//
you're reading...
Self Security

intercepting secure communications black hat Abu Dhabi 2010


Abu Dhabi 2010 Training Session //Nov 8-9

 


 

OVERVIEW:

This is a new and special training that covers both designing and attacking secure protocols. Attendees will learn the fundamentals of how to design a secure protocol, and be armed with the knowledge of how to evaluate the security of and discover weaknesses in existing protocols.

Attendees will walk away with everything they need to intercept several types of secure communication. Attendees will learn the fundamentals of how to design a secure protocol, and be armed with the knowledge of how to evaluate the security of and discover weaknesses in existing protocols.

This training will also cover tricks for attacking implementation vulnerabilities and holes in the glue between different protocols, which can allow for the interception of different types of secure traffic.

WHAT YOU WILL LEARN:

This training is both theoretical and practical, both academic and hacker-foo. The first day covers the design of secure protocols in depth, leaving students with a thorough understanding of how secure protocols are modeled, how the building blocks of cryptography can be combined to result in something secure, and how to look at secure protocols that others publish (from SSH to SSL to Tor to encrypted web cookies) with a critical eye. Concepts that are often tossed around such as IND-CCA, the birthday paradox, and authenticated encryption will be covered in detail.

The second day covers clever tricks for manipulating implementation vulnerabilities and holes in the glue between secure protocols. Participants will be able to practice different types of man-in-the-middle attacks, and different techniques for getting in the middle.

WHO SHOULD ATTEND:

Anyone interested in designing or evaluating secure protocols, and anyone interested in tricks for intercepting secure communication — as well as those seeking to defend their networks from these attacks. Some existing basic knowledge of internet protocols will be useful to attendees.

WHAT TO BRING:

Students are required to bring a laptop with a copy of VMWare Player.

TRAINER:

Moxie Marlinspike is a fellow at the Institute For Disruptive Studies with over thirteen years of experience in attacking networks. He recently published the null-prefix attacks on X.509, the session-denial attacks against OCSP, and is the author of both sslsniff and sslstrip — the former of which was used by the MD5 Hash Collision team to deploy their rogue CA cert, and the latter of which continues to implement Moxie’s deadly “stripping” technique for rendering communication insecure. His tools have been featured in many publications including Hacking Exposed, Forbes Magazine, The Wall Street Journal, the New York Times, and Security Focus as well as on international TV.

Advertisements

About abdessemed mohamed amine

DZ-SECURITY

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Facebook

November 2010
S M T W T F S
« Sep   Dec »
 123456
78910111213
14151617181920
21222324252627
282930  

Twitter

Error: Twitter did not respond. Please wait a few minutes and refresh this page.

  • 365,182 Visit !
%d bloggers like this: