diff --git a/cryptography/aes-cbc-corrupt-resize/.init b/cryptography/aes-cbc-corrupt-resize/.init
new file mode 100755
index 0000000..fc5fecd
--- /dev/null
+++ b/cryptography/aes-cbc-corrupt-resize/.init
@@ -0,0 +1,4 @@
+#!/bin/bash
+
+dd if=/dev/urandom of=/challenge/.key bs=16 count=1
+chmod 600 /challenge/.key
diff --git a/cryptography/aes-cbc-corrupt-resize/DESCRIPTION.md b/cryptography/aes-cbc-corrupt-resize/DESCRIPTION.md
new file mode 100644
index 0000000..77be5fb
--- /dev/null
+++ b/cryptography/aes-cbc-corrupt-resize/DESCRIPTION.md
@@ -0,0 +1,8 @@
+So now you can modify AES-CBC encrypted data without knowing the key!
+But you got lucky: `sleep` and `flag!` were the same length.
+What if you want to achieve a different length?
+
+----
+**HINT:**
+Don't forget about the padding!
+How does the padding work?
diff --git a/cryptography/aes-cbc-corrupt-resize/dispatcher b/cryptography/aes-cbc-corrupt-resize/dispatcher
new file mode 100755
index 0000000..e8d7962
--- /dev/null
+++ b/cryptography/aes-cbc-corrupt-resize/dispatcher
@@ -0,0 +1,14 @@
+#!/opt/pwn.college/python
+
+import os
+
+from base64 import b64encode
+from Crypto.Cipher import AES
+from Crypto.Util.Padding import pad
+from Crypto.Random import get_random_bytes
+
+key = open("/challenge/.key", "rb").read()
+cipher = AES.new(key=key, mode=AES.MODE_CBC)
+ciphertext = cipher.iv + cipher.encrypt(pad(b"sleep", cipher.block_size))
+
+print(f"TASK: {b64encode(ciphertext).decode()}")
diff --git a/cryptography/aes-cbc-corrupt-resize/worker b/cryptography/aes-cbc-corrupt-resize/worker
new file mode 100755
index 0000000..0c38135
--- /dev/null
+++ b/cryptography/aes-cbc-corrupt-resize/worker
@@ -0,0 +1,30 @@
+#!/opt/pwn.college/python
+
+from base64 import b64decode
+from Crypto.Cipher import AES
+from Crypto.Util.Padding import unpad
+from Crypto.Random import get_random_bytes
+
+import time
+import sys
+
+key = open("/challenge/.key", "rb").read()
+
+while line := sys.stdin.readline():
+	if not line.startswith("TASK: "):
+		continue
+	data = b64decode(line.split()[1])
+	iv, ciphertext = data[:16], data[16:]
+
+	cipher = AES.new(key=key, mode=AES.MODE_CBC, iv=iv)
+	plaintext = unpad(cipher.decrypt(ciphertext), cipher.block_size).decode('latin1')
+
+	print(f"Received command: {plaintext}")
+	if plaintext == "sleep":
+		print("Sleeping!")
+		time.sleep(1)
+	elif plaintext == "flag":
+		print("Victory! Your flag:")
+		print(open("/flag").read())
+	else:
+		print("Unknown command!")
diff --git a/cryptography/module.yml b/cryptography/module.yml
index da9de43..aabc792 100644
--- a/cryptography/module.yml
+++ b/cryptography/module.yml
@@ -35,6 +35,8 @@ challenges:
   name: AES-CBC
 - id: aes-cbc-corrupt
   name: AES-CBC Tampering
+- id: aes-cbc-corrupt-resize
+  name: AES-CBC Resizing
 - id: level-6
   name: DHKE
 - id: level-7