Black Hat USA 2009 Weekday Training Session

July 27-28

Intercepting Secure Communications

Moxie Marlinspike

Overview:

This is a new and special training that covers both designing and attacking secure protocols. Attendees will learn the fundamentals of how to design a secure protocol, and be armed with the knowledge of how to evaluate the security of and discover weaknesses in existing protocols.

This training will also give attendees an advanced look into previously undisclosed tools and techniques for intercepting secure communication. Attendees will be given advanced copies of exploit tools used to intercept secure email, web, and VPN traffic as well as training and practice in using them covertly and effectively—such that attendees will walk away with everything they need to intercept several types of secure communication.

What You Will Learn:

How to design secure protocols, how to evaluate the security of and find breaks in protocols, and how to intercept communication secured by SSL and TLS based protocols using previously undisclosed techniques. This will include practice in attacking popular web browsers, popular email clients, and SSL based VPN clients using previously unreleased tools.

Who Should Attend:

Anyone interested in designing or evaluating secure protocols, and anyone interested in advanced access to exploit tools for intercepting secure communication—as well as those seeking to defend their networks from these attacks. Some existing basic knowledge of internet protocols will be useful to attendees.

Students should have a basic understanding of networking and the core application-layer protocols.

Trainer:

Moxie Marlinspike

is a fellow at the Institute For Disruptive Technology with over thirteen years of experience in attacking networks. He is the author of sslsniff and sslstrip, the former of which was used by the MD5 Hash Collision team to deploy their rogue CA cert and the latter of which continues to implement Moxie's deadly "stripping" technique for rendering communication insecure. His tools have been featured in many publications including Hacking Exposed, Forbes Magazine, The Wall Street Journal, the New York Times, and Security Focus as well as on international TV.

Super Early: Ends Mar 15	Early: Ends May 1	Regular: Ends Jul 1	Late: Ends Jul 22	Onsite:
$2200	$2300	$2500	$2700	$3000