CAST 615 - Hacking "Secure" Encryption and Countermeasures




 
   
       
 		  
 



Hacking "Secure" Encryption and Countermeasures (CAST 615)
An In-Depth Analysis of Cryptography

 

 

Perhaps you already know SSL/TLS in depth, you can setup a VPN in your sleep, and you have been using TruCrypt for years.  Maybe your middle name is AES (John AES Smith), but do you know enough? This course will teach you the major algorithms in depth, allowing you to understand proper implementation and exploitation.  For example can you crack hard drive encryption? How likely is it to be able to break a given RSA implementation?  This course does not assume you have a strong math background, it will teach you enough number theory to understand cryptography.
 


This in-depth analysis delves into how Cryptography has become key to modern security especially in areas using SSL for securing bank transactions, encryption for e-commerce purchases or hard drive encryption just to mention a few.

Brainstorm situations you face in your career that are unique to you alone with a highly regarded expert in this extremely technical field, at the end of the day you will be among a very elite group of specialist armed with unique skills setting you apart from other cryptanalysts.

Hacking "Secure" Encryption and Countermeasures course immerses students into the intricate science of cryptography teaching students the history of cryptography, modern cryptographic methods, and how to use techniques like cryptanalysis to break cryptography. The course also covers closely related topics such as hashing and digital certificates.
This course is appropriate for security professionals who want to understand encryption on a deeper level, and for those who may need to learn techniques in breaking encryption.

Chuck Easttom is the author of 13 computer science books including 2 computer security textbooks used at universities around the globe and translated into several languages. He also holds a host of IT certifications including MCP, MCSA, MCSE, MCAD, MCTS (Windows 7, Windows Server 2008, SQL Server 2008, and Visual Studio 2010), MCITP (Windows 7 and SQL Server 2008), MCDBA, MCT, A+, Network+, Linux+,iNet+, Server+, CEH, CHFI, ECSA, and CISSP. He currently has 7 provisional patents, all related to computer science and 4 related to computer security. One of those patents regards a new method of steganography, another regards a new approach to detecting spyware, and yet another involves the invention of a new, more stable file system.

Mr. Easttom is also the inventor of a method for quantifying network security that is being taught at several universities, and most recently has developed a new approach to creating ghost drives. He has taught various security related courses for several years and has over 10 years of teaching experience. He is also a frequent consultant on various computer related court cases including both criminal and patent cases. While Mr. Easttom has a broad range of security expertise, his passion has always been cryptography.
Students completing this course will gain in-depth knowledge in the following areas:
  • History and Introduction of Cryptography
  • Number Theory and Discrete Mathematics
  • Symmetric Algorithms
  • Asymmetric Algorithms
  • Cryptanalysis
  • Steganography
  • Quantum Cryptography
  • Multikey cryptographic methods




1. History and Introduction
  • Atbash cipher
  • Caesar Cipher
  • Rot 13
  • Cipher Wheel
  • Vigenere Cipher
  • Enigma Machine
  • Kerkchoff’s Principle
  • Overview of modern cryptographic approaches
2. Number Theory and Discrete Mathematics
  • Information Theory
      • Diffusion
      • Confusion
      • Avalanche
      • Prime Numbers
          • Generating Prime Numbers
          • Euler’s Totient
          • Mod operations
          • Fibonacci Numbers
          • Random and Pseudo Random Numbers
          • Pseudo-Hadamard transform
              • 3. Symmetric Algorithms
              • Block v Stream Ciphers
              • DES
              • 3DES
              • AES
              • Blowfish
              • Twofish
              • Skipjack
              • RC4
              • Hashing
              • MD5 and MD6
              • SHA1 – SHA 512
              • Fork 256
              • RIPEMD-160
              • Gost (note this is used by the Russian military so is of interest to DoD).
              • Tiger
              • Symmetric Algorithm Methods
              • Electronic codebook (ECB)
              • Initialization vector (IV)
              • Cipher-block chaining (CBC)
              • Propagating cipher-block chaining (PCBC)
              • Cipher feedback (CFB)
              • Output feedback (OFB)
              • Counter (CTR)
              • Tools used in this section
              • CryptoBench
              • CryptTool 2.0
              4. Asymmetric Algorithms
              • RSA
              • Elliptic Curve
              • El Gamal
              • DSA
              • Digital Signatures and Certificates
              5. Cryptanalysis
              • Chosen ciphertext only
              • Chosen plain text
              • Ciphertext only
              • Kasiski Examination
              • Differential Cryptanalysis
              • Linear Cryptanalysis
              • Integral Cryptanalysis
              • Mod –n cryptanalysis
              • Brute Force
              • L0phtCrack
              • Brutus
              6. Steganography
              • Historical
              • Image
              • Video
              • Audio
              • Steganalysis
              • Tools used in this lesson:
              • Invisible Secrets 2.1
              • MP3 Stego
              7. Additional Topics
              • Quantum Cryptography
              • Quantum Key Distribution (QKD)
              • Multikey cryptographic methods
              • Wireless
              • WEP
              • WPA
              • WPA2
              • SSL/TLS
              • PKI
Computer Forensics
It is possible to circumvent or crack encryption, including hard drive encryption, depending on the way it was implemented. Cryptography is necessary in order to be able to unlock encrypted evidence.

Pen Testers/Ethical Hackers
Most penetration testers do not understand enough about cryptography to really test an organizations encryption. That means that even a thoroughly audited and pen tested organization may have major vulnerabilities in their encryption.

Selecting, implementing VPN’s or digital certificates.
Without understanding the cryptography at some depth, people are limited to following marketing hype. Understanding the actual cryptography allows you to know which one to select. A person successfully completing this course would have that knowledge.

A practical example of the benefits of cryptographic knowledge.
Hard drive encryption is a critical topic. A classic example is the use of hard drive encryption products. Windows 7 Enterprise and Ultimate come with BitLocker. This is for you to encrypt your hard drive. There are also open source products like TruCrypt that also allow you to encrypt your hard drive. Which should you use? And why? Well it so happens that Bitlocker uses AES 128 bit whereas TruCrypt uses AES 256 bit. It also happens that the U. S. National Security Agency rates the AES 256 bit for Top Secret documents whereas 128 bit AES is not rated for secret or top secret data. This course goes in detail through the AES algorithm. A student successfully completing this course would be well equipped to make this decision.
  • Cryptanalysts and those who employ Cryptography in their daily tasks
  • Technical security persons who are deeply fascinated with the study of Ciphers or Ciphertext
  • Those with an interest of either finding weaknesses in Ciphers or Ciphertext
  • Those with a responsibility of securing information or breaking cryptosystems
  • Analyst working for a broad range of organizations for unique reasons such as financial institutions Key global players looking to protect crucial information from competitors to maintain a competitive position
  • Governments trying to secure their diplomatic and military transmissions

Where would a Cryptanalysts be required?
All levels of government such as:
  • Special services
  • Intelligence agencies
  • Customs
  • Immigration
  • Central Banks
Organizations such as:
  • Universities
  • Bank and trust companies
  • Brokerage and Trading firms
  • Financial institutions
  • Insurance companies
  • Scientific institutions
  • Research agencies
  • Telecommunication companies
  • Computer design firms
  • Consulting firms
  • Science and Engineering firms
  • Involved with online related businesses
  • Card related businesses
CAST On-site provides personalised Advanced Security Courses to meet the needs of the individual or company and are planned to ensure maximum flexibility in terms of logistics, dates and cost issues. Our certified expert trainers are experienced educators and highly knowledgeable in their respective fields. CAST On-site prides itself on strict quality control principles at all times to ensure that clients receive the highest standard of training and service.
CAST On-Site training is designed to add great value to your work force by increasing staff efficiency and skills ensuring improved productivity and output that far exceeds the value of the initial training costs.

Key features of CAST On-site:
  • Each of the courses selected from the CAST Advanced Training Suite will be specifically designed to meet the needs of each individual, based according to their current skills and pace of learning to meet your organisation’s unique objectives and goals
  • CAST On-site expert/trainers will be flown down to your premise of choice at a date most suitable to you
  • CAST On-site allows students to receive training in more manageable sessions arranged over a spread of a few days that allowing for greater absorption of knowledge with an opportunity to practice and verify the new skills after each session prior to commencing the next one
  • With CAST On-site Advanced Security courses students will be able to take advantage of directly conversing with the chosen expert in matters unique to the student and your organisation
  • You can be rest assured that all challenges and objectives pertaining to your organisation’s goals can be discussed in an environment that ensures complete confidentiality
  • Each individual client receives the required high level of training that is benchmarked to international best practise and standards
  • Each student receives a CAST Advanced Security Training Courseware that allows them to follow and revise the material that has been taught to them
  • Upon completion of the course, each student will receive a CAST On-Site Advanced Security Training certificate of attendance

We at CAST would like to hear from you

if you have questions, comments or feedback for us, please send us a message using the from below or email us at cast@eccouncil.org
For more information and news updates, connect with us via Social Media or our Mailing List.
We look forward to hearing from you!

CAST General Enquiry Form