- CFP
- Training
- Schedule
- Venue
- Speakers
- Volunteer
- Recreation
- Blackshield Awards
- CTF
- Sponsors
- Exhibition
- Job Fair
- CXO Track
- Goa'18
- Training
- Understanding and Exploiting Cryptography & PKI Implementations
Trainer Name: Ajit Hatti
Title: Understanding and Exploiting Cryptography & PKI Implementations
Duration: 2 Days
Dates: 28th Feb - 1st March 2018
Overview
The aim of the workshop will be to build Solid Understanding of the basic primitives of cryptography and building blocks of PKI. How these different blocks come together and try to provide you end to end security and still there are many ways you can get around and exploit these Implementations.
We will use OpenSSL as our Swiss Army Knife and practically understand how the cryptography, benchmarking, crypto-assessment, back door detection is done. We will see how the balance between security requirements and the performance & compliance is achieved by choosing the right set of primitives.
And One day entirely hands on to attack, bypass or exploit the SSL / TLS implementations in N different wa.
Course Content
Understanding The Basic Building Blocks of Cryptography & PKI
- Using Trustable Crypto Source & Libraries
- OpenSSL: Swiss Army knife of Cryptography [Lots of hands on assessment here]
Defining & Testing Secure Communications
- Configuring an HTTPS server
- Understanding SSL / TLS communication & Flaws
- Attacks on SSL / TLS protocols using web Proxies
- Undocumented Attacks & Bypasses for SSL / TLS
- Perfect Forward Secrecy
Storing and Retrieval / Archiving of the Sensitive Data
- Basic Cryptographic algorithms
- Understanding the Limitations & attacks on cryptographic algorithms
- Malware precaution & protection
- Storing & Securing sensitive Data in Cloud
Processing Sensitive Data
- In memory processing of sensitive data
- Securing data processing in Cloud
- Browser Hacks on sensitive data caching
Recent & Popular attacks
- Heart Bleed to SSL Sniff / Strip
- Back-dooring the (P)RNG & other crypto algorithms
- Hashes & Collisions
Exploitation in Post Quantum Scenerio
- Post Quantum & Contemporaneity Cryptography
- Quantum Key Generation & Distribution
- Post Quantum Crypto Systems
More Attacks
- Timing Attacks
- OCSP stappeling
- HSTS time stamps
- PRNG Functions
- Crypt Analysis
- Side Channel Attacks
Misc..
- Quantum CryptoGraphy
- Quantum Key Distribution
- Quantum Resist crypto premitives
- Attacks on Quantum Computing
- Few Practical tips on Privacy and security
Who should attend?
- Security Professionals responsible for Testing, Developing, Designing, Auditing critical systems with Cryptographic implementations
What to Expect?
Walk away with the pratical knowledge of
- Working use and abuse of PKI systems using Openssl Toolkit
- Know how to test and exploit secure protocols, encrypted networks, few crypt analysis techniques
- Where to look for flaws in systems secured by cryptography
- What are the latest attacks in the Cryptographic world and how do they work
- Know end to end use and abuse of Browser to Web server secure channels
- Know few advanced standards and theoretical attacks.
What not to Expect?
- A to Z of the Mathematics Behind the Cryptographic standards
- Breaking Google, FB, Banks secure communication by successful cryptanalysis
- This course tries to gives you basic but essential knowledge of cryptography to be an effective Pen-testers, auditors, to become a Cryptographer Lets join a PHD course :)
Must Bring
- Mac or a A laptop with a Linux of your choice is must
- Openssl any version, C / C++ compilers
- Browser, web proxy & any Web Server instance on your machine
About the Trainer
Ajit Hatti
Ajit Hatti is a Co-founder of "null - Open security community", and author of LAMMA and GibberSense, the crypto security assessment tools.
Previously worked on secure applications of Cryptography at Symantec Corporation. He has worked as an Engineer and Security Researcher with security companies like IBM-ISS, Bulelane, Zscaler in past.
He has previously presented his security research at BlackHat, DEF CON + Crypto Privacy Village, NullCon, Ground Zero Summit & COCON