Both trainers hold PhDs in cryptography and have in combination more than 15 years of experience in designing cryptosystems and in finding vulnerabilities in real-world applications, including critical industrial systems. The trainers are also experienced speakers due to regular presentations of their latest research at IT security and cryptography conferences all around the world.

Day 1, morning: lectures (~4h)

• Secure randomness generation
  • What is randomness?
  • The notion of entropy
  • Random number generators and the differences between TRNGs, PRNGs, and DRBGs
  • Implementations of random number generators in Linux, MacOS, and Windows
  • Testing PRNGs
• Cryptography basics
  • Symmetric cryptography: DRBGs, hash functions, PRFs, MACs, block/stream ciphers, block cipher modes, authenticated encryption)
  • Asymmetric cryptography: key agreement protocols, signing schemes, public key encryption systems
  • Security notions, attack models, protocols
• Elliptic-curve cryptography
  • Different curve shapes (Weierstrass, Montgomery, Edwards, twisted Edwards forms)
  • Mathematical operations on elliptic curves (addition, scalar multiplication, point counting)
  • The Curve25519 curve
  • The elliptic curve discrete logarithm problem
  • ECC-based key agreement, encryption, signing
  • Security / performance comparisons between RSA, classic DL, and ECC-based approaches
  • How to use ECC correctly
• Quantum and post-quantum cryptography
  • Principles of quantum computing
  • Requirements for building a scalable quantum computer
  • Impact on public-key and private-key cryptography
  • Post-quantum crypto: types of constructions, example of hash-based signatures

Day 1, afternoon: exercises (~4h)

• Entropy evaluation
• Analysing the security properties of the Lorawan IoT protocol
• Breaking a weak PRNG, hash function, and RSA-based system
• Implementing basic ECC-based schemes (DH, DSA, ElGamal)

Day 2, morning: lectures (~4h)

• Side-channel attacks
  • What are side-channels?
  • Timing and cache-timing attacks
  • Oracle attacks (Bleichenbacher and Manger attacks on RSA, CBC padding oracle)
  • Bug attacks and optimization attacks
• Cryptography libraries
  • Most common libraries (OpenSSL, NaCl, sodium, etc.)
  • Comparison of strengths and limitations in terms of security, speed, or license
  • Key lengths
• Transport layer security (TLS)
  • History overview
  • Comparison between TLS 1.2 and TLS 1.3
  • Overview on TLS attacks
  • How to check / secure TLS servers
• Secure messaging
  • Differences between synchronous and asynchronous messaging
  • Security goals
  • The Signal protocol, its strengths limitations
  • Non-cryptographic risks
• Bitcoin and blockchain technologies
  • How does Bitcoin work?
  • What are blockchains?
  • Double spending attacks
  • Proof-of-work schemes
  • Nakamoto consensus

Day 2, afternoon: exercises (~4h)

• Analysing the output of randomness generators
• CBC oracles
• Breaking the authenticated encryption cipher in the open smart grid protocol
• Analysing a bug in the DH code of libsodium
• Decrypting ciphertexts by exploiting a flawed PRNG

Mr Santarsieri is a founder partner at Vicxer where he utilizes his 12+ years of experience in the security industry, to bring top notch research into the ERP (SAP / Oracle) world.

He is engaged in a daily effort to identify, analyze, exploit and mitigate vulnerabilities affecting ERP systems and business-critical applications, helping Vicxer's customers (Global Fortune-500 companies and defense contractors) to stay one step ahead of cyber-threats.

Jordan has also discovered critical vulnerabilities in Oracle and SAP software, and is a frequent speaker at international security conferences such as Black-Hat, Insomnihack, YSTS, Auscert, Sec-T, HITB, Rootcon, NanoSec Hacker Halted, OWASP US, 8dot8 and Ekoparty.

Day 1

• Introduction to SAP
• What SAP security used to be in the past
• What SAP security is nowadays
• Introduction to SAP security tools (the open-source way)
• Securing the SAP Infrastructure
• SAP Router
• SAP Web-dispatcher
• The role of a firewall
• How to attack and secure: SAP & Windows
• How to attack and secure: SAP & Unix
• How to attack and secure: SAP & Oracle
• How to attack and secure: SAP & HANA
• Authentication mechanisms
• User Security
• Password Policy
• Authorizations
• SAP Gateway & RFC
• SAP Message Server
• SAP Management Console

Day 2

• SAP Solution Manager
• SAP System Landscape Directory
• ABAP Security
• SAP Back-doors
• SAP Updates
• Encryption
• SAP ICM
• SAP J2EE
• Understanding the J2EE Framework
• Different SAP Web J2EE Applications
• J2EE Authentication Mechanisms
• SAP JCO
• SAP Security Audit Trail
• How to react in case of an SAP Intrusion
• SAP Lab – Packet wars! (Apply what you learned! Attack and defend the SAP systems!)

Adrien Stoffel (@__awe) is a senior security engineer at SCRT SA, working on penetration testing and security research. He's been involved in the CTF community for more than 5 years and he currently leads the 0daysober team. His current focus area is Linux heap exploits but he also love to tackle some Windows challenges. He has also created the W3Challs hacking platform, hosting challenges in categories including web, crypto, and userland/kernel wargames.

Topics for the first part of the course include:

• review of the current state of Linux userland security
• ROP and JOP techniques on Intel x86 and x86_64 architectures
• SSP bypasses
• other vulnerability classes
• miscellaneous tips and tricks relevant to both real life exploits and CTFs
• improving exploit reliability
• C++ exploitation (vftables, corruption of std objects...)

Then we will dive into heap-based exploitation and detail the inner workings of the glibc heap allocator so that you can finally understand the magic behind ptmalloc and how it can be abused to achieve remote code execution. Once you have made sense out of the allocator, we'll move onto exploitation, with step-by-step practice labs:

• manipulate allocations to put the heap in a deterministic state
• concepts behind heap overflow and Use After Free vulnerabilities
• discover the memory layout using some heap-fu to defeat Full-ASLR
• abuse heap data to get code execution or arbitrary read/write primitives
• achieve the same results with metadata-only techniques
• find the best suitable target to get code execution

The course gives an idea of how pentesters and hackers think, and the best way to defend against them. To do so, this training is given by a duo of Red Team / Blue Team engineers. Both trainers have in combination more than 13 years of experience in offensive and defensive security.

Day 1

• Windows Security Models (Authentication, Kerberos, NTLM, Active Directory)
• Windows Network Discovery (Network Scan, Active Directory Discovery, PingCastle)
• Metasploit in a nutshell (Modules, Exploit, Meterpreter)
• Lateral Movements (Pass-the-hash, Pass-the-ticket, Kerberoast, GPP, Bloodhound)
• Physical Attacks (Coldboot attack, DMA, Bitlocker, Secureboot)
• Vulnerability Exploitation & Protections (ASLR, MS17-010)

Day 2

• Advanced Authentication Systems (vSmartCard, Windows Hello, MFA)
• Credential Protections (LSA Protection, VSM, Credential Guard)
• Privileged Access Management (Logon Types, Restricted Admin, Powershell Remoting, MSA/GMSA)
• Windows Monitoring & Log Analysis (Windows event forwarding)
• Active Directory Persistence (DCSync, Golden Ticket, Skeleton Key)
• Anti-virus evasion (MSFVenom, Windows Defender, AppLocker, Device Guard, Software restriction policy, Attack Surface Reduction)