Crypt0 - "Packets Don't Lie; Bob Loves Alice"
Loading...
Uploaded by maxquasar on Dec 20, 2011
Yo,
My crypto presentation that I teach in my InfoSec classed boiled down to a 4 minute original music video with labs. Even if you don't like the music, if you do the labs and understand what is happening, it should help anyone pass the crypto section of the CEH, CISSP, CISM and Security+ classes I teach.
Labs (optional)
Prerequisites: computer with Wireshark, web browser(s) and an internet connection.
Lab1) Sniff the SSL handshake. Start capturing and open a session to an SSL site, e.g. Gmail. After you get the HTTPS in the URL, stop the capture. Filter on SSL and examine the Client Hello (try capture filter "ssl.handshake.type"). How many cipher suites does your browser support? Identify which symmetric, asymmetric and hashing algorithms are used in cipher spec 0x000005.
Lab2) Examine the Server Hello. What cipher spec did the server negotiate? What algorithms make up the cipher spec?
Lab3) Examine the Server's certificate and answer the following questions:
Who signed the certificate?
What hashing and asymmetric algorithms are used in the signature?
Where is the CRL for this certificate?
Does this certificate support OCSP?
Lab 4) Filter on OCSP. How did the client identify the certificate in question? Who signed the response?
EXTRA CREDIT!
Change browsers and repeat the above. How many differences do you see? Did you expect that many?
Lab 5) Cryptanalysis - Download Cryptool. Given the following text, derive the key:
______________________
Ixevz0 "Vgiqkzy Jut'z Rok; Huh Rubk'y Groik"
Cuxjy gtj Sayoi he Rgxxe Mxkkthrgzz
Vxujaikj ot g nuzkr xuus ot Grkdgtjxog BG
Maozgxy (znxkk zxgiqy, cgcg, xuiqghorre gtj joxze uizgbk) vrgekj he Rgxxe.
Xkiuxjkj ut g Fuus X24. Jxas zxgiq lxus X24 haorz ot sginotk.
Rexoiy:
O cgtz zu yngxk g rozzrk ykixkz
Loxyz ck sayz huzn gmxkk
O tkbkx ygoj O cgyt'z ixgfe
Nkxk'y nuc oz ykksy zu sk
Eua cgtz zu qkkv yusk znotmy vxobgzk
O atjkxyzgtj gtj O xkyvkiz
Yuskzosky oz ykksy yu ixgfe
Nkxk'y nuc oz ykksy zu sk
Hghe, eua'xk g yavkx nkxu
O qtuc zngz yuatjy qotjg yzxgtmk
Hghe O znotq znkxk muttg rubk eua
Znotmy gxk tuz grcgey cngz znke ykks
Nuc ju O qtuc oz'y xkgrre eua? Gtj cngz eua yge oy zxak?
O qtuc znkxk'y znotmy O igt'z jkte
Yuskzosky znk cuxrj ykksy yu ixgfe xomnz tuc
Nkxk'y nuc oz ykksy zu sk
Hghe, eua'xk g yavkx nkxu
O qtuc somnz ykks otygtk
Hghe, O znotq znkxk muttg rubk eua
Vkuvrk gxkt'z grcgey cnu znke irgos
- 24 likes, 0 dislikes
-
Link to this comment:
Uploader Comments (maxquasar)
All Comments (15)
-
Larry - Genius!
-
All I can say is WOW!
-
@vishijack Edutainment! Thanks for the kind words.
-
@cooolbreeze1 You are very welcome. Different? I never said I wasn't crazy.
-
@TheAmg1976 Nice, this is a great honor. Exactly as I hope the video could be used. Have them try it out. Sniff an SSL handshake with Wireshark and see the algorithms that get negotiated and then check the fields in the servers certificate.
-
Nice tune!
- 1:19
The CISSP Exam Security Architecture Video Training DVDby GlobalClassroomCBT9,950 views
- 8:26
Shon Harris & Logical Security CISSP Products & Servicesby logicalse4,834 views
- 0:29
how to hack any website ver easy real and greatby pavnizzer147,358 views
- 9:32
Cryptoolby CareerSaverCom1,181 views
- 1:27
How to HACK any website in under 1 minute! REALby psluver1,088 views
- 6:40
CISSP Domain 1: Information Security Governance: Mandatory vs Discretionaryby SoManyCertifications1,152 views
- 8:23
DW LFI Scanner v1.0by DWTools20111,265 views
- 5:15
Tempest Keyboard Eavesdropping carried out by a Security and Cryptography Lab in Switzerlandby APICorporate3,503 views
- 5:12
Aaj din chadiya...full song.flvby junaid840161,464 views
- 4:31
Outkast - M.s Jacksonby 5o5jamZ41,729 views
- 5:31
An Overview of the CISSP Certificationby stresstest74713,398 views
- 1:44
hacking a website real wayby awpsticky3,194 views
- 7:05
Intro to AES Encryption - Part 1by TownsendSecurity15,579 views
- 1:19
How to edit any websiteby TheRealDanyan3,865 views
- 36:49
Relativity Week 08 - Larry Greenblatt - Securing the Futureby maxquasar33 views
- 9:27
IPSEC VPN: Configuring and Verifyingby gamorm54,546 views
- 4:58
HCFlood PUB. Edition - DoS - UDP Flooding Tool - Take down People + DOWNLOAD.by HomicidalGhost17,392 views
- 2:55
Larry Greenblatt tests Tom Greenageby maxquasar160 views
- 3:01
SSL Certificates: What Are They and Who Needs Them?by solutionsarepower28,105 views
- 54:05
Theory and Practice of Cryptographyby GoogleTechTalks54,350 views
Who said crypto is boring?
Clement
CCCure 1 month ago
@CCCure Yo Clement, to really help with the learning environment, I added labs in the description with step by step instructions to do what I am doing on screen. Enjoy!
maxquasar 1 month ago
this is a funny way to present!
alphaone1797 1 month ago
@alphaone1797 I do my best thank you. You should see the presentation live! I am hoping to present this at Sharkfest in June.
maxquasar 1 month ago
This is the most awesome lesson ever! I'm sharing this with every JR InfoSec Analyst I know!
TheAmg1976 1 month ago
@TheAmg1976 Based on your encouraging words, I created labs to do the things I do in the video. Take a look at the description of the video. Enjoy!
maxquasar 1 month ago