The official hash tag for HITBSecConf2010 - Amsterdam is #HITB2010AMS
Come see your tweets fly around our on-site Twitter wall!

TT6 – Designing Secure Protocols and Intercepting Secure Communications

Trainer: Moxie Marlinspike (Founder,
Capacity: 20 pax
Duration: 2 days
Cost: (per pax) EUR1599


This is a new and special training that covers both designing and attacking secure protocols. Attendees will learn the fundamentals of how to design a secure protocol, and be armed with the knowledge of how to evaluate the security of and discover weaknesses in existing protocols.

This training will also give attendees an advanced look into previously undisclosed tools and techniques for intercepting secure communication. Attendees will be given advanced copies of exploit tools used to intercept secure email, web, and VPN traffic as well as training and practice in using them covertly and effectively—such that attendees will walk away with everything they need to intercept several types of secure communication.

What You Will Learn:

This training is both theoretical and practical, both academic and hacker-foo. The first day covers the design of secure protocols in depth, leaving students with a thorough understanding of how secure protocols are modeled, how the building blocks of cryptography can be combined to result in something secure, and how to look at secure protocols that others publish (from SSH to SSL to Tor to encrypted web cookies) with a critical eye. Concepts that are often tossed around such as IND-CCA, the birthday paradox, and authenticated encryption will be covered in detail.

The second day covers clever tricks for manipulating implementation vulnerabilities and holes in the glue between secure protocols. Participants will be able to practice different types of man-in-the-middle attacks, and different techniques for getting in the middle.

Who Should Attend:

Anyone interested in designing or evaluating secure protocols, and anyone interested in tricks for intercepting secure communication — as well as those seeking to defend their networks from these attacks. Some existing basic knowledge of internet protocols will be useful to attendees.

About Moxie

Moxie Marlinspike is a fellow at the Institute For Disruptive Technology with over thirteen years of experience in attacking networks. He is the author of sslsniff and sslstrip, the former of which was used by the MD5 Hash Collision team to deploy their rogue CA cert and the latter of which continues to implement Moxie’s deadly “stripping” technique for rendering communication insecure. His tools have been featured in many publications including Hacking Exposed, Forbes Magazine, The Wall Street Journal, the New York Times, and Security Focus as well as on international TV.