SSL/TLS Security Lab

Learning objectives

The participants will gain a deeper understanding of the various versions of the SSL and TLS protocols. The historic development of the protocols will be explained together with their associated strengths and weaknesses. By using the current specification of TLS Version 1.3, we will look into the future in order to recognize trends and further developments. The various known attacks on SSL and TLS will be explained with reference to theoretical principles and practical exercises. Alongside the attacks, measures to protect one’s own infrastructure will be introduced.

The exercises will be done on www.hacking-lab.com. Following the course, the labor environment is available to the participants for 30 days more

Demarcation: The course focuses on SSL/TLS and the known attacks associated with them. The fundamentals of RSA, AES, Diffie-Hellman and operating modes of block encryptions are not subject of the course.

Highlights

  • Introductions of the various protocols
    • SSL v3
    • TLS 1.0
    • TLS 1.1
    • TLS 1.2
    • TLS 1.3 and relevant innovations
  • Known attacks on SSL/TLS
    • “Padding Oracle“ attacks
    • BEAST
    • Compression attacks
    • Side channel attacks
    • Heartbleed
  • Datagram Transport Layer Security (DTLS)
  • Secure configuration of an Apache HTTP Server (HPKP, HSTS)
  • Inspection proxies
  • Public Key Infrastructure

                              Target group

                              • Security Officers
                              • Technology Officers
                              • Operators of Infrastructures
                              • Developers of E-Business Applications

                               Prerequisite

                              • Familiarity with the Linux command line
                              • Basic knowledge of cryptography
                              • TCP/UDP network technology

                              CALENDAR

                              Cyber Risks - Früherkennung leicht gemacht

                              Das SwissBoardForum lädt ein zum Spezialevent «Cyber Risks». Ivan Bütler zeigt in seinem Live Hacking, welchen Risiken unsere Infrastruktur gegenüber... Read more

                              Beer-Talk in Zürich: Bluetooth Low Energy: Protocol, Security & Attacks

                              Immer mehr Geräte und Gadgets können über Bluetooth Low Energy (BLE) miteinander kommunizieren. Haben Sie sich schon gefragt, was dieses BLE überhaupt... Read more

                              Security Training: Secure Mobile Apps

                              In the 2-day course (in German) from Mai 12/13, 2020, you will learn about the most important security problems of mobile apps. Read more

                              ALL DATES

                              NEWS

                              Vulnerability in Abacus

                              Ville Koch identified a Cross-Site Scripting vulnerability in Abacus. Read more

                              Rein kommen wir meistens

                              In einem Interview in der Wirtschaftszeitung «Finanz und Wirtschaft» spricht Walter Sprenger über die Motivationsgründe und Methoden der Hacker. Read more

                              KMU im Visier von Cyberkriminellen

                              In der Sendung «Fokus KMU» erzählt ein Betroffener über die Auswirkungen der Cyber Attacke auf sein Unternehmen. Cyrill Brunschwiler von Compass... Read more

                              ARCHIVES

                              Compass Security Blog

                              New SMBGhost Vulnerability Affects Modern Windows Systems

                              A new vulnerability (CVE-2020-0796) affecting SMBv3 has been discovered. The community has started to name this vulnerability SMBGhost because everyone knows this vulnerability is present but no... mehr

                              Domain-Join Computers the Proper Way

                              When you add a new computer, it must first join the domain. If you use its future main user to do it, they'll become the owner and be able to hijack the computer to become a local administrator in... mehr

                              ZUM BLOG