INFOSEC

CRYPTOGRAPHY

SECTION 01 // FUNDAMENTALS

WHAT IS CRYPTOGRAPHY? Cryptography is the study of keeping data safe and private. The goal is simple: make sure only the right people can read a message. There are three core goals — Confidentiality (keep it secret), Integrity (keep it unchanged), and Authentication (prove who sent it). These three together are called the CIA Triad.

SYMMETRIC ENCRYPTION

One key does both jobs — it encrypts AND decrypts. It's fast and great for large amounts of data. The hard part is safely sharing that one key with the other person.

FAST

BULK DATA

COMMON ALGORITHMS

AES-128/256 — the gold standard today
ChaCha20 — fast on phones and small devices
DES / 3DES — old and weak, avoid these
Blowfish — older but still seen in CTFs

ASYMMETRIC ENCRYPTION

Uses a key pair — a public key to encrypt, and a private key to decrypt. Solves the key-sharing problem. It's slower, so it's mainly used for key exchange and digital signatures.

TLS/SSL

SSH

PGP

COMMON ALGORITHMS

RSA — most widely used; security relies on factoring large numbers
ECC — smaller keys, same security level as RSA
DSA / ECDSA — used for digital signatures
ElGamal — found in PGP encryption

HASH FUNCTIONS

A hash function takes any input and outputs a fixed-size “fingerprint”. It only works one way — you can't reverse it. Used for storing passwords, checking file integrity, and signing data.

ONE-WAY

INTEGRITY

HASH SIZES (HEX LENGTH)

MD5 — 128-bit / 32 hex chars — BROKEN
SHA-1 — 160-bit / 40 hex chars — DEPRECATED
SHA-256 — 256-bit / 64 hex chars — USE THIS
SHA-3 / BLAKE3 — newer and even stronger

WARNING — BROKEN HASH FUNCTIONS MD5 and SHA-1 are no longer safe. Attackers can create two different files that produce the same hash (called a collision attack). Never use these for passwords or signatures. Use SHA-256 or better, and Argon2/bcrypt for passwords.

AES-256-GCM

RSA-4096

ECDSA P-256

SHA-256

Argon2id

ChaCha20-Poly1305

X25519

Ed25519

CTF TIPS

SECTION 02 // CAPTURE THE FLAG STRATEGIES

STEP 1 — IDENTIFY THE ENCODING Before you try to decode anything, look at the characters used. You can usually figure out the encoding type just by looking at the pattern and format.

WHAT IT LOOKS LIKE	PROBABLY IS	FIRST TOOL TO TRY
Only A-Z + spaces	Caesar, Atbash, Vigenère, Morse	dcode.fr cipher identifier
Only 0-9 + spaces	ASCII decimal, Polybius, phone-pad	CyberChef “From Charcode”
0-9 + A-F pairs	Hexadecimal	CyberChef “From Hex”
Ends with = or ==	Base64	atob() in browser console
Groups of 8 zeroes and ones	Binary (ASCII)	CyberChef “From Binary”
Dots and dashes	Morse code	morsecode.world
Letters shifted uniformly	Caesar / ROT-N	Try all 25 shifts (CyberChef)
Looks like mirrored alphabet	Atbash (A=Z, B=Y...)	CyberChef “Atbash Cipher”
Hex bytes XORed with a key	XOR cipher	CyberChef XOR, xortool
Mixed letters with a keyword	Vigenère cipher	dcode.fr Vigenère solver

  THE QUICK-DECODE LADDER

01
Base64 — look for trailing = or ==. Use atob() in your browser console or CyberChef.
02
Hex — pairs of hex digits (0-9, A-F). Convert each pair to ASCII. 68 65 6c 6c 6f → hello
03
ROT13 — shift each letter by 13. It's its own reverse: uryyb → hello. Same operation encrypts and decrypts.
04
Caesar Brute Force — try all 25 shifts. CyberChef “ROT Brute Force” shows all outputs at once so you can spot the real one.
05
Atbash — mirror the alphabet: A=Z, B=Y, C=X. svool → hello. Simple and fast to apply manually.
06
XOR — if given a key: plaintext = ciphertext XOR key. Apply byte-by-byte. CyberChef “XOR” or pwntools handles this quickly.
07
Binary — group into 8-bit bytes, convert to decimal, then ASCII. 01101000 = 104 = h
08
Vigenère — needs a keyword. Look for the key hidden in the challenge title, image metadata, or intro text.
09
Multi-layer encoding — CTF challenges often stack 2 or 3 encodings together. Work from the outside in, one layer at a time.
10
Bacon / Playfair — rare. Bacon uses A/B patterns; Playfair groups letters into pairs using a keyword grid.

HASH CRACKING — START CHEAP, GO EXPENSIVE Always try the fast, free methods first. Rainbow tables are instant for common passwords. Only spin up a GPU cracker if the fast methods fail.

RAINBOW TABLES

Pre-built tables of hash→password lookups. Instant results for common passwords. crackstation.net has billions of entries covering MD5, SHA1, SHA256. Fails on salted hashes.

TRY FIRST

INSTANT

IDENTIFY BY LENGTH

32 hex chars = MD5
40 hex chars = SHA-1
64 hex chars = SHA-256
96 hex chars = SHA-384
128 hex chars = SHA-512

WORDLIST ATTACK

Try every word in a known password list. rockyou.txt (14 million real passwords) is the go-to CTF wordlist. Use with hashcat or John the Ripper.

hashcat -a 0

BRUTE FORCE

Try every possible combination. Needs a GPU for real speed. hashcat -a 3 -m 0 hash.txt ?a?a?a?a?a tries all 5-character combos against MD5.

GPU NEEDED

RSA ATTACK CHECKLIST Most CTF RSA challenges have intentionally weak settings. Run RsaCtfTool first — it auto-tries 20+ attacks from just a public key file.

CONDITION	ATTACK	TOOL
e = 3 (small exponent)	Cube root / Coppersmith attack	RsaCtfTool, SageMath
Same N used twice	Common modulus — use GCD	Python math.gcd(n1,n2)
N is small (<512 bit)	Direct integer factorization	FactorDB, yafu, msieve
Very large private exponent d	Wiener's continued fraction	RsaCtfTool --attack wiener
Two keys share a factor	GCD of the two moduli reveals p	Python: math.gcd(n1, n2)
p and q are close together	Fermat's factorization method	RsaCtfTool --attack fermat

QUICK RSA SOLVE — Python

python3 RsaCtfTool.py --publickey pub.pem --uncipherfile cipher.txt

# Manual shared-factor GCD attack
import math
p = math.gcd(n1, n2) # If != 1, you found p!
q = n1 // p
d = pow(e, -1, (p-1)*(q-1))
flag = pow(c, d, n1)

TOOLS

SECTION 03 // ARSENAL

ONLINE TOOLS — NO INSTALL NEEDED Bookmark these now. They work from any computer, instantly, during any CTF.

TOOL	WHAT IT DOES	URL
CyberChef	The Swiss army knife of encoding/decoding. 300+ operations. Visual recipe builder — just drag and drop.	gchq.github.io/CyberChef
CrackStation	Free rainbow table lookup for MD5, SHA1, SHA256. Always try this first before cracking manually.	crackstation.net
dcode.fr	Automatically identifies unknown ciphers. Decodes 200+ classical and modern ciphers.	dcode.fr
FactorDB	Shared database of factorized numbers. Check if the RSA modulus N has already been factored.	factordb.com
Cryptii	Visual cipher tool with a nice grid output. Great for classical ciphers.	cryptii.com
morsecode.world	Morse code encoder/decoder with audio playback so you can hear what it sounds like.	morsecode.world
quipqiup.com	Solves cryptograms automatically using frequency analysis.	quipqiup.com

CLI TOOLS — FOR SERIOUS WORK These are the heavy-duty tools. Install on a Kali Linux VM. Most come pre-installed on Kali or Parrot OS.

TOOL	WHAT IT DOES	HOW TO GET
Hashcat	GPU-powered hash cracking. Supports 300+ hash types. The fastest hash cracker available.	hashcat.net
John the Ripper	CPU-based hash cracking with wordlists and rules. Handles many different hash formats.	openwall.com/john
RsaCtfTool	Automated RSA attack tool for CTFs. Tries 20+ attack methods from a public key automatically.	pip install rsactftool
PyCryptodome	Full Python crypto library. Essential for writing custom CTF solve scripts.	pip install pycryptodome
OpenSSL	CLI crypto toolkit — parse certs, decrypt files, inspect TLS. Usually already installed.	openssl.org
xortool	XOR cipher analysis tool. Detects key length and brute-forces XOR keys automatically.	pip install xortool
SageMath	Advanced math computing for number theory attacks on RSA and ECC challenges.	sagemath.org
pwntools	CTF framework for exploits and crypto helpers — XOR, padding oracle, and more.	pip install pwntools

PRO TIP Use Kali Linux in a VM — most tools are pre-installed. Keep CyberChef open in a browser tab at all times. When you get an unknown cipher, paste it into dcode.fr's cipher identifier and it'll rank the most likely matches out of 200+ cipher types automatically.

Hashcat

John

CyberChef

pwntools

SageMath

OpenSSL

RsaCtfTool

xortool

Wireshark

Burp Suite

Kali Linux

binwalk

ACHIEVEMENTS

SECTION 04 // OUR VICTORIES

HALL OF FAME These are the real wins from the LSU SOURCE community. Every achievement here was earned through hard work, late nights, and genuine skill.

JOHN HARVEY REQUIOMA

TOP SCORER — Individual Category

Shined bright as the Top Scorer in the Individual Category at the CyberCONNECT: Capture the Flag (CTF) Training and Challenge organized by DICT Region X Online.

Competed against participants across the region and came out on top — proving that LSU SOURCE talent goes beyond the classroom.

DICT REGION X • AUG 30–31, 2025

LSU_TROJANS.EXE — 2ND RUNNER-UP

Cyber Defense Exercise Qualifiers — Philippine Army

Our team LSU_TROJANS.exe claimed 2nd Runner-Up at the Cyber Defense Exercise Qualifiers hosted by the Philippine Army, held in celebration of the 128th Philippine Army Founding Anniversary.

Their performance showcased elite cybersecurity skills on a national defense stage — a proud milestone for LSU SOURCE and La Salle University.

Honor. Patriotism. Duty.

Cathleen Abila Romeo Jagonia Jr. Neil Kevin La Viña Justin Aeron Saladaga

PHILIPPINE ARMY • NOV 13–14, 2025

TEAM LA SALLE EAGLES & LA SALLE TROJANS

Consolation Finalists — HackForGov 3 Region 10

Two La Salle University — Ozamiz teams fought their way to the finals at HackForGov 3 Region 10, a Capture the Flag competition organized by DICT Region X and CERT-PH at GoHotels, Iligan City.

Competing against 13 teams from Northern Mindanao's top schools, Team La Salle Eagles and Team La Salle Trojans both earned the Consolation Finalist distinction — representing LSU with skill and tenacity.

DICT REGION X • AUG 20, 2024

YOUR ACHIEVEMENT COULD BE HERE LSU SOURCE members who compete in CTFs, hackathons, and cyber competitions are always celebrated here. Keep hacking, keep winning.

HACKATHON

SECTION 05 // UPCOMING EVENTS

DATE & TIME

To be announced. Keep an eye on our official website and social media pages for the schedule drop.

TBA

WHO CAN JOIN

Open to IT/CS/COM-ENG students interested in cybersecurity, coding, and problem-solving. No experience required — just bring your curiosity.

EXCLUSIVE

WHAT TO EXPECT

Challenges covering cryptography, network analysis, web security, forensics, and more — just like a real CTF competition.

CTF STYLE

PRIZES

Details coming soon. Start studying now — the knowledge in this vault is your best preparation.

STAY TUNED

HOW TO PREPARE Practice on platforms like picoCTF, TryHackMe, and HackTheBox. Use the tools in Section 03 of this vault. The challenges in this terminal are a small taste of what CTF events look like.

ABOUT SOURCE

SECTION 06 // LSU SOURCE ORG

WHO WE ARE SOURCE aka (Student Organization Utilizing the Realm of Computer Eclecticism) is a student organization dedicated to the exploration and application of cutting-edge computing technologies. We aim to foster a collaborative environment where students can enhance their skills, share knowledge, and contribute to the advancement of ICT in our school and beyond.

  FIND US ONLINE

BUILT BY SOURCE, FOR SOURCE This terminal and knowledge vault was built by an LSU SOURCE member as a hands-on learning tool for our community. If you made it this far — you're already thinking like a hacker. Keep going.