Evan Pardon's Portfolio

Recent

• Flask-SQLAlchemy + SQLAlchemy + Alembic Cheatsheet · cheatsheets
  > A practical, copy-paste-friendly reference for modern **Flask-SQLAlchemy 3.x + SQLAlchemy 2.x + Alembic**. > > This note focuses on: > - ORM thinking > - how Flask-SQLAlchemy fits on top of SQLAlchemy > - model and re…
• Mersenne Mayhem - L3akCTF 2025 official writeup (Crypto) · cheatsheets
  Brief overview of the AJPS cryptosystem and a full comprehensive write-up as to the intended solution of the challenge as well as an unintentional solution not found by myself largely due to the modifications I made to the original AJPS cryptosystem to facilitate the attack as it was described in the paper.
• GrizzHacks8CTF · projects
  GrizzHacks8CTF offers a collection of Capture The Flag challenges designed for Oakland University's annual hackathon, built using Rust.
• MS-DRBG · projects
  Explore the MS-DRBG project, which focuses on predicting the Micalli-Schnorr Deterministic Random Bit Generator using Python.
• LinuxHelpers · projects
  LinuxHelpers offers a collection of useful scripts and tools for Linux enthusiasts and developers, enhancing productivity and system management.
• Pentest-Terminal-Logger · projects
  Pentest-Terminal-Logger is a lightweight Bash wrapper that records terminal sessions for effective documentation during penetration testing.
• PadBust-Py · projects
  PadBust-Py is a Python3 reimplementation of the PadBuster tool, designed for efficient padding oracle attacks in cybersecurity testing.
• VigenereSolver-ng · projects
  VigenereSolver-ng is a Python project designed for analyzing and breaking Vigenere ciphers, ideal for cryptography enthusiasts.
• GrizzHacks7-CTF · projects
  GrizzHacks7-CTF offers a series of engaging capture the flag challenges designed to enhance your cybersecurity skills using Python.
• My-CTF-Challenges · projects
  Explore a collection of custom challenges designed for Cybersecurity CTFs and Hackathons, showcasing skills in Python programming.
• CryptoHack-Solutions · projects
  Explore solutions to the CryptoHack challenges with this comprehensive repository of Python files designed for cybersecurity enthusiasts.
• PoW-CTFd-Auth-PoC · projects
  A Proof of Work authentication PoC designed for CTF competitions, enabling challenge access and rate-limiting for participants.
• Certified-AppSec-Practitioner-SecOpsGroup-Study-Materials · projects
  A comprehensive collection of study materials for aspiring Certified Application Security Practitioners, tailored for SecOps professionals.
• supasuge · projects
  Explore the supasuge repository for essential configuration files to enhance your GitHub profile and streamline your development workflow.
• HackDearbornCTF-Rewind-Reality · projects
  Explore the Hack Dearborn Rewind Reality CTF challenges, designed to test your cybersecurity skills in a competitive environment.
• revshells · projects
  Revshells is a Python tool for generating various reverse, bind, and hoax shells with support for multiple encoding and encryption methods.
• Random-Maze-Generator-A-Star-Solver · projects
  A deterministic maze generator and solver in Python, ensuring consistent start and end points for every generated maze.
• GrizzCTF2024-Official · projects
  Explore the GrizzCTF 2024 challenges designed for participants at GrizzHackathon, featuring a variety of cybersecurity tasks.
• VigenereSolver-ng · projects
  Advanced vigenere cipher brute force solver utilizing classical techniques combined with LLM-based techniques for english plaintext scoring, as well as other math tricks for better approximations and key length/char predictions.
• GrizzHacks8 · projects
  This year for GrizzHacks8 2026, I was included as part of the *official* organizing team, so I got to help out a lot behind the scenes with some of the general organization of the event + logistics and general decision…
• OS Enumeration · pentesting
  Basic commands for local OS enumeration
• Conversor - HackTheBox Writeup · pentesting
  Comprehensive writeup of the HackTheBox machine 'Conversor' involving XSLT/XXE RFI to gain a reverse shell, then simple privilege escalation using a `perl` script with `NOPASSWD` `sudo` privileges and a malicious 'config' file
• Linux Group Enumeration and Management · linux
  Notes covering Linux group enumeration and management commands, plus an investigation framework for suspicious binaries/processes on Ubuntu, including examples and security best practices.
• Linux iptables routing Cheatsheet · linux
  A quick reference sheet for iptables and useful rules/commands to keep handy.
• Bash Essentials: Streams, Control Operators, Arguments, Tests, and Functions · linux
  A practical reference to core Bash scripting concepts: standard streams and file descriptors, common control and redirection operators, positional arguments, test operators for files and numbers, and a simple function example.
• X.509 Certificates Explained: Uses, Fields, Certificate Authoritiess, and Certificate Transparency · guides
  A concise field guide to X.509 certificates: what they’re used for, how to read their fields in a browser, and where Certificate Authorities and Certificate Transparency fit.
• Installing Libvirtd + Virt-Manager on EndeavorOS · guides
  Quick guide to installing libvirtd, qemu, and Virt-Manager on EndeavorOS and other Arch linux based-distributions
• x86 Basics: Opcodes, Operands, and a Few Core Instructions · ctf
  A quick refresher on what opcodes look like in a disassembler, the three operand types (immediate, register, memory), and several common x86 instructions (MOV, LEA, NOP, SHL/SHR) plus the most common EFLAGS bits you’ll see referenced during reversing and exploitation.
• FaultyCurve(Crypto) WorldWideCTF 2025 · cryptography
  At first glance this looks like a standard ECDLP setup: you get prime $p$, coefficient $a$, an $x$-coordinate for a “generator” $G$, and an $x$-coordinate for a public key $Q$ where:
• Sun Zi's Perfect Math Class · ctf
  Brief writeup and explaination from an old CTF involving the chinese remainder theorem word problem + a RSA problem showcasing similar priniples.
• Secure Source (Crypto, Hard 500) — Predictable RNG in ECDSA-JWT (Incomplete Writeup) · ctf
  An incomplete but structured writeup for the “Secure Source” challenge. The app signs JWTs with a custom ECDSA implementation whose nonce comes from Python’s Mersenne Twister. Note IDs leak enough RNG output to recover MT state and predict the next nonce, enabling signature forgery. Also covers where the public key should come from and how to obtain it in practice.
• parrot the emu · ctf
  title: "Parrot the Emu CTF writeup from DownUnderCTF" summary: "Parrot the Emu easy web CTF challenge writeup (DownUnderCTF)" tags: ["linux", "security", "sysadmin", "web"] published: true date: 2024-12-25T15:00:00Z
• Magical Oracle - Official Writeup · ctf
  Writeup for the crypto challenge 'Magical Oracle' I designed and created for L3akCTF25
• Hash vegas - NiteCTF2025 writeup · ctf
  Writeup for the crypto challenge 'Hash Vegas' from NiteCTF2025
• Crypto On the Rocks (Crypto, L3akCTF24') · ctf
  Intended solution writeup for 'Crypto On the Rocks' a challenge I made for L3akCTF2024 based off the P-521 curve and a MSB biased nonce vulnerability inspired directly by CVE-2024-31497.
• NiteCTF Crypto Writeup: R Stands Alone · ctf
  NiteCTF24 'R Stands Alone' crypto writeup showing how the RSA modulus with three primes falls by factoring $r = a^3 + 16b^3$ in a cubic number field, recovering $p$ and $q$ to decrypt the flag.
• PatriotCTF 2024 — Impersonate (Web) Writeup · web
  This app uses Flask’s signed client-side session cookies. That’s fine **only if** `app.secret_key` is secret.
• N00bzCTF 2023 — Broadcast (Crypto) writeup · cryptography
  This is a simple RSA crypto challenge that becomes instantly solvable because the same plaintext (the flag) is encrypted many times using a **small public exponent**.
• 2048 AI - Expectimax or die trying · ctf
  Brief writeup/explaination of the challenge '2048 AI' from an old CTF.
• CoCoracle - Official Solution Writeup · ctf
  Official solution write-up for the challenge 'CoCoracle' based off the COCONUT98 cipher and a SPN reduced round number implementation (5) in order to facilitate the **Boomerang Attack** within a reasonable amount of time for for GrizzHacks8 (2026)
• Smelter (Crypto, TamuCTF 24') Writeup · ctf
  Brief writeup/explaination of the challenge 'Smelter' from TamuCTF involving RSA signature forgery
• Cert challenge writeup (Crypto, P0lyglots24') · ctf
  Brief writeup/explaination of the challenge 'Cert' from P0lyglots24 involving RSA signature forgery
• RSA: How it works,and where things can go wrong (Part 1) · cryptography
  Comprehensive overview of RSA, its origins, modern variations and optimizations, and where things can go wrong (Part 1).
• Assembly Cheatsheet · cheatsheets
  Comprehensive cheatsheet for x86-64 Assembly as well as reverse engineering for binary exploitation purposes using GDB.
• GnuGPG - Cheatsheet · cheatsheets
  Comprehensive cheatsheet for the `GPG`, an open-source software utilizing the OpenPGP protocol CLI tool for Linux.
• DD - Cheatsheet · cheatsheets
  Comprehensive cheatsheet for for `dd` CLI tool for Linux.
• CoCoracle - GrizzHacks8 CTF Writeup · ctf
  Write-up/solution explanation for one of many challenges I made for GrizzHacks8. This post goes over the **Boomerang** attack, more specifically as it relates to the COCONUT98 block cipher.
• Linux Privilege Escalation Notes: Permissions, Sudo Escapes, Cron Abuses, and SUID Tricks · linux
  A field-ready set of Linux local privilege escalation techniques: writable /etc/passwd, sudo shell escapes via GTFOBins, cron misconfigurations (writable scripts and wildcard injection), and SUID/SGID exploitation patterns including known CVEs, shared object injection, and PATH/environment hijacking.
• VigenereSolver-ng · projects
  Advanced vigenere cipher brute force solver utilizing classical techniques combined with LLM-based techniques for english plaintext scoring, as well as other math tricks for better approximations and key length/char predictions.
• OS Enumeration · pentesting
  Basic commands for local OS enumeration

Categories

• Cheatsheets
• Cryptography
• Ctf
• Guides
• Linux
• Pentesting
• Projects
• Web