> noah$
Knowledge
Structured technical notes and foundational knowledge for CTF and security research. This section covers attack primitives, cryptographic concepts, exploitation techniques, and mental models used in practice.
Cryptography
- Block Ciphers
- AES modes of operation and their security properties
- Padding oracle attacks and CBC bit-flipping
- ECB pattern analysis
- Public Key Cryptography
- RSA common attacks: small exponent, Wiener, Coppersmith
- Elliptic curve cryptography fundamentals
- Discrete logarithm problems
- Hash Functions
- Length extension attacks
- Collision resistance and birthday paradox
- HMAC construction and timing attacks
Exploitation Primitives
- Memory Corruption
- Stack buffer overflows and ROP chains
- Heap exploitation: use-after-free, double-free, heap spray
- Format string vulnerabilities
- Web Exploitation
- SQL injection: union-based, blind, time-based
- XSS: reflected, stored, DOM-based
- CSRF and SSRF attack vectors
- Template injection: SSTI, JWT manipulation
- Protocol Analysis
- HTTP/2 and HTTP/3 security considerations
- DNS rebinding and subdomain takeover
- WebSocket security issues
Reverse Engineering
- Static Analysis
- Control flow graph construction
- Symbolic execution basics
- Decompiler limitations and workarounds
- Dynamic Analysis
- Debugging techniques and breakpoint strategies
- Fuzzing: coverage-guided, grammar-based
- Binary instrumentation for analysis
System Security
- Operating Systems
- Linux kernel exploitation vectors
- Windows privilege escalation paths
- Container escape techniques
- Network Security
- TCP/IP stack vulnerabilities
- DNS security and cache poisoning
- TLS/SSL protocol analysis