One-Day Trainings: Tuesday, October 23
Use of cryptography permeates todays computing infrastructures. While few programmers attempt to implement sophisticated cryptosystems, many unwittingly develop simple protocols in every day applications without adequate knowledge of how cryptographic primitives should be combined. In this training we explore several techniques for analyzing and breaking the kinds of cryptographic protocols which are commonly found in modern applications.
Attendees will first be presented with a brief review of cryptographic primitives and their uses, followed by an introduction of several techniques to analyze cryptographic systems in a black-box manner. In each case, the discussion will describe how programmers can avoid making the common mistakes that allow these attacks to succeed.
As an application security consultant and digital forensics researcher at VSR, Tim Morgan has been taking deep technical dives into security and reverse engineering for over a decade. His past research has culminated in the release of several responsibly disclosed vulnerabilities in popular software products as well as novel algorithms for forensically-sound data recovery. More recently, Tim has enjoyed conducting research in the areas of web protocol (in)security and XML external entity attacks. Tim resides in Oregon where he helps organize the Portland OWASP chapter.