Cryptography Fundamentals course (now with some AppSec)

Details

Most of the content (and lecture recordings) are on Moodle but I'm adding a list of topics & some resources here for anyone who wants to quickly browse them.

Book/Tutorial Recommendations

• Serious Cryptography - JP Aumasson (Available as ebook at the library): https://nostarch.com/seriouscrypto
• Crypto101 - lvh: https://www.crypto101.io/
• Cryptography Engineering - Ferguson, Schneier, Kohno: https://www.schneier.com/books/cryptography-engineering
• Security Engineering - Ross Anderson: https://www.cl.cam.ac.uk/~rja14/book.html
• Engineering Security - Peter Gutmann: https://www.cs.auckland.ac.nz/~pgut001/pubs/book.pdf
• Manga Guide to Cryptography - Mitano, Sato, Hinaki: https://nostarch.com/mangacrypto
• The Codebreakers - David Kahn: https://archive.org/details/B-001-001-264
• Violent Python - TJ O'Connor (Uses old Python 2 so contact me for help updating small bits of the code): https://www.oreilly.com/library/view/violent-python/9781597499576/
• Programiz Python Tutorial: https://www.programiz.com/python-programming
• NSA Python Training Document (skip to Lesson 02): https://archive.org/details/comp3321
• Automate the Boring Stuff (Python): https://automatetheboringstuff.com/
• Effective C - Robert Seacord (2020) - Beginner/Intermediate
• Beej's Guide to C Programming (2021) - Intermediate
• Modern C - Jens Gustedt (2019) - Intermediate/Advanced
• SEI CERT C Coding Standard - Intermediate/Secure Coding Guidelines
• Hacking - The Art of Exploitation by Jon Erickson (2008) - Advanced: includes a bunch of source code

YouTube Channels

People

• Computerphile: https://www.youtube.com/channel/UC9-y-6csu5WGm29I7JiwpnA
• STÖK: https://www.youtube.com/c/STOKfredrik/
• LiveOverflow: https://www.youtube.com/channel/UClcE-kVhqyiHCcjYwcpfj9w
• Bill Buchanan: https://www.youtube.com/user/billatnapier
• Professor Messer: https://www.youtube.com/channel/UCkefXKtInZ9PLsoGRtml2FQ
• Tib3rius: https://www.youtube.com/channel/UCs6dtu4e0JL-N4hVszsFpBw
• NetworkChuck: https://www.youtube.com/user/NetworkChuck
• John Hammond: https://www.youtube.com/channel/UCVeW9qkBjo3zosnqUbG7CFw
• Jim Browning: https://www.youtube.com/c/JimBrowning
• Null Byte: https://www.youtube.com/channel/UCgTNupxATBfWmfehv21ym-g
• IppSec: https://www.youtube.com/channel/UCa6eh7gCkpPo5XXUDfygQQA
• HackerSploit: https://www.youtube.com/c/HackerSploit/videos
• Marcus Hutchins: https://www.youtube.com/channel/UCLDnEn-TxejaDB8qm2AUhHQ
• CryptoCat: https://www.youtube.com/channel/UCEeuul0q7C8Zs5C8rc4REFQ

Podcasts

• Darknet Diaries: https://darknetdiaries.com/
• Risky Business: https://risky.biz/netcasts/risky-business/
• Unsupervised Learning / Daniel Miessler: https://danielmiessler.com/podcast/
• StormCast: https://isc.sans.edu/podcast.html

Conferences

• DEFCON: https://www.youtube.com/channel/UC6Om9kAkl32dWlDSNlDS9Iw
• CCC (some videos in German): https://www.youtube.com/user/mediacccde
• OWASP NZ: https://www.youtube.com/channel/UCWjcSSETjqhzBlVxXTW1zhg
• PyVideo (Python Conferences): https://pyvideo.org/
• BSides Canberra: https://www.youtube.com/channel/UCbgRw_yk53hVtNXEX2DtyDQ
• BSides London: https://www.youtube.com/channel/UCXXNOelGiY_N96a2nfhcaDA
• BSides Capetown: https://www.youtube.com/channel/UCf3DodO2LfdbtHywUpI-nPA
• ShmooCon: https://www.youtube.com/c/0xdade/videos
• BlackHat: https://www.youtube.com/c/BlackHatOfficialYT/videos
• Hack.lu: https://www.youtube.com/channel/UCI6B0zYvK-7FdM0Vgh3v3Tg/videos
• CISA: https://www.youtube.com/channel/UCxyq9roe-npgzrVwbpoAy0A
• RSA: https://www.youtube.com/c/RSAConference/videos

Communities

• /r/crypto
• crypto StackExchange
• /r/netsec
• /r/reverseengineering
• HackerNews * Often primarily startup/programming related, but occasionally has good links and discussion on security topics.

Week 1

Topics:

• History
• Classical Ciphers
• XOR
• GitHub
• Kali
• Python Basics
• cryptii.com - Website with many interactive ciphers/encoding.
• GCHQ CyberChef
• repl.it - Online code editor

Week 2

Topics

• Binary
• ASCII
• Hexadecimal
• Attack Model
• Kerckhoff's Principle
• Python's Cryptography Library
• Python - cryptography - Cryptography library for Python

Week 3

Topics

• Padding, Cribs, and NSA Archive on Archive.org
• Key Reuse with One-Time Pad
• Frequency Analysis & Classical Cipher Example
• Cryptanalysis Attack Models/Types
• JetBrains IDEs & PyCharm
• Kali Linux & VirtualBox
• Randomness & Pseudo-Random Number Generators (PRNGs)
• Confusion & Diffusion
• Ciphertext Indistinguishability (IND) and Non-Malleability (NM)
• ARX (Add-Rotate-XOR) Ciphers
• S-Boxes (Substitution) and P-Boxes (Permutation)

Week 4

Topics

• ARX Ciphers continued
• Block Ciphers
• P-Boxes, S-Boxes, Substitution-Permutation Networks (SP Network)
• Parity Bits
• Question about VPNs
• Feistel Networks
• DES - Data Encryption Standard, DES-X & Key whitening, Triple-DES aka 3DES
• AES - Advanced Encryption Standard
• Block Cipher Modes of Operation

Week 5

Topics

• Confidentiality
• Block Cipher Modes of Operation (Confidentiality-only): ECB, CBC, CTR, OFB, CFB.
• Stream Ciphers
• Nonce: Number-used-only-ONCE.
• Cryptographic Oracle & Oracle Attack
• Integrity: Parity Bits (revision), Check-Digits, Checksums
• Common Vulnerabilities & Exposures (CVE)
• Hashing (brief overview - more to come)
• Message Authentication Codes (brief overview - more to come)
• Dates, Time, and Timezones (Answering question from student)
• Sockets & Netcat (brief overview - more to come)
• Threading (brief overview - more to come)

Week 6 - No Classes due to Easter Holidays

Week 7

• Netcat
• UNIX: /etc/services & ports, less, pipes
• Hex Editors & Assembly Language Basics
• UNIX: Manpages, Keyboard Shortcuts / Signals, System Calls, /proc
• Library Security & Supply Chain Attacks
• Sockets with Python / Homework Review
• Netcat & Reverse Shells
• HTTP, curl, Requests & Responses
• Python: Classes & Files
• Mirai Botnet Quick Code Review
• CTFs & upcoming HackTheBox Cryptapocalypse

Week 8

Topics

• Message Authentication Codes
• Authenticated Encryption (AE)
• Hashing & Passwords
• Diffie-Hellman Key Exchange
• Public Key Cryptography

Week 9

Topics - Week 8 topics in more detail

• Message Authentication Codes
• Authenticated Encryption (AE)
• Hashing & Passwords: SHA2, SHA3, bcrypt, scrypt, Argon2
• Diffie-Hellman Key Exchange
• Public Key Cryptography

Week 10

Topics

• RSA
• Elliptic Curve Cryptography (ECC) & ECDH
• Computational Hardness: Integer Factoring & Discrete Log
• Digital Signatures & Non-repudiation
• Public Key Infrastructure (PKI)
• Transport Layer Security (TLS)

Week 11

Topics

• Web Security Basics
• APIs
• OAuth
• OWASP Top 10
• Containers

Week 12

Topics

• More UNIX: processes/suspending with ctrl-z, bg/fg, grep, tr, cut, awk, sed: https://blog.knoldus.com/play-with-text-in-linux-grep-cut-awk-sed/
• Scope: https://en.wikipedia.org/wiki/Scope_(computer_science)
• Reading/writing files & with statement (context managers): https://www.programiz.com/python-programming/file-operation
• Bytes & endianness: Converting to and from bytes, and endianness. https://en.wikipedia.org/wiki/Endianness Using pycryptodome and other libraries: https://www.pycryptodome.org/en/latest/src/examples.html & https://github.com/vinta/awesome-python Unit Testing Basics & pytest: https://dev.to/edeediong/understanding-pytest-1e0p Regular Expressions: http://regextutorials.com/index.html Static Analysis Basics: pylint, mypy: https://blog.codacy.com/which-python-static-analysis-tools-should-i-use/ Makefiles: https://makefiletutorial.com/ Bash scripting basics: https://linuxconfig.org/bash-scripting-tutorial-for-beginners CommandLineFu.com: http://commandlinefu.com/ C Basics (Complete Basics, see book recommendations for more detail) Interpreted languages vs Compiled languages: https://en.wikipedia.org/wiki/Interpreter_(computing) Program Entry Point: https://en.wikipedia.org/wiki/Entry_point

Week 13

Topics

• More C
• x86/64 Assembly

Week 14

Topics

• Revision
• Practice Test

Week 15

Topics

• Test

Week 16 - CVE Presentations