Nullcon 2019 - Singular
03 Jan 2019tldr; discrete log on singular curve
tldr; BREACH attack on TLS1.2 with AES GCM (HTTP level compression)
Crypto ctf challenge for JHtC team. Source code The page have two standard functionalities: user registration and logging in. After playing with them for a while we can see that authentication is based on “auth” cookie, which contains two long numbers separated by dash. Next thing to check is html source. After not looking at robots.txt, we do not get encrypted zip file with challenge’s source code. src/static » unzip -l do_not_look_at_me.zip Archive: do_not_look_at_me.zip Length ...