keystream Reuse Attack: Many-Time Pad Cryptanalysis and Statistical Key Recovery
Cracking RSA Small Public Exponents: Cube-Root Recovery and Low-Exponent Bias
RSA Broadcast Attack: CRT-Based Plaintext Recovery Across Multiple Recipients
Factoring Weak RSA Primes via Fermat Factorisation and Pollard p-1 Method
WAV spectrogram stego
WAV echo stego
LSB RGB stego
Bit plane image stego
Alpha channel LSB stego
XOR two-image stego
DCT block image stego
Recovering Wide Strings (UTF-16LE) from Memory: C2 URL and Credential Extraction via Volatility
Detecting XOR-Encoded Payloads in Memory Dumps: Entropy Analysis and Brute-Force Key Recovery
AppSec Patterns and Identity Architecture
Recovering RSA Private Keys from Malformed Signatures via Fault Injection
Detecting Length-Extension and Forgery Flaws in Custom MAC Implementations
JWT Algorithm Confusion Attack: Exploiting Key Confusion and Asymmetric Misuse
Exploiting Insecure Key Exchange Protocols via Man-in-the-Middle Parameter Manipulation
Diffie-Hellman Small Subgroup Confinement Attack: Key Recovery via Order Manipulation
Forging Session Tokens via Weak PRNG: Exploiting Insufficient Entropy in Identifiers
Blind SQLi login
Boolean-based auth flaw
Weak password policy exploit
Account lockout bypass
2FA logic flaw
OTP Reuse (Static Artifact): Time-Based OTP Replay and Rate Limit Bypass Techniques
JWT Algorithm None (Static Artifact): Unsigned JWT Token Forgery for Authentication Bypass
JWT Key Confusion (Static Artifact): Public Key as HMAC Secret for Token Signature Forgery
JWT Kid Injection (Static Artifact): Key Identifier Header Exploitation for Signature Bypass
Session hijacking
Cookie Tampering (Static Artifact): Session Cookie Forgery and Authentication Bypass Techniques
HMAC secret brute force
Insecure remember-me token
OAuth misconfiguration
Email verification bypass
IDOR (numeric)
IDOR (UUID guessable)
Parameter pollution IDOR
Horizontal Privilege Escalation: Cross-User Resource Access via Insufficient IDOR Controls
Vertical Privilege Escalation: Role Bypass and Unauthorized Administrative Function Access
Role misassignment
Mass Assignment Vulnerability: Unfiltered Object Binding for Unauthorized Property Modification
Hidden admin endpoint
GraphQL overexposure
REST verb confusion
CORS misconfiguration
Multi-tenant data leak
SQL injection (classic)
SQLi blind time-based
SQLi second order
NoSQL Injection: MongoDB Operator Injection for Authentication Bypass and Data Enumeration
LDAP Injection: Filter String Manipulation for Authentication Bypass and Directory Enumeration
Template injection (Jinja2/Twig)
SSTI chain
OS Command Injection: Shell Metacharacter Exploitation for Server-Side Command Execution
Argument injection
Path traversal
LFI
RFI
SSTI to RCE chain
Reflected XSS: URL-Based Script Injection and Single-Interaction Client-Side Code Execution
Stored XSS: Persistent Script Injection for Session Hijacking and Admin Panel Exploitation
DOM-based XSS
CSP Bypass: Content Security Policy Circumvention via JSONP Endpoints, Trusted Domain Abuse and Nonce Prediction
AngularJS expression injection
Markdown rendering XSS
File upload XSS
Service worker abuse
Basic SSRF Exploitation: Internal Service Enumeration via Server-Side URL Fetch Manipulation
SSRF to Cloud Metadata: AWS IMDS Credential Theft via Server-Side Request Forgery
SSRF via PDF Renderer: Headless Browser Exploitation for Internal Service Access via HTML Injection
SSRF via webhook
SSRF Filter Bypass: IP Encoding, URL Redirection and Parser Confusion for Blocklist Evasion
DNS rebinding (simulated)
Gopher Protocol SSRF: Arbitrary TCP Payload Injection for Redis, Memcached and FastCGI Exploitation
SSRF → Redis (mocked)
SSRF → internal admin
Unrestricted file upload
Extension bypass
Content-Type Bypass: MIME Sniffing and Type Header Manipulation for Upload Restriction Evasion
Zip Slip Path Traversal: Archive Extraction Directory Escape for Server-Side File System Write
Archive bomb (simulated)
Insecure deserialization (generic)
PHAR deserialization (simulated)
Pickle deserialization
YAML unsafe load
Prototype Pollution in Node.js: __proto__ Injection for Object.prototype Manipulation and RCE Gadget Chaining
Race condition
TOCTOU
Double-spend
Coupon stacking
Quantity manipulation
Order status tampering
Payment bypass
Feature flag abuse
Logic-Based Privilege Escalation: Exploiting Flawed Business Rules for Unauthorized Role Promotion
API Rate Limit Bypass: Request Throttling Circumvention via Header Manipulation and IP Rotation
Pagination bypass
Batch endpoint abuse
Swagger exposed secrets
API key leakage
PNG metadata stego
WAV LSB stego
Nested archive
Weak zip password
Verifying Cryptographic Log Integrity by Detecting SHA-256 Hash Chain Breaks
Detecting Log Injection Attacks Through CRLF Forensics and Entry Authenticity Analysis
Detecting Timestamp Manipulation via MFT and NTP Cross-Correlation Sequence Analysis
Reconstructing Event Timelines from Log Rotation Artifacts and Surviving Log Fragments
Detecting Pass-the-Hash Attacks via NTLM Logon and Multi-Source Log Correlation
Identifying Service-Based Persistence Through New Service Anomaly and Baseline Comparison
Correlating Brute-Force Authentication Failures with Successful Lateral Pivot Events
Identifying Base-Encoded Chunk Queries in DNS Exfiltration Log Records
Tracing SUID Binary Exploitation via Setuid Syscall and Privilege Transition Correlation
Detecting Cron-Based Persistence via Scheduled Task Forensics and Download-Execute Patterns
Detecting Unauthorized Group Membership Changes via Privilege Escalation Audit Logs
Detecting Sudo Abuse Through GTFOBins Traces and Sudoers Modification Forensics
Tracing Unauthorized Shadow File Access Using Auditd Event Log Forensics
SMTP Inbox OSINT: Mail Content Analysis, Sender Tracing and Inbox-Based Identity Discovery
LDAP Anonymous Reconnaissance: Unauthenticated Directory Traversal and User Attribute Harvesting
Git Repository History Secret Recovery: Identifying Deleted Credentials via Commit Log Forensics
one_gadget Exploitation: Single libc Shell Gadget Identification and Constraint-Satisfying Invocation
Stack Pivot Technique: RSP Redirection to Attacker-Controlled Memory for Extended ROP Chain Execution
Tcache Poisoning: fd Pointer Corruption for Arbitrary Allocation in glibc 2.27+ Heap
PDF metadata forensics
PDF comment stream forensics
PDF hidden text layer forensics
PDF first-letter acrostic forensics
PDF JavaScript action forensics
PDF hidden AcroForm field forensics
PDF incremental update revision forensics
Terraform State File Exposure: Extracting Infrastructure Secrets from Public S3 Backends
Logging Architecture, Monitoring and Incident Readiness
Correlating Multi-Host Authentication Anomalies to Detect Lateral Movement
Correlating Audit Events Across Linux and Windows Privilege Escalation Transitions
QR code decode
Sigreturn-Oriented Programming: Signal Frame Hijacking for Full CPU Register Control with Minimal Gadgets
Morse Code Decoding: Timing Analysis, Delimiter Identification and Transcription Methodology
Bacon cipher
Zero-width steganography
Brainfuck encoding
NATO phonetic alphabet
Multi-layer encoding chain
QR Code Forensics: Error Correction Analysis and Partially Damaged Payload Reconstruction
Baudot encoding
Leetspeak obfuscation
Azure RBAC Misconfiguration: Subscription-Scope Role Assignments and Service Principal Abuse
AWS Service Control Policy Misconfiguration: Cross-Account Permission Escalation
S3 Bucket Policy Misconfiguration: Public Access, Cross-Account Grants and Transport Gaps
CTFFactory Security Architect — Applied
Applied credential — awarded upon completion