Applied Cryptography & Cryptanalysis
Specialist certification in cryptography covering classical ciphers, symmetric/asymmetric, KDF, JWT, and protocol flaws.
Classical Ciphers, Encoding and Manual Cryptanalysis
Recovering RSA Private Keys from Malformed Signatures via Fault Injection
Detecting Length-Extension and Forgery Flaws in Custom MAC Implementations
JWT Algorithm Confusion Attack: Exploiting Key Confusion and Asymmetric Misuse
one_gadget Exploitation: Single libc Shell Gadget Identification and Constraint-Satisfying Invocation
Symmetric Cryptography, KDFs and Credential Attacks
Time puzzle
Exploiting Insecure Key Exchange Protocols via Man-in-the-Middle Parameter Manipulation
Diffie-Hellman Small Subgroup Confinement Attack: Key Recovery via Order Manipulation
Forging Session Tokens via Weak PRNG: Exploiting Insufficient Entropy in Identifiers
Blind SQLi login
Boolean-based auth flaw
Weak password policy exploit
Account lockout bypass
Breaking Monoalphabetic Substitution Ciphers via Frequency and N-Gram Analysis
Exploiting ECDSA Nonce Reuse to Recover Private Keys via Shared k Values
Linear Congruential Generator Cryptanalysis: Parameter Recovery and State Prediction
Timestamp-Seeded PRNG Exploitation: Predicting and Reproducing Time-Based Random Output
bcrypt Pepper Exposure Analysis: Reconstructing Hash Inputs from Leaked Secret Values
MD5 Collision Generation and Exploitation: Crafting Identical-Hash Inputs for Integrity Bypass
CSRF Token Forgery (Static Artifact): Cross-Origin State-Changing Request Without Token Validation
Non-Expiring Refresh Token (Static Artifact): Indefinite Session Abuse via Missing Token Revocation
X-Forwarded-For Bypass (Static Artifact): Header Manipulation for IP-Based Access Control Defeat
PDF comment stream forensics
PDF hidden text layer forensics
Asymmetric Cryptography and Signature Schemes
2FA logic flaw
OTP Reuse (Static Artifact): Time-Based OTP Replay and Rate Limit Bypass Techniques
JWT Algorithm None (Static Artifact): Unsigned JWT Token Forgery for Authentication Bypass
JWT Key Confusion (Static Artifact): Public Key as HMAC Secret for Token Signature Forgery
JWT Kid Injection (Static Artifact): Key Identifier Header Exploitation for Signature Bypass
Stack Pivot Technique: RSP Redirection to Attacker-Controlled Memory for Extended ROP Chain Execution
MACs, HMAC, JWT and Protocol Security
Session hijacking
Cookie Tampering (Static Artifact): Session Cookie Forgery and Authentication Bypass Techniques
HMAC secret brute force
Insecure remember-me token
OAuth misconfiguration
Email verification bypass
Tcache Poisoning: fd Pointer Corruption for Arbitrary Allocation in glibc 2.27+ Heap
PDF metadata forensics
CTFFactory Applied Cryptography — Specialist
Specialist credential — awarded upon completion