CTF Wiki Web SQL Injection MySQL PostgreSQL Oracle SQL Server SQLite NoSQL Injection NoSQL Injection File Inclusion File Inclusion (LFI / RFI) Command Injection Command Injection XXE XXE XSS XSS CSRF CSRF SSRF SSRF File Upload File Upload Deseralization PHP Object Injection Python Pickle Java Deseralization WebSockets WebSockets Other IP Access Control PHP Quirks PWN Sandbox escapes: Python Sandbox Crypto Stream Ciphers Single-byte XOR Repeating-key XOR One-time Pad Key Reuse MT19937 stream cipher Block Ciphers ECB Byte-at-a-time ECB cut-and-paste CBC Padding Oracle CBC Bitflipping CTR Fixed Nonce CTR Bitflipping Hash functions Length Extension Attack Artificial Timing Leak RSA Common Modulus Coppersmith's Short Pad Attack Partial Key Exposure Attack - Boneh, Durfee, Frankel Hastad Broadcast Attack Wienner Attack Homomorphic Attack Timing Attacks Fault Attacks - Boneh, DeMillo, Lipton Fault Attacks - Brier, Naccache, Nguyen, Tibouchi PKCS1 Padding Attacks Other Caesar Cipher Vigenere Cipher Substitution Cipher Exotic DNA Marks