This three days training is focused on practical hacking of SSL/TLS such as retrieving the private key of servers, decrypting encrypted traffic or breaking the PKI. We will cover the basics of each version of SSL/TLS (from SSLv2 up to TLS 1.3) by highlighting weaknesses and state-of-art attacks. Each vulnerability introduced will be tested in practice and along with that, defensive configurations and countermeasures will be discussed. We will also dive deep into vulnerabilities specific to some SSL/TLS implementations or generically applicable to any implementation of protocol, both focusing on native crypto pitfalls and side-channel attacks.

For more information, please visit Scytala.