Skip to content
defcontrainings
Shopping Cart 0
Close Back
  • Call for Trainers 2023
  • Training Review Board
  • Code of Conduct
    • Login
    Close
    Your cart is currently empty.
    0

    Total: $0.00

    Shipping & taxes are calculated at checkout.
    View Cart
    Continue browsing
    Ruben Gonzalez - Hacking Cryptography $1,800 Early $1,450

    DEF CON Training

    Ruben Gonzalez - Hacking Cryptography $1,800 Early $1,450

    Hacking Cryptography

    Virtually all digital communication is secured using cryptography. Our laptops, phones, printers, cars, bank cards and washing machines use cryptography to keep things confidential, to make sure messages aren’t tampered with and to establish secure connections. However, even though modern security heavily relies on it, cryptography is complex and oftentimes fragile. This in-depth training shows how cryptography is misused in practice. Moreover, participants will learn how common cryptography screwups can be exploited. To foster skills, participants will write their own exploits and use them on real world systems provided by us.

    Course Outline

    Day 1:

    • Basic Terminology
      • Cryptography
      • Primitives
      • Security Guarantees
      • “Oracles”
    • Python
      • Basics of Python
      • Using Python on Raw Bits and Bytes
      • Using Python for Bignum Computation
      • Challenge Lab: Python
    • Attacks on Symmetric Crypto
      • Stream Ciphers
        • Introduction to Stream Ciphers
        • The One Time Pad and XOR Ciphers
        • Salsa20/Chacha, RC4
        • Exploiting Output Bias
        • Leveraging Partialy Known Plaintext
        • Nonce Reuse Attacks
        • (Compression) Side Channels
        • Challenge Lab: Hacking Stream Ciphers
      • Block Ciphers
        • Introduction to Block Ciphers
        • AES, DES, 3DES
        • Modes of Operation (ECB, CBC, CTR, XTS)
        • Block Shuffling Attacks
        • Nonce Reuse Attacks
        • Bit-Flipping Attacks
        • Padding Oracles
        • Challenge Lab: Hacking Block Ciphers
    • Hash Functions
      • Introduction to Hash Functions
      • Collision Attacks (SHA1/MD5)
      • Length Extension Attacks
      • Rainbow Table Attacks
      • Challenge Lab: Hacking Hash Functions
    • Attacks on Message Authentication Codes (might spill to day 2)
      • Introduction to Message Authentication Codes
      • Attacks on Primitive Constructs
      • Forgery Attacks
      • Authenticated Encryption
      • GCM Forbidden Attack
      • Challenge Lab: Hacking MACs

    Day 2:

    • Entropy Attacks
      • Introduction to the Linux Entropy Pool
      • Misuse of Pseudo Random Number Generators
        • Predicting Linear Congruential Generators
        • Predicting Mersenne Twister
        • Predicting Linear Feedback Shift Registers
      • The Dual EC DRBG Backdoor
      • Challenge Lab: Hacking Randomness
    • Attacks on Asymmetric Crypto / RSA
      • Introduction to RSA
      • RSA Key Formats
      • Attacks on Textbook RSA
      • Attacks on Short Keys
      • Forging RSA Signatures
      • RSA PKCS#1.5 Signatures
        • Padding/Bleichenbacher Attacks on RSA
      • Challenge Lab: Hacking RSA
    • Attacks on Asymmetric Crypto / ECC
      • Introduction to Elliptic Curve Cryptography
      • The Java ECC Screwup
      • Exploiting ecDSA Nonce Reuse
      • Exploiting ed25519 Bad Public Keys
      • Invalid Point Attacks
      • Challenge Lab: Hacking ECC
    • Further Attacks
      • JWT Implementation Bugs
      • TLS Weaknesses
      • Challenge Lab: Exploiting JWT
    • Farewell
      • Presentation of Take Home Challenges
      • Recap - Cryptography

    Prerequisites

    This is a beginner to intermediate course. The contents are compressed, but no prior knowledge of cryptography is needed. Every subject is introduced before attacks are presented.

    Students should be familiar with at least one scripting language (e.g. Python) and have a basic understanding of computer networks.

    Equipment Requirements

    Participants should bring a laptop with administrator/root access to install software.

    Certificate

    At the end of the course participants can take a test to certify their knowledge.

    Previous Training

    This training was previously held at private corporations.

    Trainers

    Ruben Gonzalez (Lead Trainer, He/Him):

    • 10 years in offensive security research
    • Bug hunter for cryptography code
    • Lead trainer at Neodyme.io
    • Auditor of crypto code for multiple large industry projects
    • Part-time PhD candidate for cryptographic implementations at the Max Planck Institute
    • Multi-time DEFCON CTF finalist (team Sauercloud)
    • Twitter: redrocket_ctf

    Tim Schmidt (Support Trainer, He/Him):

    • 5 years in vulnerability research
    • Tinkerer and Hardware Hacker
    • Profound interest in real-world attacks on cryptography
    • Multi-time DEFCON CTF finalist (team Sauercloud)
    • Trainer at Neodyme.io

      $1,450.00

      DEF CON Communications, Inc.

      1100 Bellevue way NE

      8A-85

      Bellevue, WA 98004

      American Express Apple Pay Diners ClubDiscoverMeta Pay Google Pay MastercardPayPalShop PayVenmo Visa
      Copyright © 2023 defcontrainings. Powered by Shopify
      Attention!

      This site uses cookies to provide you with the best user experience possible. By continuing to use this site, you accept our use of cookies.

      Read our privacy policy.

      }