Learning Practical Cryptography and secure implementations
Instructors:
Ajit Hatti
We will build Solid Understanding of the basic primitives, schemes and building blocks of cryptography + PKI.
Next we will see how to securely implement these blocks in any system and also detect and exploit vulnerable implementations.
We will use OpenSSL as our Swiss Army Knife and practically understand how the cryptography, benchmarking, crypto-assessment, back door detection is done. We will see how the balance between security requirements and the performance & compliance is achieved by choosing the right set of primitives.
Course Content (TOC):
Understanding The Basic Building Blocks of Cryptography & PKI
- Using Trustable Crypto Source & Libraries
- OpenSSL : Swiss Army knife of Cryptography [Lots of hands on assessment here]
Defining & Testing Secure Communications
- Configuring an HTTPS server
- Understanding SSL/TLS communication & Flaws
- Attacks on SSL/TLS protocols using web Proxies
- Undocumented Attacks & Bypasses for SSL/TLS
- Perfect Forward Secrecy
Storing and Retrieval/Archiving of the Sensitive Data
- Basic Cryptographic algorithms
- Understanding the Limitations & attacks on cryptographic algorithms
- Malware precaution & protection
- Storing & Securing sensitive Data in Cloud
Processing Sensitive Data
- In memory processing of sensitive data
- Securing data processing in Cloud
- Browser Hacks on sensitive data caching
Recent & Popular attacks
- Heart Bleed to SSL Sniff/Strip
- Back-dooring the (P)RNG & other crypto algorithms
- Hashes & Collisions
Exploitation in Post Quantum Scenerio
- Post Quantum & Contemporaneity Cryptography
- Quantum Key Generation & Distribution
- Post Quantum Crypto Systems
More Attacks
- Timing Attacks
- OCSP stappeling
- HSTS time stamps
- PRNG Functions
- Crypt Analysis
- Side Channel Attacks
Pre-Requisite
- Basic understanding of security concepts - Data integrity, impersonation, data sniffing
- Basic ability to script and run linux commands
- Some experience with capturing packets and analysis of of TCP/IP frames
- Very basic elementary maths
Participants Requirements
- A laptop with a Linux, Mac or access to Linux OS of your choice is a must
- Openssl any version, C/C++ compilers, python 2/3 for tooling and scripting
- Browser, web proxy & any Web Server instance on your machine.
Who Should Attend
- Security Professionals responsible for Testing, Developing, Designing, Auditing critical systems with Cryptographic implementations
What to expect
- Working use and abuse of PKI systems using Openssl Toolkit
- Know how to test and exploit secure protocols, encrypted networks, few crypt analysis techniques
- Where to look for flaws in systems secured by cryptography
- What are the latest attacks in the Cryptographic world and how do they work
- Know end to end use and abuse of Browser to Web server secure channels
- Know few advanced standards and theoretical attacks.
What not to expect
- A to Z of the Mathematics Behind the Cryptographic standards
- Breaking Google, FB, Banks secure communication by successful cryptanalysis
- This course tries to gives you basic but essential knowledge of cryptography to be an effective Pen-testers, auditors, to become a Cryptographer Lets join a PHD course :)
