We will build Solid Understanding of the basic primitives, schemes and building blocks of cryptography + PKI.
Next we will see how to securely implement these blocks in any system and also detect and exploit vulnerable implementations.
We will use OpenSSL as our Swiss Army Knife and practically understand how the cryptography, benchmarking, crypto-assessment, back door detection is done. We will see how the balance between security requirements and the performance & compliance is achieved by choosing the right set of primitives.
Course Content (TOC):
Understanding The Basic Building Blocks of Cryptography & PKI
Using Trustable Crypto Source & Libraries
OpenSSL : Swiss Army knife of Cryptography [Lots of hands on assessment here]
Defining & Testing Secure Communications
Configuring an HTTPS server
Understanding SSL/TLS communication & Flaws
Attacks on SSL/TLS protocols using web Proxies
Undocumented Attacks & Bypasses for SSL/TLS
Perfect Forward Secrecy
Storing and Retrieval/Archiving of the Sensitive Data
Basic Cryptographic algorithms
Understanding the Limitations & attacks on cryptographic algorithms
Malware precaution & protection
Storing & Securing sensitive Data in Cloud
Processing Sensitive Data
In memory processing of sensitive data
Securing data processing in Cloud
Browser Hacks on sensitive data caching
Recent & Popular attacks
Heart Bleed to SSL Sniff/Strip
Back-dooring the (P)RNG & other crypto algorithms
Hashes & Collisions
Exploitation in Post Quantum Scenerio
Post Quantum & Contemporaneity Cryptography
Quantum Key Generation & Distribution
Post Quantum Crypto Systems
More Attacks
Timing Attacks
OCSP stappeling
HSTS time stamps
PRNG Functions
Crypt Analysis
Side Channel Attacks
Pre-Requisite
Basic understanding of security concepts - Data integrity, impersonation, data sniffing
Basic ability to script and run linux commands
Some experience with capturing packets and analysis of of TCP/IP frames
Very basic elementary maths
Participants Requirements
A laptop with a Linux, Mac or access to Linux OS of your choice is a must
Openssl any version, C/C++ compilers, python 2/3 for tooling and scripting
Browser, web proxy & any Web Server instance on your machine.
Who Should Attend
Security Professionals responsible for Testing, Developing, Designing, Auditing critical systems with Cryptographic implementations
What to expect
Working use and abuse of PKI systems using Openssl Toolkit
Know how to test and exploit secure protocols, encrypted networks, few crypt analysis techniques
Where to look for flaws in systems secured by cryptography
What are the latest attacks in the Cryptographic world and how do they work
Know end to end use and abuse of Browser to Web server secure channels
Know few advanced standards and theoretical attacks.
What not to expect
A to Z of the Mathematics Behind the Cryptographic standards
Breaking Google, FB, Banks secure communication by successful cryptanalysis
This course tries to gives you basic but essential knowledge of cryptography to be an effective Pen-testers, auditors, to become a Cryptographer Lets join a PHD course :)
This course is the culmination of years of experience gained via practical pentesting of mobile applications as well as countless hours spent in research.
