// Cryptanalysis techniques — lattice attacks, padding oracles, weak-RNG exploitation, signature forgery, secret-sharing recovery.
API security testing - GraphQL, REST API, WebSocket, and Web-LLM attack techniques.
Stitches confirmed single-asset findings into multi-hop attack paths across the organization. Builds a graph where nodes are assets and edges are confirmed exploit hops citing the findings that enable them.
Authentication security testing - auth bypass, JWT attacks, OAuth flaws, password attacks, 2FA bypass, CAPTCHA bypass, and bot detection evasion.
Cloud and container security testing - AWS, Azure, GCP, Docker, and Kubernetes misconfigurations and exploitation.
Pentest coordination — orchestrates executor and validator agents with context-controlled spawning. Entry point for all engagements.
Retrieve CVE risk scores from NVD. Auto-invoked whenever a CVE ID is mentioned to display CVSS score, severity, CWE, and description.
| name | cryptography |
| description | Cryptanalysis techniques — lattice attacks, padding oracles, weak-RNG exploitation, signature forgery, secret-sharing recovery. |
Practical cryptanalysis for CTF and pentest engagements: identifying when a cryptographic primitive's structure (custom hash, partial leaks, related primes, bad RNG, weak modes) admits a faster-than-brute-force solver, then implementing that solver in pure Python where possible. Covers RSA-style algebraic factoring, lattice/AGCD recovery, GF(2) linear collapse of "complicated-looking" custom ciphers, smooth-order DLP, differential fault attacks, and Shamir-style secret-sharing recovery over non-prime moduli. Always read source first to detect linearity/algebraic structure before reaching for SageMath or symbolic solvers.
p = a·r + b, phi(n) perfect square, multi-prime hint files, common factors).