Applied Cryptanalysis
The Immunity Cryptanalysis class takes traditionally dense Academic cryptanalytic theory and presents it in a practical way. The course relates each topic to practical examples. As students progress through the course they will take away real world cryptanalytic skills they can start employing immediately. Students learn to effectively recognize and exploit weakly implemented cryptography based on real world examples. More importantly, students will learn a methodology for expanding their own cryptanalytic prowess by learning to use a practical cryptanalytic tool chain. This course sets experienced vulnerability researchers up with the base they need to expand into the world of flawed cryptography.This is an advanced class that requires a solid understanding of Python, some C and familiarity with mathematics for cryptography.
For the latter, we list here preparatory material and strongly advise prospective students to review it:
Basics/RSA/Modular Arithmetic
http://pi.math.cornell.edu/~mec/2003-2004/cryptography/diffiehellman/diffiehellman.html http://pi.math.cornell.edu/~mec/2003-2004/cryptography/RSA/RSA.html
Elliptic Curves
http://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/ http://andrea.corbellini.name/2015/05/23/elliptic-curve-cryptography-finite-fields-and-discrete-logarithms/
For additional information or pricing quotes please send an email to training@immunityincdotcom.
Class Syllabus *
Day One
- Academia vs Real World Cryptanalysis
- Performing Crypto Algebra with Sage (Finite Groups, Elliptic Curves, Boolean Polynomial Ring)
- Hands on problem solving with Sage
- The state of PRNG and associated issues
- The state of Hash Functions
- Statistical and Algebraic attacks against Symmetric ciphers
- A focus on Groebner Bases and SAT
Day Two
- The state of RSA (common mistakes & factorization)
- Solving (EC)DLP (Pollard RHO, Index calculus)
- Elliptic Curves specifics
Day Three
- Real World Implementation issues
- Symmetric/Asymmetric primitives
- Source / Compilation / Languages / Platform specific issues
- Local timing attacks
- Improvement of an attack using filtering
Day Four
- Cache attacks
- Padding Oracle
- Remote timing attacks
* class syllabus is subject to change
(ISC)2 CPE CREDIT INFORMATION
All of Immunity's training courses offer Continuing Professional Education (CPE) credits.
If you are interested in earning credits, just let Immunity know in advance.
| COURSE | * CPE CREDITS | CERTIFICATIONS |
|---|---|---|
| Web Hacking | 28 | CISSP, CSSLP, SSCP |
| Applied Cryptanalysis | 28 | CISSP, CSSLP, SSCP |
| Linux Kernel Exploitation | 28 | CISSP, CSSLP, SSCP |
* Total potential credits |
