sign in sign up
<<
Home , ADFGVX cipher, CrypTool, FISH (cipher), Pike (cipher), ROT13, VeraCrypt

ProTech Professional Technical Services, Inc.

EC-Council Certified Specialist (ECES)

Course Summary

Description

The EC-Council Certified Encryption Specialist (ECES) program introduces professionals and students to the field of . The participants will learn the foundations of modern symmetric and cryptography including the details of such as Feistel Networks, DES, and AES. Other topics introduced: • Overview of other algorithms such as Blowfish, , and Skipjack • Hashing algorithms including MD5, MD6, SHA, Gost, RIPMD 256 and others. • Asymmetric cryptography including thorough descriptions of RSA, Elgamal, Elliptic Curve, and DSA. • Significant concepts such as diffusion, confusion, and Kerkchoff’s principle. Course Outline Course Participants will also be provided a practical application of the following: • How to set up a VPN • Encrypt a drive • Hands-on experience with • Hands on experience in cryptographic algorithms ranging from classic like Caesar to modern day algorithms such as AES and RSA.

Objectives

By the end of this course, students will learn:

• Types of Encryption Standards and their • Correct and incorrect deployment of differences encryption technologies • How to select the best standard for your • Common mistakes made in organization implementing encryption technologies • How to enhance your pen-testing • Best practices when implementing knowledge in encryption encryption technologies

Topics

• Introduction and • Applications of Cryptography • Symmetric Cryptography & Hashes • and Asymmetric Cryptography

Audience

Anyone involved in the selection and implementation of VPN’s or digital certificates should attend this course. Without understanding the cryptography at some depth, people are limited to following marketing hype. Understanding the actual cryptography allows you to know which one to select. A person successfully completing this course will be able to select the encryption standard that is most beneficial to their organization and understand how to effectively deploy that technology.

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically.

ProTech Professional Technical Services, Inc.

EC-Council Certified Encryption Specialist (ECES)

Course Summary

Audience (cont.)

This course is excellent for ethical hackers and penetration testing professionals as most penetration testing courses skip cryptanalysis completely. Many penetration testing professionals testing usually don’t attempt to crack cryptography. A basic knowledge of cryptanalysis is very beneficial to any penetration testing.

Duration

Three Days Course Outline Course

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically.

ProTech Professional Technical Services, Inc.

EC -Council Certified Encryption Specialist (ECES)

Course Outline 7. Whitening I. Introduction and History of 8. Advanced Encryption Standard Cryptography (AES) A. What is Cryptography? 9. AES General Overview B. History of Cryptography 10. AES Specifics . Mono-Alphabet Substitution 11. Blowfish 1. 12. 2. Cipher 13. Twofish 3. 14. Skipjack 4. ROT13 Cipher 15. International Data Encryption 5. (IDEA) 6. Single Substitution Weaknesses 16. CAST

Course Outline Course D. Multi-Alphabet Substitution 17. Tiny Encryption Algorithm (TEA) 1. Cipher Disk 18. SHARK 2. Vigenère Cipher I. Symmetric Algorithm Methods 3. Vigenère Cipher: Example 1. Electronic Codebook (ECB) 4. Breaking the Vigenère Cipher 2. Cipher-Block Chaining (CBC) 5. 3. Propagating Cipher-Block 6. ADFGVX Cipher Chaining (PCBC) E. Homophonic Substitution 4. Cipher Feedback (CFB) F. Null Ciphers 5. Output Feedback (OFB) G. Book Ciphers 6. Counter (CTR) H. Rail Fence Ciphers 7. (IV) I. The J. Symmetric Stream Ciphers J. CrypTool 1. Example of Symmetric Stream Ciphers: RC4 II. Symmetric Cryptography & Hashes 2. Example of Symmetric Stream A. Symmetric Cryptography Ciphers: FISH B. Information Theory 3. Example of Symmetric Stream 1. Information Theory Ciphers: Cryptography Concepts K. Hash Function C. Kerckhoffs’s Principle 1. Hash – D. Substitution 2. MD5 E. Transposition 3. The MD5 Algorithm F. Binary Math 4. MD6 1. Binary AND 5. Secure Hash Algorithm (SHA) 2. Binary OR 6. FORK-256 3. Binary XOR 7. RIPEMD-160 G. vs. 8. GOST H. Symmetric Block Cipher Algorithms 9. Tiger 1. Basic Facts of the Feistel 10. MAC and HMAC Function L. CryptoBench 2. The Feistel Function 3. Unbalanced Feistel Cipher 4. (DES) 5. 3DES 6. DESx

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically.

ProTech Professional Technical Services, Inc.

EC -Council Certified Encryption Specialist (ECES)

Course Outline (cont.)

III. Number Theory and Asymmetric D. Certificate Authority (CA) Cryptography 1. Certificate Authority – Verisign A. Asymmetric Encryption E. Registration Authority (RA) B. Basic Number Facts F. Public Key Infrastructure (PKI) 1. Prime Numbers G. Digital Certificate Terminology 2. Co-Prime Numbers H. Server-based Certificate Validation 3. Euler’s Totient Protocol 4. Modulus Operator I. Digital Certificate Management 5. Fibonacci Numbers J. Trust Models C. Birthday Theorem K. Certificates and Web Servers 1. Birthday Paradox L. Microsoft Certificate Services

Course Outline Course 2. Birthday Paradox: Probability M. Windows Certificates: certmgr.msc 3. Birthday Attack N. Authentication D. Random Number Generator 1. Password Authentication 1. Classification of Random Protocol (PAP) Number Generator 2. Shiva Password Authentication 2. Traits of a Good PRNG Protocol (S-PAP) 3. Naor-Reingold and Mersenne 3. Challenge-Handshake Twister Pseudorandom Function Authentication Protocol (CHAP) 4. Linear Congruential Generator 4. Kerberos 5. Lehmer Random Number 5. Components of Kerberos Generator System 6. Lagged Fibonacci Generator 6. Kerberos Authentication (LFG) Process 7. Blum Blum Shub O. (PGP) 8. Yarrow 1. PGP Certificates 9. Fortuna P. Wi-Fi Encryption E. Diffie-Hellman 1. Wired Equivalent Privacy (WEP) F. Rivest Shamir Adleman (RSA) 2. WPA – Wi-Fi Protected Access 1. RSA – How it Works 3. WPA2 2. RSA Example Q. SSL G. Menezes–Qu–Vanstone R. TLS H. Algorithm S. (VPN) 1. Signing with DSA 1. Point-to-Point Tunneling I. Elliptic Curve Protocol (PPTP) 1. Elliptic Curve Variations 2. PPTP VPN J. Elgamal 3. Layer 2 Tunneling Protocol VPN K. CrypTool 4. Internet Protocol Security VPN 5. SSL/TLS VPN IV. Applications of Cryptography T. Encrypting Files A. FIPS Standards 1. Backing up the EFS key B. Digital Signatures 2. Restoring the EFS Key C. What is a Digital Certificate? U. BitLocker 1. Digital Certificates 1. BitLocker: Screenshot 2. X.509 V. Software: 3. X.509 Certificates VeraCrypt 4. X.509 Certificate Content W. Common Cryptography Mistakes 5. X.509 Certificate File 1. Steganography Extensions 2. Steganography Terms

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically.

ProTech Professional Technical Services, Inc.

EC -Council Certified Encryption Specialist (ECES)

Course Outline (cont.)

3. Historical Steganography 4. Steganography Details 5. Other Forms of Steganography 6. How to Embed? 7. Steganographic File Systems 8. Steganography Implementations 9. Demonstration X. Steganalysis 1. Steganalysis – Raw Quick Pair 2. Steganalysis – Chi-Square Analysis

Course Outline Course 3. Steganalysis – Audio Steganalysis Y. Steganography Detection Tools Z. and Cryptography 1. NSA Suite A Encryption Algorithms 2. NSA Suite B Encryption Algorithms 3. National Security Agency: Type 1 Algorithms 4. National Security Agency: Type 2 Algorithms 5. National Security Agency: Type 3 Algorithms 6. National Security Agency: Type 4 Algorithms AA. Unbreakable Encryption

V. Cryptanalysis A. Breaking Ciphers B. Cryptanalysis C. D. Kasiski 1. Cracking Modern Cryptography 2. Cracking Modern Cryptography: Chosen Attack 3. Cracking Modern Cryptography: -only and Related-key Attack E. Linear Cryptanalysis F. Differential Cryptanalysis G. Integral Cryptanalysis H. Cryptanalysis Resources I. Cryptanalysis Success J. Rainbow Tables K. Password Cracking L. Tools

Due to the nature of this material, this document refers to numerous hardware and software products by their trade names. References to other companies and their products are for informational purposes only, and all trademarks are the properties of their respective companies. It is not the intent of ProTech Professional Technical Services, Inc. to use any of these names generically.