20231003 - Transport Layer Security (TLS) and Secure Socket Layer (SSL) -

Course Materials

Time Schedule
Session 1 09:00 - 10:30

Break 10:30 - 11:00

Session 2 11:00 - 13:00

The above schedule is in Australian Eastern Standard Time (UTC+10)
Review local time here: https://www.timeanddate.com/worldclock/personal.html?cities=47

Trainers
FL Name Email Organisation Country
JT Jethro Tambeana APNIC Community Trainer Vanuatu

WF Warren Finch warren(at)apnic(dot)net APNIC Australia

NOTE:

A registered account on Shodan.io is required to complete some of the searches https://account.shodan.io/register

An account with the APNIC academy may be required https://academy.apnic.net/en/virtual-labs/

Sessions
Topic Presentations Exercises

Session 1 Agenda Agenda

Secure Socket Layer and SSL/TLS Overview TLS1.3 pcap
WF Transport Layer Security overview The Illustrated TLS Connection

Resources:
RFC7525 - BCP for TLS
RFC8996 - Deprecate TLS 1 & 1.1
RFC6101 - SSL 3.0
RFC8446 - TLS 1.3
RFCs about ciphers
SSH pcap
HTTP pcap
HTTPS pcap
IPv6 pcap
Computerphile - Video about TLS
Computerphile - TLS handshake
TLS Handshake Deep Dive and decryption with Wireshark
https://github.com/paulveillard/cybersecurity-tls-security

Session 2 Lab Research TLS

WF PKI Demo
JT TLS/SSL Lab

Resources:
OpenSSL cheatsheet
Testing TLS with openssl
https://github.com/drwetter/testssl.sh
How to use OpenSSL: Hashes, digital signatures
Let's Encrypt
SSL Configuration Generator
Decrypt SSL with Wireshark
https://packetlife.net/captures/
https://apackets.com/pcaps
https://cvetrends.com
https://demo.openxpki.org/openxpki/#/openxpki/login
https://hohnstaedt.de/xca/
https://tryhackme.com/
https://academy.hackthebox.com/course/preview/httpstls-attacks
.

Topic Resources
Other resources MITRE MITRE - SSL/TLS Inspection
MITRE - Encrypted Channel
MITRE - Encrypted Network Traffic

TLS NIST - Guidelines for the Selection and use of TLS SP800-52
Demystifying TLS Cipher Suites
Topic Resources
Implementing Certificates, TLS, HTTPS and Opportunistic TLS
Implementing Certificates, TLS & HTTPS
IANA TLS parameters
IANA, OpenSSL and GnuTLS cipher naming
https://testssl.sh
Privacy score
OWASP - Testing for Weak SSL TLS Ciphers
OWASP - TLS Cheat Sheet
SANS webcast - A BEAST and a POODLE celebrating SWEET32
10 Online Tools to Test SSL
History of SSL/TLS and PKI
TLS negotiations
MiTM attacks on TLS
https://www.hhs.gov/sites/default/files/securing-ssl-tls-in-healthcare-tlpwhite.pdf
https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=TLS
https://www.roe.ch/SSLsplit
https://mitmproxy.org

Wireshark Download Wireshark

https://www.wireshark.org/docs/
https://wiki.wireshark.org/TLS
Top 10 filters
Packet Diagrams in Wireshark
List of packet capture tools
Wireshark Filter for SSL Traffic
Traffic Analysis of TLS
Dissecting TLS with wireshark
https://ctf.rip/bsides-sf-ctf-2017-root-crypto-challenge/

Shodan https://help.shodan.io/data-analysis/ssl-analysis-by-country
https://www.shodan.io/search/report?query=ssl.version%3A"sslv2"
https://beta.shodan.io/search/facet?query=ssl.version%3Atlsv1&facet=vuln.verified
https://help.shodan.io/command-line-interface/3-stats
https://shodan.readthedocs.io/en/latest/examples/query-summary.html

Cryptography & https://soatok.blog/2021/01/20/please-stop-encrypting-with-rsa-directly/

mathematics CyberChef - Create RSA key pair
https://privacycanada.net/mathematics/
The Mathematics of Encryption - American Mathematical Society
The mathematics of cryptology - UMass Math
https://simpleaswater.com/cryptography/
Science of Secrecy Ep03 - Part 1
Science of Secrecy Ep03 - Part 2
Diffie-Hellman Key Exchange - Youtube

CTF Capture The Flag (CTF) Field Guide

https://github.com/DarkStar7471/CTF-HeartBleed
https://github.com/welchbj/ctf/blob/master/docs/pcap.md
https://www.cybergoat.co.uk/writeup/Wireshark-TryHackMe/
https://ctf.rip/bsides-sf-ctf-2017-root-crypto-challenge/