Learn to exploit cryptographic vulnerabilities, including ECB Oracles, Padding Oracles, Insecure Randomness, and Length Extension Attacks.

This module will focus on cryptographic attack techniques and their exploitation using real-world applications. You will understand the mechanics of Breaking the Crypto through simpler way, where you'll learn how attackers bypass cryptographic protections with minimal effort. You will also explore Attacking ECB Oracles and Padding Oracles, understanding how these vulnerabilities can be exploited to recover plaintext from encrypted data. The module will also cover Insecure Randomness, illustrating how weak or predictable random number generators can be manipulated to break encryption schemes. Additionally, you'll learn about Length Extension Attacks, a critical technique for exploiting certain hashing algorithms. Throughout the module, you will practice the attacks through practical examples to reinforce your understanding of these cryptographic weaknesses and how to mitigate them. Upon completion, you will have the expertise to identify and exploit cryptographic vulnerabilities, amplifying your skills as a pentester.

Breaking Crypto the Simple Way

Exploiting common cryptographic mistakes.

Length Extension Attacks

Learn how hash functions enable attackers to extend and manipulate data using length extension attacks.

Attacking ECB Oracles

Learn about the electronic codebook (ECB) cipher mode and how to exploit its weaknesses.

Padding Oracles

Learn how the padding works during encryption and master techniques to exploit it.

Insecure Randomness

Learn how incorrectly configured randomness can lead to application compromise.

Topic Rewind Recap

Lock in what you learned with a recap. Earn points and keep your streak.

Need to know

Web Hacking Fundamentals

Understand the core security issues with web applications, and learn how to exploit them using industry tools and techniques.

Next steps

Advanced Client-Side Attacks

Through real-world scenarios, you will gain a detailed understanding of client-side attacks, including XSS, CSRF, DOM-based vectors, SOP, and CORS vulnerabilities.

Advanced Server-Side Attacks

Master the skills of advanced server-side attacks, covering SSRF, File Inclusions, Deserialization, Race Conditions, and Prototype Pollution.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Hierarchical diagram showing how learning pathways contain modules, which contain individual rooms.