# Cybersecurity Notes ## Cybersecurity Notes - [Cybersecurity Notes](https://ir0nstone.gitbook.io/notes/readme.md) - [Stack](https://ir0nstone.gitbook.io/notes/binexp/stack.md) - [Introduction](https://ir0nstone.gitbook.io/notes/binexp/stack/introduction.md): An introduction to binary exploitation - [ret2win](https://ir0nstone.gitbook.io/notes/binexp/stack/ret2win.md): The most basic binexp challenge - [De Bruijn Sequences](https://ir0nstone.gitbook.io/notes/binexp/stack/de-bruijn-sequences.md): The better way to calculate offsets - [Shellcode](https://ir0nstone.gitbook.io/notes/binexp/stack/shellcode.md): Running your own code - [NOPs](https://ir0nstone.gitbook.io/notes/binexp/stack/nops.md): More reliable shellcode exploits - [32- vs 64-bit](https://ir0nstone.gitbook.io/notes/binexp/stack/32-vs-64-bit.md): The differences between the sizes - [No eXecute](https://ir0nstone.gitbook.io/notes/binexp/stack/no-execute.md): The defence against shellcode - [Return-Oriented Programming](https://ir0nstone.gitbook.io/notes/binexp/stack/return-oriented-programming.md): Bypassing NX - [Calling Conventions](https://ir0nstone.gitbook.io/notes/binexp/stack/return-oriented-programming/calling-conventions.md): A more in-depth look into parameters for 32-bit and 64-bit programs - [Gadgets](https://ir0nstone.gitbook.io/notes/binexp/stack/return-oriented-programming/gadgets.md): Controlling execution with snippets of code - [Exploiting Calling Conventions](https://ir0nstone.gitbook.io/notes/binexp/stack/return-oriented-programming/exploiting-calling-conventions.md): Utilising Calling Conventions - [ret2libc/ret2system](https://ir0nstone.gitbook.io/notes/binexp/stack/return-oriented-programming/ret2libc.md): The standard ROP exploit - [Stack Alignment](https://ir0nstone.gitbook.io/notes/binexp/stack/return-oriented-programming/stack-alignment.md): A minor issue - [Format String Bug](https://ir0nstone.gitbook.io/notes/binexp/stack/format-string.md): Reading memory off the stack - [Stack Canaries](https://ir0nstone.gitbook.io/notes/binexp/stack/canaries.md): The Buffer Overflow defence - [PIE](https://ir0nstone.gitbook.io/notes/binexp/stack/pie.md): Position Independent Code - [Pwntools, PIE and ROP](https://ir0nstone.gitbook.io/notes/binexp/stack/pie/pwntools-pie-and-rop.md) - [PIE Bypass with Given Leak](https://ir0nstone.gitbook.io/notes/binexp/stack/pie/pie-exploit.md): Exploiting PIE with a given leak - [PIE Bypass](https://ir0nstone.gitbook.io/notes/binexp/stack/pie/pie-bypass.md): Using format string - [ASLR](https://ir0nstone.gitbook.io/notes/binexp/stack/aslr.md): Address Space Layout Randomisation - [ASLR Bypass with Given Leak](https://ir0nstone.gitbook.io/notes/binexp/stack/aslr/aslr-bypass-with-given-leak.md) - [PLT and GOT](https://ir0nstone.gitbook.io/notes/binexp/stack/aslr/plt_and_got.md): Bypassing ASLR - [ret2plt ASLR bypass](https://ir0nstone.gitbook.io/notes/binexp/stack/aslr/ret2plt-aslr-bypass.md) - [Virtual Addresses and Virtual Memory](https://ir0nstone.gitbook.io/notes/binexp/stack/virtual-addresses-and-virtual-memory.md) - [GOT Overwrite](https://ir0nstone.gitbook.io/notes/binexp/stack/got-overwrite.md): Hijacking functions - [Exploiting a GOT overwrite](https://ir0nstone.gitbook.io/notes/binexp/stack/got-overwrite/exploiting-a-got-overwrite.md) - [RELRO](https://ir0nstone.gitbook.io/notes/binexp/stack/relro.md): Relocation Read-Only - [Reliable Shellcode](https://ir0nstone.gitbook.io/notes/binexp/stack/reliable-shellcode.md): Shellcode, but without the guesswork - [ROP and Shellcode](https://ir0nstone.gitbook.io/notes/binexp/stack/reliable-shellcode/rop-and-shellcode.md) - [Using RSP](https://ir0nstone.gitbook.io/notes/binexp/stack/reliable-shellcode/using-rsp.md) - [ret2reg](https://ir0nstone.gitbook.io/notes/binexp/stack/reliable-shellcode/ret2reg.md): Using Registers to bypass ASLR - [Using ret2reg](https://ir0nstone.gitbook.io/notes/binexp/stack/reliable-shellcode/ret2reg/using-ret2reg.md) - [One Gadgets and Malloc Hook](https://ir0nstone.gitbook.io/notes/binexp/stack/one-gadgets-and-malloc-hook.md): Quick shells and pointers - [Syscalls](https://ir0nstone.gitbook.io/notes/binexp/stack/syscalls.md): Interfacing directly with the kernel - [Exploitation with Syscalls](https://ir0nstone.gitbook.io/notes/binexp/stack/syscalls/exploitation-with-syscalls.md) - [Sigreturn-Oriented Programming (SROP)](https://ir0nstone.gitbook.io/notes/binexp/stack/syscalls/sigreturn-oriented-programming-srop.md): Controlling all registers at once - [Using SROP](https://ir0nstone.gitbook.io/notes/binexp/stack/syscalls/sigreturn-oriented-programming-srop/using-srop.md) - [ret2dlresolve](https://ir0nstone.gitbook.io/notes/binexp/stack/ret2dlresolve.md): Resolving our own libc functions - [Exploitation](https://ir0nstone.gitbook.io/notes/binexp/stack/ret2dlresolve/exploitation.md) - [ret2csu](https://ir0nstone.gitbook.io/notes/binexp/stack/ret2csu.md): Controlling registers when gadgets are lacking - [Exploitation](https://ir0nstone.gitbook.io/notes/binexp/stack/ret2csu/exploitation.md) - [CSU Hardening](https://ir0nstone.gitbook.io/notes/binexp/stack/ret2csu/csu-hardening.md) - [Exploiting over Sockets](https://ir0nstone.gitbook.io/notes/binexp/stack/exploiting-over-sockets.md): File Descriptors and Sockets - [Exploit](https://ir0nstone.gitbook.io/notes/binexp/stack/exploiting-over-sockets/exploit.md): Duplicating the Descriptors - [Socat](https://ir0nstone.gitbook.io/notes/binexp/stack/exploiting-over-sockets/socat.md): More on socat - [Forking Processes](https://ir0nstone.gitbook.io/notes/binexp/stack/forking-processes.md): Flaws with fork() - [Stack Pivoting](https://ir0nstone.gitbook.io/notes/binexp/stack/stack-pivoting.md): Lack of space for ROP - [Exploitation](https://ir0nstone.gitbook.io/notes/binexp/stack/stack-pivoting/exploitation.md): Stack Pivoting - [pop rsp](https://ir0nstone.gitbook.io/notes/binexp/stack/stack-pivoting/exploitation/pop-rsp.md): Using a pop rsp gadget to stack pivot - [leave](https://ir0nstone.gitbook.io/notes/binexp/stack/stack-pivoting/exploitation/leave.md): Using leave; ret to stack pivot - [Pointer Authentication](https://ir0nstone.gitbook.io/notes/binexp/stack/pointer-authentication.md): An Arm hardware protection to combat ROP - [Memory Tagging Extension (MTE)](https://ir0nstone.gitbook.io/notes/binexp/stack/memory-tagging-extension-mte.md): Arm's MTE Hardware Protection - [Memory Integrity Enforcement](https://ir0nstone.gitbook.io/notes/binexp/stack/memory-integrity-enforcement.md) - [Heap](https://ir0nstone.gitbook.io/notes/binexp/heap.md): Still learning :) - [Introduction to the Heap](https://ir0nstone.gitbook.io/notes/binexp/heap/introduction-to-the-heap.md) - [Chunks](https://ir0nstone.gitbook.io/notes/binexp/heap/chunks.md) - [Freeing Chunks and the Bins](https://ir0nstone.gitbook.io/notes/binexp/heap/bins.md) - [Operations of the Fastbin](https://ir0nstone.gitbook.io/notes/binexp/heap/bins/operations-of-the-fastbin.md) - [Operations of the Other Bins](https://ir0nstone.gitbook.io/notes/binexp/heap/bins/chunk-allocation-and-reallocation.md) - [The Top Chunk and Remainder](https://ir0nstone.gitbook.io/notes/binexp/heap/the-top-chunk-and-remainder.md): Creating more heap space - [Malloc State](https://ir0nstone.gitbook.io/notes/binexp/heap/malloc-state.md) - [malloc\_consolidate()](https://ir0nstone.gitbook.io/notes/binexp/heap/malloc_consolidate.md): Consolidating fastbins - [Heap Overflow](https://ir0nstone.gitbook.io/notes/binexp/heap/heap-overflow.md) - [heap0](https://ir0nstone.gitbook.io/notes/binexp/heap/heap-overflow/heap0.md): http://exploit.education/phoenix/heap-zero/ - [heap1](https://ir0nstone.gitbook.io/notes/binexp/heap/heap-overflow/heap1.md): http://exploit.education/phoenix/heap-one/ - [Use-After-Free](https://ir0nstone.gitbook.io/notes/binexp/heap/use-after-free.md) - [Double-Free](https://ir0nstone.gitbook.io/notes/binexp/heap/double-free.md) - [Double-Free Protections](https://ir0nstone.gitbook.io/notes/binexp/heap/double-free/double-free-protections.md) - [Double-Free Exploit](https://ir0nstone.gitbook.io/notes/binexp/heap/double-free/double-free-exploit.md) - [Unlink Exploit](https://ir0nstone.gitbook.io/notes/binexp/heap/unlink-exploit.md) - [The Tcache](https://ir0nstone.gitbook.io/notes/binexp/heap/the-tcache.md): New and efficient heap management - [Tcache: calloc()](https://ir0nstone.gitbook.io/notes/binexp/heap/the-tcache/tcache-calloc.md) - [Tcache Poisoning](https://ir0nstone.gitbook.io/notes/binexp/heap/the-tcache/tcache-poisoning.md): Reintroducing double-frees - [The Malloc Maleficarum](https://ir0nstone.gitbook.io/notes/binexp/heap/the-malloc-maleficarum.md): The first heap exploits - [The House of Force](https://ir0nstone.gitbook.io/notes/binexp/heap/the-malloc-maleficarum/the-house-of-force.md): Exploiting the wilderness - [Tcache Keys](https://ir0nstone.gitbook.io/notes/binexp/heap/tcache-keys.md): A primitive double-free protection - [Safe Linking](https://ir0nstone.gitbook.io/notes/binexp/heap/safe-linking.md) - [Kernel](https://ir0nstone.gitbook.io/notes/binexp/kernel.md) - [Introduction](https://ir0nstone.gitbook.io/notes/binexp/kernel/introduction.md) - [Writing a Char Module](https://ir0nstone.gitbook.io/notes/binexp/kernel/writing-a-char-module.md) - [An Interactive Char Driver](https://ir0nstone.gitbook.io/notes/binexp/kernel/writing-a-char-module/a-communicatable-char-driver.md) - [Interactivity with IOCTL](https://ir0nstone.gitbook.io/notes/binexp/kernel/writing-a-char-module/interactivity-with-ioctl.md): A more useful way to interact with the driver - [A Basic Kernel Interaction Challenge](https://ir0nstone.gitbook.io/notes/binexp/kernel/a-basic-kernel-interaction-challenge.md) - [Compiling, Customising and booting the Kernel](https://ir0nstone.gitbook.io/notes/binexp/kernel/compiling-customising-and-booting-the-kernel.md): Instructions for compiling the kernel with your own settings, as well as compiling kernel modules for a specific kernel version. - [Double-Fetch](https://ir0nstone.gitbook.io/notes/binexp/kernel/double-fetch.md): The most simple of vulnerabilities - [Double-Fetch without Sleep](https://ir0nstone.gitbook.io/notes/binexp/kernel/double-fetch/double-fetch-without-sleep.md): Removing the artificial sleep - [The Ultimate Aim of Kernel Exploitation - Process Credentials](https://ir0nstone.gitbook.io/notes/binexp/kernel/the-ultimate-aim-of-kernel-exploitation-process-credentials.md) - [Kernel ROP - ret2usr](https://ir0nstone.gitbook.io/notes/binexp/kernel/kernel-rop-ret2usr.md): ROPpety boppety, but now in the kernel - [Debugging a Kernel Module](https://ir0nstone.gitbook.io/notes/binexp/kernel/debugging-a-kernel-module.md): A practical example - [SMEP](https://ir0nstone.gitbook.io/notes/binexp/kernel/smep.md): Supervisor Memory Execute Protection - [Kernel ROP - Disabling SMEP](https://ir0nstone.gitbook.io/notes/binexp/kernel/smep/kernel-rop-disabling-smep.md): An old technique - [Kernel ROP - Privilege Escalation in Kernel Space](https://ir0nstone.gitbook.io/notes/binexp/kernel/smep/kernel-rop-privilege-escalation-in-kernel-space.md): Bypassing SMEP by ropping through the kernel - [Kernel ROP - Stack Pivoting](https://ir0nstone.gitbook.io/notes/binexp/kernel/smep/kernel-rop-stack-pivoting.md) - [SMAP](https://ir0nstone.gitbook.io/notes/binexp/kernel/smap.md): Supervisor Memory Access Protection - [Overwriting modprobe\_path](https://ir0nstone.gitbook.io/notes/binexp/kernel/modprobe_path.md): A simple way to pop a shell - [KASLR](https://ir0nstone.gitbook.io/notes/binexp/kernel/kaslr.md) - [KPTI](https://ir0nstone.gitbook.io/notes/binexp/kernel/kpti.md): Kernel Page Table Isolation - [Kernel Heap](https://ir0nstone.gitbook.io/notes/binexp/kernel/page.md): The pain of it all - [Heap Structures](https://ir0nstone.gitbook.io/notes/binexp/kernel/heap-structures.md) - [TODO](https://ir0nstone.gitbook.io/notes/binexp/kernel/todo.md): Random stuff I want to mention somewhere, but too small for its own page - [Browser Exploitation](https://ir0nstone.gitbook.io/notes/binexp/browser-exploitation.md) - [\*CTF 2019 - oob-v8](https://ir0nstone.gitbook.io/notes/binexp/browser-exploitation/ctf-2019-oob-v8.md): Setting Up - [The Challenge](https://ir0nstone.gitbook.io/notes/binexp/browser-exploitation/ctf-2019-oob-v8/the-challenge.md): The actual challenge - [picoCTF 2021 - Kit Engine](https://ir0nstone.gitbook.io/notes/binexp/browser-exploitation/picoctf-2021-kit-engine.md): A lesson in floating-point form - [picoCTF 2021 - Download Horsepower](https://ir0nstone.gitbook.io/notes/binexp/browser-exploitation/picoctf-2021-download-horsepower.md): Another OOB, but with pointer compression - [Browser Architecture](https://ir0nstone.gitbook.io/notes/binexp/browser-exploitation/browser-architecture.md): A look at how browsers work under the hood - [Operation of the Renderer](https://ir0nstone.gitbook.io/notes/binexp/browser-exploitation/browser-architecture/operation-of-the-renderer.md): How the renderer process works - [An Introduction to Turbofan](https://ir0nstone.gitbook.io/notes/binexp/browser-exploitation/an-introduction-to-turbofan.md): V8's Optimizer - [A Typer Bug](https://ir0nstone.gitbook.io/notes/binexp/browser-exploitation/an-introduction-to-turbofan/a-typer-bug.md): One of my favourites - [Memory Safety](https://ir0nstone.gitbook.io/notes/binexp/memory-safety.md): Languages like Rust and Swift claim to be "memory-safe". What does that mean? - [C++ Smart Pointers](https://ir0nstone.gitbook.io/notes/binexp/memory-safety/c++-smart-pointers.md): C++'s foray into memory safety - [RAII (Resource Acquisition is Initialization)](https://ir0nstone.gitbook.io/notes/binexp/memory-safety/raii-resource-acquisition-is-initialization.md) - [Garbage Collection](https://ir0nstone.gitbook.io/notes/binexp/memory-safety/garbage-collection.md) - [Tracing Garbage Collection](https://ir0nstone.gitbook.io/notes/binexp/memory-safety/garbage-collection/tracing-garbage-collection.md) - [Automatic Reference Counting](https://ir0nstone.gitbook.io/notes/binexp/memory-safety/garbage-collection/automatic-reference-counting.md): Apple's preferred approach to automatic memory management - [Rust](https://ir0nstone.gitbook.io/notes/binexp/memory-safety/rust.md): The poster child for memory safety - [Python (and C#, Java)](https://ir0nstone.gitbook.io/notes/binexp/memory-safety/python-and-c-java.md) - [Swift](https://ir0nstone.gitbook.io/notes/binexp/memory-safety/swift.md): Swift uses purely ARC. How does it fix the problems that arise without a tracing garbage collector? - [Sandboxing](https://ir0nstone.gitbook.io/notes/binexp/memory-safety/sandboxing.md) - [Dynamic Binary Instrumentation](https://ir0nstone.gitbook.io/notes/binexp/dynamic-binary-instrumentation.md): Manipulating programs without the source - [Strings in C++](https://ir0nstone.gitbook.io/notes/rev/strings-in-c++.md) - [C++ Decompilation Tricks](https://ir0nstone.gitbook.io/notes/rev/c++-decompilation-tricks.md): How decompilers do stuff - [Reverse Engineering ARM](https://ir0nstone.gitbook.io/notes/rev/reverse-engineering-arm.md): Just a ragged collection of notes before I do anything proper - do not take this as gospel! I am doing ARM reversing on my M1 MacBook for fun... - [Introduction](https://ir0nstone.gitbook.io/notes/cryptography/introduction.md) - [Number Theory Fundamentals](https://ir0nstone.gitbook.io/notes/cryptography/number-theory-fundamentals.md) - [Divisibility, Factors and Euclid's Algorithms](https://ir0nstone.gitbook.io/notes/cryptography/number-theory-fundamentals/divisibility-factors-and-euclids-algorithms.md): An outline of the fundamentals of number theory - [Modular Arithmetic](https://ir0nstone.gitbook.io/notes/cryptography/number-theory-fundamentals/modular-arithmetic.md): An introduction to the fundamentals - [Rings, Fields and Euler's Totient Function](https://ir0nstone.gitbook.io/notes/cryptography/number-theory-fundamentals/rings-fields-and-eulers-totient-function.md): The basics of Rings, Fields and Euler's Phi Function - [Continued Fractions](https://ir0nstone.gitbook.io/notes/cryptography/continued-fractions.md) - [RSA](https://ir0nstone.gitbook.io/notes/cryptography/overview.md) - [Public Exponent Attacks](https://ir0nstone.gitbook.io/notes/cryptography/overview/public-exponent-attacks.md) - [e=1](https://ir0nstone.gitbook.io/notes/cryptography/overview/public-exponent-attacks/e-1.md) - [Small e](https://ir0nstone.gitbook.io/notes/cryptography/overview/public-exponent-attacks/small-e.md) - [Multi-party RSA with Small e](https://ir0nstone.gitbook.io/notes/cryptography/overview/public-exponent-attacks/multi-party-rsa-with-small-e.md) - [Wiener's Attack](https://ir0nstone.gitbook.io/notes/cryptography/overview/public-exponent-attacks/wieners-attack.md): Using Continued Fractions to attack large e values - [Choice of Primes](https://ir0nstone.gitbook.io/notes/cryptography/overview/choice-of-primes.md) - [N is prime](https://ir0nstone.gitbook.io/notes/cryptography/overview/choice-of-primes/n-is-prime.md) - [Mersenne Primes](https://ir0nstone.gitbook.io/notes/cryptography/overview/choice-of-primes/mersenne-primes.md) - [P=Q](https://ir0nstone.gitbook.io/notes/cryptography/overview/choice-of-primes/p-q.md) - [Fermat Factorisation](https://ir0nstone.gitbook.io/notes/cryptography/overview/choice-of-primes/fermat-factorisation.md): Used when p and q are numericaly close - [Factorisation Methods](https://ir0nstone.gitbook.io/notes/cryptography/overview/factorisation-methods.md) - [Pollard's p-1](https://ir0nstone.gitbook.io/notes/cryptography/overview/factorisation-methods/pollards-p-1.md): Factorising N when we know a factor is smooth - [Diffie-Hellman Key Exchange](https://ir0nstone.gitbook.io/notes/cryptography/overview-1.md) - [Solving the DLP](https://ir0nstone.gitbook.io/notes/cryptography/overview-1/solving-the-dlp.md) - [Baby Step, Giant Step](https://ir0nstone.gitbook.io/notes/cryptography/overview-1/solving-the-dlp/baby-step-giant-step.md): The simple iterative approach - [An Introduction to Blockchain](https://ir0nstone.gitbook.io/notes/blockchain/an-introduction-to-blockchain.md) - [Smart Contracts and Solidity](https://ir0nstone.gitbook.io/notes/blockchain/smart-contracts-and-solidity.md) - [Hosting a Testnet and Deploying a Contract](https://ir0nstone.gitbook.io/notes/blockchain/hosting-a-testnet-and-deploying-a-contract.md): Using Foundry to start a local testnet and deploy a Solidity contract. - [Interacting with Python](https://ir0nstone.gitbook.io/notes/blockchain/interacting-with-python.md): Using web3.py - [Ethereum Overview](https://ir0nstone.gitbook.io/notes/blockchain/ethereum-overview.md): The one we need to understand - [Hack The Box](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box.md) - [Linux Machines](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines.md) - [Easy](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/easy-linux.md) - [Traceback](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/easy-linux/traceback.md) - [Medium](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/medium.md) - [Magic](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/medium/magic.md): SQL injection, PHP reverse shell upload, mysqldump and PATH injection - [UpDown](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/medium/updown.md): LFI to RCE using PHAR files while bypassing disabled\_functions, followed by abuse of SUID and sudo. - [Hard](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/hard.md) - [Intense](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/linux-machines/hard/intense.md): SQL Injection, Hash Length Extension, LFI and binary exploitation - [Challenges](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges.md) - [Web](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/web.md) - [Looking Glass](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/web/looking-glass.md) - [Sanitize](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/web/sanitize.md) - [Baby Auth](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/web/baby-auth.md) - [Baby Website Rick](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/web/baby-website-rick.md) - [Pwn](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/pwn.md) - [Dream Diary: Chapter 1](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/pwn/dream-diary-chapter-1.md) - [Unlink Exploit](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/pwn/dream-diary-chapter-1/unlink-exploit.md) - [Chunk Overlap](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/pwn/dream-diary-chapter-1/chunk-overlap.md) - [Ropme](https://ir0nstone.gitbook.io/notes/writeups/hack-the-box/challenges/pwn/ropme.md) - [picoGym](https://ir0nstone.gitbook.io/notes/writeups/picogym.md): picoGym contains all of the past challenges from previous picoCTF events and can be found at https://play.picoctf.org/practice - [Cryptography](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography.md) - [Mod 26](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/mod-26.md): Cryptography can be easy, do you know what ROT13 is? cvpbPGS{arkg\_gvzr\_V'yy\_gel\_2\_ebhaqf\_bs\_ebg13\_uJdSftmh} - [Mind Your Ps and Qs](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/mind-your-ps-and-qs.md): In RSA, a small e value can be problematic, but what about N? Can you decrypt this? values - [Easy Peasy](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/easy-peasy.md): A one-time pad is unbreakable, but can you manage to recover the flag? (Wrap with picoCTF{}) nc mercury.picoctf.net 11188 otp.py - [The Numbers](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/the-numbers.md): The numbers... what do they mean? - [New Caesar](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/new-caesar.md): We found a brand new type of encryption, can you break the secret code? (Wrap with picoCTF{}) apbopjbobpnjpjnmnnnmnlnbamnpnononpnaaaamnlnkapndnkncamnpapncnbannaapncndnlnpna new\_caesar.py - [Mini RSA](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/mini-rsa.md): What happens if you have a small exponent? There is a twist though, we padded the plaintext so that (M \*\* e) is just barely larger than N. Let's decrypt this: ciphertext - [Dachshund Attacks](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/dachshund-attacks.md): What if d is too small? Connect with nc mercury.picoctf.net 37455. - [No Padding, No Problem](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/no-padding-no-problem.md): Oracles can be your best friend, they will decrypt anything, except the flag's ciphertext. How will you break it? Connect with nc mercury.picoctf.net 10333 - [Easy1](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/easy1.md): The one time pad can be cryptographically secure, but not when you know the key. Can you solve this? We've given you the encrypted flag, key, and a table to help UFJKXQZQUNB with the key of SOLVECRYPT - [13](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/13.md): Cryptography can be easy, do you know what ROT13 is? cvpbPGS{abg\_gbb\_onq\_bs\_n\_ceboyrz} - [Caesar](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/caesar.md): Decrypt this message. - [Pixelated](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/pixelated.md): I have these 2 images, can you make a flag out of them? scrambled1.png scrambled2.png - [Basic-Mod1](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/basic-mod1.md): Take each number mod 37 and map it to the following character set: 0-25 is the alphabet (uppercase), 26-35 are the decimal digits, and 36 is an underscore. Wrap your decrypted message in picoCTF. - [Basic-Mod2](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/basic-mod2.md) - [Credstuff](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/credstuff.md): We found a leak of a blackmarket website's login credentials. Can you find the password of the user cultiris and successfully decrypt it? Download the leak here. - [morse-code](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/morse-code.md) - [rail-fence](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/rail-fence.md): A type of transposition cipher is the rail fence cipher, which is described here. Here is one such cipher encrypted using the rail fence with 4 rails. Can you decrypt it? - [Substitution0](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/substitution0.md): A message has come in but it seems to be all scrambled. Luckily it seems to have the key at the beginning. Can you crack this substitution cipher? - [Substitution1](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/substitution1.md): A second message has come in the mail, and it seems almost identical to the first one. Maybe the same thing will work again. - [Substitution2](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/substitution2.md): It seems that another encrypted message has been intercepted. The encryptor seems to have learned their lesson though and now there isn't any punctuation! Can you still crack the cipher? - [Transposition-Trial](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/transposition-trial.md): Our data got corrupted on the way here. Luckily, nothing got replaced, but every block of 3 got scrambled around! - [Vigenere](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/vigenere.md): Can you decrypt this message? - [HideToSee](https://ir0nstone.gitbook.io/notes/writeups/picogym/cryptography/hidetosee.md): How about some hide and seek heh? Look at this image here. - [CTFs](https://ir0nstone.gitbook.io/notes/writeups/ctfs.md) - [Fword CTF 2020](https://ir0nstone.gitbook.io/notes/writeups/ctfs/fword-ctf-2020.md): https://ctftime.org/event/1066 - [Binary Exploitation](https://ir0nstone.gitbook.io/notes/writeups/ctfs/fword-ctf-2020/binary-exploitation.md) - [Molotov](https://ir0nstone.gitbook.io/notes/writeups/ctfs/fword-ctf-2020/binary-exploitation/untitled.md): A ret2libc with a given leak - [Reversing](https://ir0nstone.gitbook.io/notes/writeups/ctfs/fword-ctf-2020/reversing.md) - [XO](https://ir0nstone.gitbook.io/notes/writeups/ctfs/fword-ctf-2020/reversing/xo.md): Messing with the XOR - [X-MAS CTF 2020](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020.md) - [Pwn](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020/pwn.md) - [Do I Know You?](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020/pwn/do-i-know-you.md) - [Naughty](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020/pwn/naughty.md) - [Web](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020/web.md) - [PHP Master](https://ir0nstone.gitbook.io/notes/writeups/ctfs/x-mas-ctf-2020/web/php-master.md) - [HTB CyberSanta 2021](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021.md) - [Crypto](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021/crypto.md) - [Common Mistake](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021/crypto/common-mistake.md): Common Mod, DIfferent e - [Missing Reindeer](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021/crypto/missing-reindeer.md): Cube Root Attack - [Xmas Spirit](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021/crypto/xmas-spirit.md) - [Meet Me Halfway](https://ir0nstone.gitbook.io/notes/writeups/ctfs/htb-cybersanta-2021/crypto/meet-me-halfway.md): Meet-in-the-middle attack on AES - [pwntools](https://ir0nstone.gitbook.io/notes/misc/pwntools.md) - [Introduction](https://ir0nstone.gitbook.io/notes/misc/pwntools/introduction.md) - [Processes and Communication](https://ir0nstone.gitbook.io/notes/misc/pwntools/processes_and_communication.md) - [Logging and Context](https://ir0nstone.gitbook.io/notes/misc/pwntools/logging_and_context.md) - [Packing](https://ir0nstone.gitbook.io/notes/misc/pwntools/packing.md) - [ELF](https://ir0nstone.gitbook.io/notes/misc/pwntools/elf.md) - [ROP](https://ir0nstone.gitbook.io/notes/misc/pwntools/rop.md) - [scanf Bypasses](https://ir0nstone.gitbook.io/notes/misc/scanf-bypasses.md) - [Challenges in Containers](https://ir0nstone.gitbook.io/notes/misc/challenges-in-containers.md) - [Using Z3](https://ir0nstone.gitbook.io/notes/misc/using-z3.md): Microsoft's Theorem Prover - [Cross-Compiling for arm32](https://ir0nstone.gitbook.io/notes/misc/cross-compiling-for-arm32.md): Absolute pain - [CodeQL](https://ir0nstone.gitbook.io/notes/misc/codeql.md): Querying code to find vulnerabilities --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on a page URL with the `ask` query parameter: ``` GET https://ir0nstone.gitbook.io/notes/readme.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.