On This Page


NCC Group's Cryptography Services | July 22-23 & July 24-25


This training is focused on drawing out the foundations of cryptographic vulnerabilities. These topics are timeless, and when the last application using ECB or CBC mode has upgraded - they'll be the foundations of the next evolution of impactful and popular cryptographic vulnerabilities. We'll talk about what attacks in the past took advantage of them, how algorithms and protocols have evolved over time to address these concerns, and what they look like now: where they're at the heart of the most popular bugs today. The other major areas we hit are cryptographic exploitation primitives such as chosen block boundaries, and more protocol-related topics, such as how to understand and trace authentication in complex protocols.

  • Module One focuses on what the right and wrong questions are when you're talking about cryptography with people - why focusing on matching keylengths, and other 'mundane' questions, isn't going to find you something exploitable and what will.

  • Module Two focuses on randomness, unpredictability, uniqueness. It covers the requisite info on spotting Random vs SecureRandom, but quickly dives deeper and discusses about why randomness, uniqueness, and unpredictability are so important for constructions like GCM and stream ciphers (as well as CBC and key generation).

  • Module Three focuses on integrity, and covers AEAD modes, how to use them safely and how to exploit them, disk encryption, encrypt-then-mac, and unauthenticated modes like ECB/CBC/CTR.

  • Module Four is all about signatures. We talk about signature reuse, reinterpretation, and more - including one of our favorite flaws: the SSL 3 omission that persisted and was exploited in new ways for a full 19 years before finally being fixed.

  • Module Five is about complicated protocols and systems deployed at scale, and how to trace through them, following how trust is granted, what its scope is, how it can be impersonated, and how the system falls apart when anything is slightly off.

  • Module Six is Math. There's just no getting around it - but it also leads to some of the most impressive attacks. We look at several standards, many provably secure, and show how a slightest missing sanity check allows for an often-devastating adaptive chosen ciphertext attack on RSA, DSA, ECC, and unauthenticated block cipher modes.

  • Module Seven tackles side channels, going in depth on the two aspects of cryptographic oracles: how the oracle is exposed and how to take advantage of what it tells you. We cover timing, error, and the CPU cache, starting off showing how to apply the attacks you've just learned, and then moving on to show how to extract key bits from hand-optimized algorithm implementations.

As we're wrapping up, because there's just so much interesting crypto out there, we'll lay out what news sources we read to keep up on the latest happenings in the cryptographic community and do a whirlwind tour of some interesting topics like wide-block constructions and hash-based digital signatures. Finally, we'll leave you with what findings and techniques have impressed us - the ones we think people will be using in the next decade of high-profile cryptographic attacks.

NCC Group is a world-wide organization that has brought together some of the biggest names in cryptography in North America. Matasano Security, who brought you CryptoPals.com and 'Crypto for Pen Testers', and iSEC Partners, known for its research and work on the TrueCrypt, Tor Browser, and other public and high-profile audits, have come together as NCC Group with a specialized Cryptography Services practice. Cryptography Services exclusively performs cryptographic consulting, research, training, and tracks industry and academic movements, producing insight into both the struggles organizations face day-in and day-out on practical difficulties, and what novel work is being done on the cutting edge of the field. This training is an extension of the research done day-in and day-out on our work leading engagements in the field, developing proofs of concept of attacks, and teaching cryptography to anyone who will sit still long enough to listen to us.

Who Should Take this Course

This course is targeted at students who have a strong interest in cryptography and some measure of cryptographic understanding (such as the difference between symmetric and asymmetric crypto). Cryptography is a very nuanced subject, but in the real world often falls to those without 20 years of study in the field. Students leave the course with a breadth of information that empowers them to better design and review cryptographic implementations and protocols.

The ideal student has investigated one or more recent cryptographic attacks deeply enough to be able to explain it, but has not sat down and read PKCS or NIST standards describing algorithm implementation. No explicit understanding of statistics or high-level math is required, as the focus is on the underlying causes of the vulnerabilities. Programming experience is recommended.

Student Requirements

Some level of familiarity and efficiency in a programming language of their choosing.

What Students Should Bring

A laptop prepared with Python 2.7 and if they object to Python, an additional programming environment they are comfortable in.

What Students Will Be Provided With

Course Materials, Slides, Summary of Main Concepts & Example Attack Implementations


Alex Balducci is a Principal Security Consultant at NCC Group's Cryptography Services. His experience includes security research, source code auditing, application security assessments, and software development - but his expertise is in cryptographic security including analysis and design of cryptographic protocols. Alex has given numerous presentations at several industry conferences. In 2016 and 2015 he delivered NCC Group's "Beyond the Beast: Deep Dives in Cryptography" course at Blackhat USA as well as at Blackhat EU in 2015. This two day course examines modern issues affecting cryptographic implementations and protocols and delves into the nitty gritty implementation details. At BlackHat USA 2014 he spoke on the topic of practical cryptographic vulnerabilities in application software covering RSA padding oracles and subgroup confinement attacks on elliptic curve Diffie-Hellman.

Javed Samuel is currently a Technical Director for NCC Group and has worked in the security field for over a decade as a security consultant and security engineer. Javed's responsibilities include technical account management of several of NCC's largest clients where he works on understanding their security needs and managing the overall partnership as their trusted security partner. He delivers certain projects particularly architecture reviews and threat modeling. He also assists the NCC Group sales team with various activities such as tech scoping, approval and process improvements. He is also a lead member of NCC's specialized Cryptography Services practice which is a premium services that specializes on novel and complicated cryptographic assessments and has worked on multiple projects in this space. Javed has given multiple presentations at several industry conferences and in 2016 he was part of the team that delivered NCC Group's "Beyond the Beast: Deep Dives in Cryptography" course at Blackhat USA. Javed also is also a key member the NCC's Training Services and has delivered numerous customized training engagements covering web security, mobile security, cloud security or cryptography. During his time at NCC Group, Javed has worked on and tech led multiple web application security projects, numerous design/architecture review projects and some mobile and network security projects. Javed has significant design/architecture experience from his NCC projects as well from prior work experience.

David Wong is a Security Consultant at the Cryptography Services practice of NCC Group. He has been part of several publicly funded open source audits such as OpenSSL and Let's Encrypt. He has conducted research in many domains in cryptography, publishing whitepapers and sharing results at various conferences including DEF CON and ToorCon as well as giving a recurrent cryptography course at Black Hat. He has contributed to standards like TLS 1.3 and the Noise Protocol Framework. He has found vulnerabilities in many systems including CVE-2016-3959 in the Go programming language and a bug in SHA-3's derived KangarooTwelve reference implementation. Prior to NCC Group, David graduated from the University of Bordeaux with a Masters in Cryptography, and prior to this from the University of Lyon and McMaster University with a Bachelor in Mathematics.

Mason Hemmel is a Security Consultant with NCC Group, a global information assurance specialist providing organizations with expert security consulting services. Mason has been with NCC Group for 1 year, working primarily from New York. Mason has performed security research in the following areas: cryptanalysis, cryptographic implementation review, covert channels, and social network security. His most recent public assessment was Cloudflare's TLS-TRIS, an implementation of TLS 1.3 draft 18.