OVERVIEW The EC-Council Certified Encryption Specialist (ECES) program introduces professionals and students to the field of cryptography. The participants will learn the foundations of modern symmetric and key cryptography including the details of algorithms such as Feistel Networks, DES, and AES. Other topics introduced: • Overview of other algorithms such as Blowfish, Twofish, and Skipjack • Hashing algorithms including MD5, MD6, SHA, Gost, RIPMD 256 and others. • Asymmetric cryptography including thorough descriptions of RSA, Elgamal, Elliptic Curve, and DSA. • Significant concepts such as diffusion, confusion, and Kerkchoff’s principle. Participants will also be provided a practical application of the following: • How to set up a VPN • Encrypt a drive • Hands-on experience with steganography • Hands on experience in cryptographic algorithms ranging from classic ciphers like Caesar cipher to modern day algorithms such as AES and RSA. EC-COUNCIL CERTIFIED ENCRYPTION SPECIALIST (ECES) • Breaking the Vigenère Cipher COURSE OBJECTIVES • Playfair • The ADFGVX cipher Students going through ECES training will learn: • The Enigma Machine • Types of Encryption Standards and their • CrypTool differences • How to select the best standard for your organization Lesson 2: Symmetric Cryptography & • How to enhance your pen-testing knowledge in Hashes encryption • Symmetric Cryptography • Correct and incorrect deployment of encryption • Information Theory technologies • • Common mistakes made in implementing Information Theory Cryptography Concepts encryption technologies • Kerckhoffs’s Principle • Best practices when implementing encryption • Substitution technologies • Transposition • Substitution and Transposition • Binary Math TARGET AUDIENCE • Binary AND • Binary OR • Binary XOR Anyone involved in the selection and implementation of • Block Cipher vs. Stream Cipher VPN’s or digital certificates should attend this course. • Without understanding the cryptography at some depth, Symmetric Block Cipher Algorithms people are limited to following marketing hype. • Basic Facts of the Feistel Function Understanding the actual cryptography allows you to know • The Feistel Function which one to select. A person successfully completing this • A Simple View of a Single Round course will be able to select the encryption standard that is • Unbalanced Feistel Cipher most beneficial to their organization and understand how • DES to effectively deploy that technology. • 3DES • DESx This course is excellent for ethical hackers and penetration • Whitening testing professionals as most penetration testing courses • AES skip cryptanalysis completely. Many penetration testing • professionals testing usually don’t attempt to crack AES General Overview cryptography. A basic knowledge of cryptanalysis is very • AES Specifics beneficial to any penetration testing. • Blowfish • Serpent COURSE CONTENT • Twofish • Skipjack • IDEA Lesson 1: Introduction and History of • Symmetric Algorithm Methods Cryptography • Electronic Codebook (ECB) • What is Cryptography? • Cipher-Block Chaining (CBC) • History • Propagating Cipher-Block Chaining (PCBC) • Mono-Alphabet Substitution • Cipher Feedback (CFB) • Caesar Cipher • Output Feedback (OFB) • Atbash Cipher • Counter (CTR) • ROT 13 • Initialization Vector (IV) • Scytale • Symmetric Stream Ciphers • Single Substitution Weaknesses • Example of Symmetric Stream Ciphers: RC4 • Multi-Alphabet Substitution • Example of Symmetric Stream Ciphers: FISH • Cipher Disk • Example of Symmetric Stream Ciphers: PIKE • Vigenère Cipher • Hash • Vigenère Cipher: Example • Hash – Salt • MD5 www.xtremelabs.io Powering the Learn-It-All Economy • The MD5 Algorithm • Public Key Infrastructure (PKI) • MD6 • Digital Certificate Terminology • Secure Hash Algorithm (SHA) • Server-based Certificate Validation Protocol • Fork 256 • Digital Certificate Management • RIPEMD – 160 • Trust Models • GOST • Certificates and Web Servers • Tiger • Microsoft Certificate Services • CryptoBench • Windows Certificates: certmgr.msc • Authentication • Password Authentication Protocol (PAP) Lesson 3: Number Theory and • Shiva Password Authentication Protocol (S- Asymmetric Cryptography PAP) • Asymmetric Encryption • Challenge-Handshake Authentication • Basic Number Facts Protocol (CHAP) • Prime Numbers • Kerberos • Co-Prime • Components of Kerberos System • Eulers Totient • Pretty Good Privacy (PGP) • Modulus Operator • PGP Certificates • Fibonacci Numbers • Wifi Encryption • Birthday Problem • Wired Equivalent Privacy (WEP) • Birthday Theorem • WPA – Wi-Fi Protected Access • Birthday Attack • WPA2 • Random Number Generators • SSL • Classification of Random Number Generators • TLS • Naor-Reingold and Mersenne Twister • Virtual Private Network (VPN) Pseudorandom Function • Point-to-Point Tunneling Protocol (PPTP) • Linear Congruential Generator • PPTP VPN • Lehmer Random Number Generator • Layer 2 Tunneling Protocol VPN • Lagged Fibonacci Generator • Internet Protocol Security VPN • Diffie-Hellman • SSL/VPN • Rivest Shamir Adleman (RSA) • Encrypting Files • RSA – How it Works • Backing up the EFS key • RSA Example • Restoring the EFS Key • Menezes–Qu–Vanstone • Bitlocker • Digital Signature Algorithm • Bitlocker: Screenshot • Signing with DSA • Disk Encryption Software: Truecrypt • Elliptic Curve • Steganography • Elliptic Curve Variations • Steganography Terms • Elgamal • Historical Steganography • CrypTool • Steganography Details • Other Forms of Steganography Lesson 4: Applications of • Steganography Implementations • Demonstration Cryptographyong • Steganalysis • Digital Signatures • Steganalysis – Raw Quick Pair • What is a Digital Certificate? • Steganalysis – Chi-Square Analysis • Digital Certificates • Steganalysis – Audio Steganalysis • X.509 • Steganography Detection Tools • X.509 Certificates • National Security Agency and Cryptography • X.509 Certificate Content • NSA Suite A Encryption Algorithms • X.509 Certificate File Extensions • NSA Suite B Encryption Algorithms • Certificate Authority (CA) • National Security Agency: Type 1 Algorithms • Registration Authority (RA) www.xtremelabs.io Powering the Learn-It-All Economy • National Security Agency: Type 2 Algorithms • National Security Agency: Type 3 Algorithms • National Security Agency: Type 4 Algorithms • Unbreakable Encryption Lesson 5: Cryptanalysis • Breaking Ciphers • Cryptanalysis • Frequency Analysis • Kasiski • Cracking Modern Cryptography • Cracking Modern Cryptography: Chosen Plaintext Attack • Linear Cryptanalysis • Differential Cryptanalysis • Integral Cryptanalysis • Cryptanalysis Resources • Cryptanalysis Success • Rainbow Tables • Password Cracking • Tools www.xtremelabs.io Powering the Learn-It-All Economy .