Thông tin sản phẩm

  Hands-on education for security
experts of embedded systems.
Introducing esDynamic Learning:
eShard have developed a new efficient way of learning online.
We believe that the best way to acquire knowledge is to be
hands-on following and learning from pre-defined practical use
cases. We understand the time pressures security experts are
under and have developed flexible learning methods that enable
users to complete learning at times that suit them. Everyone is
different, everyone works at their own pace.

  Identify, manage and solve
security challenges in mobile
and connected devices.
Exploring a new way to acquire hands-on
knowledge
esDynamic delivers the best way to learn. The software is
browser based, in the cloud, accessible through a simple log
in/password. Use our collaboration feature allowing a trainee
and an eShard expert to interact on the same space at the same
time, enabling an effective transfer of knowledge and learning
experience.
We have developed a large library of specialized trainings that
targets all levels of expertise. Beginners have the opportunity
to quickly progress with dedicated sessions. Experts will be
able to expand their knowledge in a given area. The principle
is simple: sessions are targeted and relate to specific points
in given technologies where eShard are experts, for example,
cryptography side-channel, mobile application reverse
engineering and deep learning.
Every session commences with a digital interaction with one of
our experts, giving an overview of the module at a high level.
The user is then able to conduct the learning at their pace
with our expert available online for support and help. Start by
understanding the module you are about to undertake, try the
exercises and test your knowledge. Finally, at the end of the
learning module there is a review with an opportunity to check
the learning and ask any questions with one of our experts.

How it is organised:
Mode 1 – On-site for privileged collaboration with the trainer.
Full days dedicated to the training.
Mode 2 – Remote access using online esDynamic platform.  

  Education programs in all technical areas where eShard are
expert. Below are examples of sessions. Contact us to get the
full program or if you have specific requests.

Side-channel essentials
Get the basic in side-channel analysis. You will understand
and implement main attack techniques on trace sets provided.
eShard experts will guide you all along these trainings.
Trace alignment – Gain knowledge on the main signal
processing techniques to observe and align side-channel
traces. We provide misaligned trace sets and you practice until
you succeed to realign and perform successful attacks. This
session includes different use cases.
Learn and implement the principles of side-channel
analysis
– Learn the background knowledge to perform
your first analysis. You will become familiar with sidechannel leakage models, characterization with T-test and key
knowledge, distinguishers like DPA, CPA. You will code practice
on theoretical and real AES use cases.
 

Side-channel advanced
Extend your knowledge and fine tune your skills on well-chosen
use cases on dedicated topics.
Implement countermeasure to protect your symmetric
implementations against first order attacks
- Gain knowledge
on desynchronisation, shuffling, masking techniques to protect
your products from first order attacks. You will code a masking
countermeasure and perform characterization and attacks to
validate the resistance of your code to first order side-channel
analysis.
Learn, code and practice side-channel attack in the final
multiplication of the ECDSA signature
– Implement the basic
attack. Practice and learn how to improve the attack to make it
efficient on multipliers architectures. Using the provided trace
set you will practice until you recover the ECDSA key.

 WhiteBox cryptography

The Whitebox cryptography target is a piece of binary. Learn
how to get this piece of binary and lift it to achieve dedicated
attacks to extract the secrets.
Trace a binary and get the secret by observation – Learn how
to emulate a binary using different frameworks, some from the
open source community. Get an understanding how you can
dramatically optimize this effort. You will be able to observe
and analyse the registers or the memory access manipulated
over an algorithm execution. Exposing the secret key will be
the last step.

Fault a binary and get the secret by differential attack
Tune an attack by setting up a fault campaign using open
source Unicorn and proprietary Qemu framework. Explore the
pros and cons of both techniques. Launch a fault campaign
to harvest valuable faulty ciphertexts and process them to
retrieve the secret key.

Mobile application reverse engineering
essentials
Mostly on Android mobile applications, get a first practical
experience in reversing mobile applications or Linux based
binary file by experiencing different techniques, such as static
or dynamic analyses: code instrumentation, debugging, etc.
Practicals are based on common public frameworks.
Static analysis – Get a good understanding on how the mobile
application binary is structured and how it is managed by the
mobile platform. Essential to find the targeted code(s).
Dynamic analysis - hooking – Enhance the reverse engineering
capabilities by using hooking framework such as Frida.


Mobile application reverse engineering
advanced
Jump to more advanced techniques and tools. These sessions
are ideal for experimented in Unix-based systems or explore
sophisticated dynamic analyses tools.
Dynamic Binary Analysis using Panda – Perform advanced
binary analyses with Panda framework for recording and
replaying executions. Develop a new Panda plug-in to enhance
the dynamic analysis capabilities.
Concolic executions – Experiment concolic testing with
Angr to solve an algorithm and express it as an equation.
This technique is particularly relevant to fight heavy native
obfuscation.

About eShard:
At eShard we are dedicated to bringing the very best cyber security tools to
the worlds security experts, empowering professionals to understand and
manage the threats within any device that is connected.
We are committed to developing powerful, usable and innovative tools that
enable security professionals and experts to master their cyber connectivity
challenges, helping them find the solutions they need to prosper in their
markets.

 

 

Danh sách tài liệu:
contact
Tìm kiếm