We will not teach you how to run Nessus and Nmap, nor tell you to have a SNMP policy.

We will teach you to write exploits and how to attack.

Applied Cryptanalysis

The Immunity Cryptanalysis class takes traditionally dense Academic cryptanalytic theory and presents it in a practical way. The course relates each topic to practical examples. As students progress through the course they will take away real world cryptanalytic skills they can start employing immediately. Students learn to effectively recognize and exploit weakly implemented cryptography based on real world examples. More importantly, students will learn a methodology for expanding their own cryptanalytic prowess by learning to use a practical cryptanalytic tool chain. This course sets experienced vulnerability researchers up with the base they need to expand into the world of flawed cryptography.This is an advanced class that requires a solid understanding of Python, some C and familiarity with mathematics for cryptography.

For the latter, we list here preparatory material and strongly advise prospective students to review it:

Basics/RSA/Modular Arithmetic

http://pi.math.cornell.edu/~mec/2003-2004/cryptography/diffiehellman/diffiehellman.html http://pi.math.cornell.edu/~mec/2003-2004/cryptography/RSA/RSA.html

Elliptic Curves

http://andrea.corbellini.name/2015/05/17/elliptic-curve-cryptography-a-gentle-introduction/ http://andrea.corbellini.name/2015/05/23/elliptic-curve-cryptography-finite-fields-and-discrete-logarithms/

For additional information or pricing quotes please send an email to training@immunityincdotcom.

Class Syllabus *

Day One

  • Academia vs Real World Cryptanalysis
  • Performing Crypto Algebra with Sage (Finite Groups, Elliptic Curves, Boolean Polynomial Ring)
  • Hands on problem solving with Sage
  • The state of PRNG and associated issues
  • The state of Hash Functions
  • Statistical and Algebraic attacks against Symmetric ciphers
  • A focus on Groebner Bases and SAT

Day Two

  • The state of RSA (common mistakes & factorization)
  • Solving (EC)DLP (Pollard RHO, Index calculus)
  • Elliptic Curves specifics

Day Three

  • Real World Implementation issues
  • Symmetric/Asymmetric primitives
  • Source / Compilation / Languages / Platform specific issues
  • Local timing attacks
  • Improvement of an attack using filtering

Day Four

  • Cache attacks
  • Padding Oracle
  • Remote timing attacks

* class syllabus is subject to change


All of Immunity's training courses offer Continuing Professional Education (CPE) credits.
If you are interested in earning credits, just let Immunity know in advance.

Web Hacking 28 CISSP, CSSLP, SSCP
Applied Cryptanalysis 28 CISSP, CSSLP, SSCP
Linux Kernel Exploitation 28 CISSP, CSSLP, SSCP

* Total potential credits