Practical Crypto of InfoSec Noobs

Presented at ShmooCon 2022 Rescheduled, March 26, 2022, 11 a.m. (30 minutes).

Cryptography has a pretty steep learning curve, and while doing CTFs and other conference games that have crypto challenges, very rarely do they involve practical use cases. As a security professional, it’s important not just to know how to decrypt something, but how to recognize the the type of cryptography used, many times without the source code or manual to aide you. This talk dives into not Alice and Bob, but actual steps used in pentests and incident response scenarios to identify and decrypt random data found in the real world.

Presenters:

• Rob Fuller / mubix   as Rob ‘Mubix’ Fuller
  Mubix (Rob Fuller) (@mubix) is a Red Team Director. His professional experience starts from his time on active duty as a United States Marine. He has worked with devices and software that run gambit in the security realm. He has a few certifications, but the titles that he holds above the rest are FATHER, HUSBAND, and United States Marine.

Similar Presentations:

• Kiwicon 7: Cyberfriends (2013) / Crypto Won't Save You Either
• May Contain Hackers (MCH2022) / Cryptography is easy, but no magic. Use it. Wisely.
• DerbyCon 6.0 Recharge (2016) / Data Obfuscation: How to hide data and payloads to make them “not exist” (in a mathematically optimal way)