• Goa'17
  • Training
  • Understanding and Exploiting Cryptography & PKI Implementations

Understanding and Exploiting Cryptography & PKI Implementations

Ajit Hatti

Trainer Name: Ajit Hatti
Title: Understanding and Exploiting Cryptography & PKI Implementations
Duration: 2 Days
Dates: 1st - 2nd March


The aim of the workshop will be to build Solid Understanding of the basic primitives of cryptography and building blocks of PKI. How these different blocks come together and try to provide you end to end security and still there are many ways you can get around and exploit these Implimentations.

We will use OpenSSL as our Swiss Army Knife and practically understand how the cryptography, benchmarking, crypto-assessment, back door detection is done. We will see how the balance between security requirements and the performance & compliance is achieved by choosing the right set of primitives.

And One day entirely hands on to attack, bypass or exploit the SSL/TLS implementations in N different wa.

Course Content

Understanding The Basic Building Blocks of Cryptography & PKI

  • Using Trustable Crypto Source & Libraries
  • OpenSSL : Swiss Army knife of Cryptography [Lots of hands on assessment here]

Defining & Testing Secure Communications

  • Configuring an HTTPS server      
  • Understanding SSL/TLS communication & Flaws
  • Attacks on SSL/TLS protocols using web Proxies
  • Undocumented Attacks & Bypasses for SSL/TLS
  • Perfect Forward Secrecy

Storing and Retrieval/Archiving of the Sensitive Data

  • Basic Cryptographic algorithms
  • Understanding the Limitations & attacks on cryptographic algorithms
  • Malware precaution & protection
  • Storing & Securing sensitive Data in Cloud

Processing Sensitive Data

  • In memory processing of sensitive data
  • Securing data processing in Cloud
  • Browser Hacks on sensitive data caching

Recent & Popular attacks

  • Heart Bleed to SSL Sniff/Strip
  • Back-dooring the (P)RNG & other crypto algorithms
  • Hashes & Collisions

Exploitation in Post Quantum Scenerio

  • Post Quantum & Contemporaneity Cryptography
  • Quantum Key Generation & Distribution
  • Post Quantum Crypto Systems

More Attacks

  • Timing Attacks
    • OCSP stappeling
    • HSTS time stamps
    • PRNG Functions         
  • Crypt Analysis
  • Side Channel Attacks


  • Quantum CryptoGraphy 
    • Quantum Key Distribution
    • Quantum Resist crypto premitives
    • Attacks on Quantum Computing
  • Few Practical tips on Privacy and security

Who should attend?

  • Security Professionals responsible for Testing, Developing, Designing, Auditing critical systems with Cryptographic implementations

What to Expect?

Walk away with the pratical knowledge of

  • Working use and abuse of PKI systems using Openssl Toolkit
  • Know how to test and exploit secure protocols, encrypted networks, few crypt analysis techniques
  • Where to look for flaws in systems secured by cryptography
  • What are the latest attacks in the Cryptographic world and how do they work
  • Know end to end use and abuse of Browser to Web server secure channels
  • Know few advanced standards and theoretical attacks.

What not to Expect?

  • A to Z of the Mathematics Behind the Cryptographic standards
  • Breaking Google, FB, Banks secure communication by successful cryptanalysis
  • This course tries to gives you basic but essential knowledge of cryptography to be an effective Pen-testers, auditors,  to become a Cryptographer Lets join a PHD course :)

Must Bring

  • A laptop with a Linux of your choice is must
  • Openssl any version, C/C++ compilers
  • Browser, web proxy & any Web Server instance on your machine.

About the Trainer

Ajit Hatti

Ajit Hatti is a Co-founder of “null -Open security community”, His work is focused on Infrastructure Security, providing Trusted Computing On Hostile Platforms & most of his papers are in social interest. Invented the widely exploited “Applanting” attack.

Previously worked on secure applications of Cryptography at Symantec Corporation. He has worked as an Engineer and Security Researcher with security companies like IBM-ISS, Bulelane, Zscaler in past.

He has previously presented his security research at BlackHat, NullCon, Ground Zero Summit, C0C0N & Defcon CPE

Copyright © 2019-20 | Nullcon India | International Security Conference | All Rights Reserved