esCoaching
Learn by Doing
-
Step 01.Theoretical
Learn the theory
Launch the training module, ask questions and learn.
-
Step 02.Practical
Put it in practice
Conduct the exercise at your pace. Learn on support as needed.
-
Step 03.Final review
Take the test
Share your exercise and results. Review with an expert.
We believe that the best way to acquire knowledge is to be hands-on following and learning from pre-defined practical use cases. We understand the time pressures security experts are under and have developed flexible learning methods that enable users to complete learning at times that suit them. Everyone is different, everyone works at their own pace.
We have developed a large catalog of specialized training that targets all levels of expertise. Beginners have the opportunity to quickly progress with dedicated sessions. Experts will be able to expand their knowledge in a given area. The principle is simple.
Collaborating on eShard Saas Learning Platform, trainees and an eShard expert interact on the same workspace at the same time, enabling an effective transfer of knowledge and learning experience. All the training content is pushed onto the platform and is available during all the time of the session.
Our coaches
With esCoaching you get a coach to support you along the entire learning path. Our coach are recognized experts in their field with strong knowledge but also the pedagocical approach to share it. They are available online to answer all your questions via chat or phone call until you complete your module.
-
AurelienVASSELLE
-
GuillaumeBETHOUART
-
GuillaumeVINET
-
LionelRIVIERE
-
BenjaminTIMON
-
TianaRAZAFINDRALAMBO
Our Catalog
Mobile App Essential: Android Reverse Engineering
- The anatomy of an application
- The lifecycle of an application
- Entry points to focus on
- How applications are launched
- The underlying runtime environment to better foresee what's outside of the box instead of only focusing on the application
- The SMALI syntax
- Introduction to tools
- This module is an introduction to the different notions for reverse engineering. There is no practical for this session
- knowledge of the Java programming language
- at ease with Linux-based environment system
-
- Disassemble and decompile an application to start reviewing the code
- Surface analysis, finding entry points and low hanging fruits
- Patching an application
- Use Android Studio to review your code and apply some best practices while reverse engineering the code
- Tips for reviewing obfuscated code
- knowledge of the anatomy of an Android app (if not, Module 1 required)
- knowledge of the SMALI syntax (if not, Module 1 required)
- knowledge of the Java and C/C++ programming languages.
- at ease with Linux-based environment system
- knowledge of the Java programming language
- beginner level with the tools: GHIDRA, Android Studio, jeb (or any free alternative, like jadx)
-
Static Analysis of an Android application
- Dynamic analysis techniques to analyse a code being executed at runtime
- Perform remote debugging of an application using Android Studio, IDA Pro
- Dynamic code hooking (Java and Native) with FRIDA
- knowledge of the anatomy of an Android app (if not, Module 1 required)
- knowledge of the SMALI syntax (if not, Module 1 required)
- knowledge of the Java and C/C++ programming languages.
- at ease with Linux-based environment system
- knowledge of the Java programming language
- beginner level with the tools: GHIDRA, Android Studio, jeb (or any free alternative, like jadx)
- the trainee will need his own physical device to run applications. The device must be run under Android greater or equal to version 6.
-
Dynamic Analysis of an Android application
- it can be used before applying for any module. As an outcome the trainee will know the gaps in knowledge he has to fill, and thus, what module is more suitable for him
- it can also be used at the end of a training, when the trainee is done with all the modules. The main outcome for the trainee will be the assessment of his progress.
-
Android: Crack-me Challenge
Android basics from the reverse engineer point of view
Description
This module is dedicated to anyone willing to understand the basics of Android applications reverse engineering. Through our practicals, you will unfold an Android mobile application and explore its different components. And for each component, a first exploration will be made to understand how they work, and how they are executed during the process and better understand the potential entry points. Basics of the runtime execution environment are covered.
Topic covered
adb, application lifecycles, dvm, art, runtime environment, application anatomy, entry points, java, native code
Outcome
What you will learn:
Practice
Requirements
Price
€1,500.00
I am interested: Android basics from the reverse engineer point of view
Static Analysis of an Android application
Description
This module mainly focuses on static analysis of an Android application. It is split in two parts: the first one focuses on the static analysis of the java code, and the second one on the native code. During this module trainees will learn how to find entry points from where one can perform further analyses. Different techniques and tools will be demonstrated so the trainees can practice.
Topic covered
static analysis, reverse engineering, java, native, code review
Outcome
What you will learn:
Practice
A CrackMe-like challenge is provided as a practical exercise. Different flags have to be found with only one condition: the trainee has to only perform static analysis to reverse engineer the application and retrieve those flags. The trainee will have to extract and decompile or disassemble the code to review it. The trainees will have to apply the tips that were provided while using Android Studio to review the code, especially, obfuscated ones.
Requirements
Price
€1,500.00
I am interested: Static Analysis of an Android application
Dynamic Analysis of an Android application
Description
This modules focuses on dynamic analysis techniques. It is split in two parts: the first one is focused on tools and techniques that can be used for the Java code, and the second one for the native code. Trainees will learn how to debug an application using different alternatives, and also how to instrument the code using FRIDA.
Topic covered
dynamic analysis, reverse engineering, java, native, code instrumentation, debugging
Outcome
What you will learn:
Practice
This is a CrackMe-like challenge where flags have to be found by only applying dynamic analysis tools and techniques. The trainee will have to analyse an application at runtime by debugging the code and by instrumenting it using FRIDA.
Requirements
Price
€1,500.00
I am interested: Dynamic Analysis of an Android application
Android: Crack-me Challenge
Description
This last module is dedicated to a practical reverse engineering of a crackme-like challenge. An application has been protected in a such a way that you can practice any of the techniques you have learned through the different modules to find hidden flags/passwords.
Topic covered
crackme, reverse engineering, static analysis, dynamic analysis
Outcome
This technical challenge can be used in two ways:
Practice
This practical technical exercise is a crackme-like challenge where the application has to be reverse engineered in order to retrieve different flags. The application is obfuscated and different static and runtime protections are applied.
Requirements
This module is defined to set requirements. Come as you are and we will see together where you stand.
Price
€1,500.00
I am interested: Android: Crack-me Challenge
Mobile App Essential: iOS Reverse Engineering
- iOS security model - Application sandbox
- The anatomy of an iOS application
- The lifecycle of an application
- iOS' architecture
- the objective-c/swift
- Basic understanding of Unix-based system
- Knowledge of C/C++ programming language
-
iOS basics from the reverse engineer point of view
- Understand the Mach-O format
- Disassemble and decompile an application to start reviewing the code
- How to review compiled Swift and Obj-C code.
- How to exploit meta information inside an objective-c code
- macOS
- Jailbroken iPhone on iOS 13 and above.
- Xcode and the developer tools.
- An ARM disassembler like IDA (+Hex-Rays decompiler), or Ghidra.
- Basic understanding of the Objective-C and Swift programming languages.
- Basic understanding of the AARCH64 assembly language. (If beginner level, the module related to ARM is required)
-
Static Analysis of an iOS application, Part 1
- Finding relevant entry points from where to start the exploration.
- Information gathering.
- Figuring out the inner workings of the application under analysis
- macOS
- Jailbroken iPhone on iOS 13 and above.
- Xcode and the developer tools.
- An ARM disassembler like IDA (+Hex-Rays decompiler), or Ghidra.
- Basic understanding of the Objective-C and Swift programming languages. (If beginner level, the module related to part 1 Static Analysis of an iOS Application is required)
- Basic understanding of the AARCH64 assembly language. (If beginner level, the module related to ARM is required)
-
Static Analysis of an iOS application, Part 2
- How to set up your working environment
- Dynamic analysis techniques to analyse a code being executed at runtime
- Patching and repackaging an application on a device with or without Jailbreak
- Instrument the application using FRIDA on a device with or without Jailbreak
- macOS
- Jailbroken iPhone on iOS 13 and above.
- Xcode and the developer tools.
- beginner knowledge in debugging
- basic knowledge of javascript
- An ARM disassembler like IDA (+Hex-Rays decompiler), Hopper or Ghidra.
- Basic understanding of the Objective-C and Swift programming languages. (If beginner level, the module related to part 1 Static Analysis of an iOS Application is required)
- Basic understanding of the AARCH64 assembly language (If beginner level, the module related to ARM is required)
-
Dynamic Analysis of an iOS application
- it can be used before applying for any module. As an outcome the trainee will know the gaps in knowledge he has to fill, and thus, what module is more suitable for him
- it can also be used at the end of a training, when the trainee is done with all the modules. The main outcome for the trainee will be the assessment of his progress.
- macOS
- Jailbroken iPhone on iOS 13 and above.
- Lightning cable to connect your iDevice to your computer.
- Xcode and the developer tools.
-
iOS: Crack-me Challenge
iOS basics from the reverse engineer point of view
Description
In this module, you will get the basic information to reverse engineer an iOS application. You will understand what an iOS application is made of, its structure and components, its lifecycle, the iOS architecture and the Swift /Objective-C language. You will also have an overview of the Tools that are required to reverse engineer an iOS application. Finally, you will get an introduction to the iOS security model and the concept of application sandbox.
Topic covered
application life cycles, architecture, objective-c, runtime
Outcome
What you will learn:
Practice
There is no practical here.
Requirements
Price
€1,000.00
I am interested: iOS basics from the reverse engineer point of view
Static Analysis of an iOS application, Part 1
Description
In this module, you will get knowledge on manual static analysis of an iOS application. You will understand few rules of thumb that can be used to have a systematic approach while manually reverse engineering. Focus will be particularly put on understanding how to analyse compiled Obj-C and Swift code. This is the first part of a 2-parts training.
Topic covered
static analysis, reverse engineering, native, objective-c, swift
Outcome
What you will learn:
Practice
Multiple binaries and challenges are provided so that trainees can practice reverse engineering compiled Swift and Obj-C codes.
Requirements
Price
€2,000.00
I am interested: Static Analysis of an iOS application, Part 1
Static Analysis of an iOS application, Part 2
Description
This module is the 2nd part of the series related to <em>"Static Analysis of an iOS application"</em>. This time the focus is put on understanding how to figure out the inner workings of an iOS application depending on what APIs are being used (e.g APIs related to Cryptography, Keychain, File manipulation, etc.) and also what kind of framework is being used (e.g UIKit, SwiftUI, SpriteKit, RealityKit, etc.)
Topic covered
Outcome
What you will learn:
Practice
A CrackMe-like challenge is provided as a practical exercise. It is a full iOS application. Different flags have to be found with only one condition: the trainee has to only perform static analysis to reverse engineer the application and retrieve those flags. The trainee will have to extract and decompile or disassemble the code to review it. The trainees will have to apply the tips that were provided while using IDA Pro with Hex-Rays decompiler
Requirements
Price
€2,000.00
I am interested: Static Analysis of an iOS application, Part 2
Dynamic Analysis of an iOS application
Description
In this module, you will get knowledge on dynamic analysis techniques to understand the inner workings of an iOS application. You will see the different steps of analysing an application at runtime from the repackaging process of an application to the use of an instrumentation framework.
Topic covered
dynamic analysis, reverse engineering, code instrumentation, repackaging, signing
Outcome
What you will learn:
Practice
This is a CrackMe-like challenge where flag(s) have to be found by only applying dynamic analysis tools and techniques. The trainee will have to patch the code and he will have to analyse the application at runtime by debugging and instrumenting it using and FRIDA.
Requirements
Price
€2,000.00
I am interested: Dynamic Analysis of an iOS application
iOS: Crack-me Challenge
Description
In this module you will be challenged. It is a practical reverse engineering of a crackme-like challenge. An application has been protected in a such a way that you can practice any of the techniques you have learned through the different modules to find hidden flags/passwords.
Topic covered
crackme, reverse engineering, static analysis, dynamic analysis
Outcome
This technical challenge can be used in two ways:
Practice
This practical technical exercise is a crackme-like challenge where the application has to be reverse engineered in order to retrieve different flags. The application is obfuscated and different static and runtime protections are applied.
Requirements
Price
€2,000.00
I am interested: iOS: Crack-me Challenge
Mobile App Advanced
- What is symbolic execution, SAT problems, theorem proving and concolic testing concepts
- How to perform symbolic testing with Angr
- How to define constraints to solve SAT problems
- a practical technical challenge is provided where the trainee has to use Angr to analyse the code to retrieve hidden flags.
- You will have to figure out what is the algorithms that have to be analysed to retrieve the flags? From those algorithms, he will also have to find out the constraints to apply so the SAT solver used by Angr can resolve the problem in a finite time.
- Multiple binaries will be provided, and different notebooks to describe the exercise for a step by step approach
- Programming languages: C/C++
- Linux environment system
- ARM Assembly language
- Tools: IDA or GHIDRA (module 2, Essential Reverse Engineering)
-
Symbolic Execution
- learn how to instrument a process under a linux-based system leveraging the linker
- get a practical experience in dynamic analysis of native code
- understand how a linker can be exploited to hijack a code into another process
- understand how the linker and the loader work
- develop his own code instrumentation program with the aim of hijacking the code of a process
- Programming languages: C/C++
- Linux environment system
- Basic ARM Assembly language knowledge
- Tools: IDA or any other free alternative (module 2, Essential Reverse Engineering)
-
Deep dive into Linux/Android loader and Dynamic Linker
- To use Panda-RE to record and replay the execution of a code
- To create your own Panda plug-in
- To pass a critical step for performing advanced dynamic analyses
- break a DRM protection implemented in a program
- use Panda-RE to execute the program, record the execution flow,
- use Panda-RE to replay the execution flow at will in order to figure out where and when to attack
- Programming languages: C/C++
- Linux environment system
- Basic ARM Assembly language knowledge
-
Panda-RE
-
Code instrumentation with FRIDA
- What is code emulation, and in what case it is very useful
- How to use Unicorn to emulate a custom CPU to execute a code.
- How to reverse engineer a virtual machine using Unicorn
- Programming languages: C/C++, Java
- Linux environment system
- Basic ARM Assembly language knowledge
- How to disassemble and decompile an application (module 1 and 2, Essential Reverse Engineering)
-
Reverse engineering a Virtual Machine using Unicorn
- How to implement a decompiler using GHIDRA and SLEIGH
- How to perform static analysis using non commercial tools
- Programming languages: C/C++, Java
- Linux environment system
- Basic ARM Assembly language knowledge
- How to disassemble and decompile an application (module 2, Essential Reverse Engineering)
-
Static Analysis of a virtual machine using GHIDRA
- Introduction to ARM assembly
- ARM32 registers
- ARM & Thumb modes
- The stack
- Loading & storing data
- ARM32 calling convention
- Introduction to ARM64 assembly
- Registers comparison between ARM32 & ARM64
- ARM64 calling convention
- Programming languages: C/C++
- Basic knowledge of IDA (+hex-rays decompiler) or GHIDRA
-
Code Review of ARM Assembly Code
Symbolic Execution
Description
This practical course focuses on symbolic execution, more particularly on the Angr framework. Combining a collection of static analysis techniques, it enables one to perform dynamic analysis leveraging so-called symbolic execution of a program. An introduction to the theorem prover Z3 and an overview of concolic testing is covered. Trainees will learn an alternative to tackle obfuscation techniques and runtime security controls using Angr in situations where static analysis is difficult.
Topic covered
angr, z3, symbolic execution, theorem prover,
Outcome
What you will learn:
Practice
Requirements
Price
€2,000.00
I am interested: Symbolic Execution
Deep dive into Linux/Android loader and Dynamic Linker
Description
This module concerns dynamic analysis, and is a common technique when analysing native codes on different platforms. This practical session focuses particularly on memory allocators and ELF loaders in Linux-based systems. A deeper dive into Linux/Android Loader and the Dynamic Linker will enable to better understand how an ELF binary is handled by the platform and how to instrument the native code of a process.
Topic covered
linux systems, ELF, loader, linker, code instrumentation
Outcome
Practice
In this practical exercise, the trainee will have to:
Requirements
Price
€2,000.00
I am interested: Deep dive into Linux/Android loader and Dynamic Linker
Panda-RE
Description
This practical course walks through Panda-RE framework to trace native executions and replay them for further analyses. This course will require developing a new Panda plug-in to enhance its capabilities. Following this course, you will do a step in advanced dynamic reverse engineering.
Topic covered
dynamic analysis, code emulation, record and replay execution
Outcome
What you will learn:
Practice
In this exercise, the trainee will have to:
Requirements
Price
€2,000.00
I am interested: Panda-RE
Code instrumentation with FRIDA
Description
Code instrumentation is a dynamic analysis technique that aims at controlling the behavior of the application's code. With this ability one can passively intercept data transiting between functions or modify the code of a whole function. FRIDA is the swiss army knife of code instrumentation frameworks, and this module will teach trainees how to use it to reverse engineer mobile applications.
Topic covered
code instrumentation, frida, dynamic analysis
Outcome
What you will learn: - What is code instrumentation and why it is useful and complementary to static analysis - How to use FRIDA to instrument the code of an application, and automate tests
Practice
A practical exercise is provided and is part of the a 3-parts exercise. It is a Crackme-like challenge, where FRIDA must be used to analyse an the code of an application at runtime. The main objective in this first part, is to recover an HMAC Key and dump the memory of a Virtual Machine that will be analysed later on.
Requirements
Programming languages: C/C++, Java Linux environment system Basic ARM Assembly language knowledge How to disassemble and decompile an application (module 2, Essential Reverse Engineering)
Price
€2,000.00
I am interested: Code instrumentation with FRIDA
Reverse engineering a Virtual Machine using Unicorn
Description
Virtualization-based security technique is a popular technique to protect and run sensitive code. The challenge it brings is the additional task of reverse engineering a code implemented with custom instructions in the context of an application protected with multiple layers of protections. In this context lifting the to-be-reverse-engineered code outside and emulating it would be one of the best solution. In this training, trainees will learn to use Unicron with the aim of recovering the custom code of a virtual machine embedded within an application.
Topic covered
code emulation, unicorn, dynamic analysis
Outcome
What you will learn:
Practice
This is the second module of a 3-parts exercise. The trainee will have to use Unicorn in order implement a custom CPU so the code that was recovered from the first part of the exercise can be executed and analysed at runtime. The main objective of the exercise is to reverse engineer the code of a custom virtual machine that is used to execute a custom code that implement sensitive code.
Requirements
Price
€2,000.00
I am interested: Reverse engineering a Virtual Machine using Unicorn
Static Analysis of a virtual machine using GHIDRA
Description
Dynamic and Static analysis techniques are complementary, namely, it is often difficult to only focus on one single type of technique while reverse engineering an application. Dynamic analysis provides a a faster and straightforward approach to get an information. Static analysis is a slower approach but ensures a larger code coverage. If one had to reverse engineer a custom assembly code excuted by a custom virtual machine, being able to disassemble and decompile the code into a more comprehensive code brings the ability to review it without having to execute it. This module focuses on the reverse engineering tool: GHIDRA and its language specification, SLEIGH. The aim of this module is to show how to implement a custom decompiler for a virtual machine.
Topic covered
static analysis, decompiler, ghidra, sleigh
Outcome
What you will learn:
Practice
This is the third and last exercise of a 3-parts exercise. In this module, the trainee will have to use GHIDRA and SLEIGH to implement a decompiler for the virtual machine that has been recovered from the very first part of this exercise. The trainee will understand why static and dynamic analysis are complementary
Requirements
Price
€2,000.00
I am interested: Static Analysis of a virtual machine using GHIDRA
Code Review of ARM Assembly Code
Description
This module is dedicated to learning how to review ARM assembly code using reverse engineering tools such as IDA or GHIDRA.
Topic covered
code review, decompiler, ghidra, IDA, disassembler
Outcome
What you will learn:
Practice
Multiple binaries and challenges are provided so trainees can practice reverse engineering ARM32 and ARM64 codes.
Requirements
Price
€1,500.00
I am interested: Code Review of ARM Assembly Code
Whitebox Cryptography
- Generate traces or faulty outputs with Unicorn, esTracer or esFaulter.
- Execute a Computation Analysis or a fault injection, such as Differential Fault Analysis (DFA).
- Execute a native ELF library extracted from an Android application with Unicorn.
- Create a launcher to be able to execute a native Android library with Qemu.
- Trace a native Android AES White-Box library or the DES Wyseur White-Box with esTracer or Unicorn.
- Inject faults during the execution of a native Android AES White-Box library or the DES Wyseur White-Box with esFaulter.
- Perform a computational analysis with generated traces.
- Perform a differential fault analysis with generated faulty outputs.
- Native code analysis
- Basic ARM Assembly language
- Basic coding knowledge
- Basic knowledge in side-channel analyses
-
WBC Binary Instrumentation
- Trace memory access with the Side Channel Marvels tools.
- Perform a Computation Analysis with the Side Channel Marvels Daredevil tool.
- Inject static fault in a binary with the Side Channel Marvels Deadpool tool.
- Perform a Differential Fault Analysis with the Side Channel Marvels JeanGrey tool.
- Inject a double fault in a White-Box.
- Attack the classical Wyseur Challenge with side-channel techniques, using the Side Channel Marvels.
- Attack the CHES 2016 Challenge with a DFA, using the Side Channel Marvels (Deadpool DFA and JeanGrey).
- Defeat a White-Box binary with a double fault attack using esFaulter.
- Native code analysis
- Basic ARM Assembly language
- Basic coding knowledge
- Basic knowledge in side-channel analyses
-
Side Channel Marvels Tools & Double Fault Injection Attack.
- APK decompilation
- Java code analysis
- Identify the White-Box implementation
- Create a launcher to execute the White-Box
- Recover the White-Box key
- Understand how to compute the application cryptogram
- Attack a White-Box implementation embedded in an Android payment application. You will have to recover the PIN code and the White-Box key to understand how to generate a correct payment cryptogram.
- Native code analysis
- Basic ARM Assembly language
- Basic knowledge in side-channel analyses
- Execute/Trace a binary (module WBC.1)
-
Breaking a White-Box implementation embedded in an Android Application (Intermediate Level).
- APK decompilation
- Java code analysis
- Identify the White-Box implementation
- Create a launcher to execute the White-Box
- Recover the White-Box key
- Defeat Device Binding Protections
- Understand how to compute the application cryptogram
- Attack a White-Box implementation embedded in an Android payment application. You will have to recover the PIN code and the White-Box key to understand how to generate a correct payment cryptogram. This application is protected with device binding mechanisms.
- Native code analysis
- Basic ARM Assembly language
- Basic knowledge in side-channel analyses
- Execute/Trace a binary (module WBC.1)
-
Breaking a White-Box implementation embedded in an Android Application (Hard Level).
WBC Binary Instrumentation
Description
This practical course introduces the methodology to attack a native white-box binary: visualisation of the binary execution, localisation of the area of interest, execution of a Computational Data Analysis (CDA) or Differential Fault Analysis (DFA), and recovery of the master key from the round key. All these steps will be performed with Qemu and Unicorn frameworks.
Topic covered
White-Box, Computational Analysis, Differential Fault Analysis, Unicorn, esTracer, esFaulter.
Outcome
What you will learn:
Practice
Requirements
Price
€2,000.00
I am interested: WBC Binary Instrumentation
Side Channel Marvels Tools & Double Fault Injection Attack.
Description
This practical course introduces the Side Channel Marvels framework. You will learn how to use its different modules to visualise a binary execution, to perform a CDA or DFA, and finally to recover the master key. This module is also composed of a White-Box challenge that shall be defeated with a double fault attack.
Topic covered
White-Box, Computational Analysis, Differential Fault Analysis, Side-Channel Marvels, Double Fault.
Outcome
What you will learn:
Practice
Requirements
Price
€2,000.00
I am interested: Side Channel Marvels Tools & Double Fault Injection Attack.
Breaking a White-Box implementation embedded in an Android Application (Intermediate Level).
Description
This practical course targets an Android Application containing a native white-box library. You will learn how to defeat classic obfuscation mechanisms to extract the white-box library, an then how to execute and attack it to recover the secret key.
Topic covered
White-Box, Computational Analysis, Differential Fault Analysis, Device Binding, Android.
Outcome
What you will learn:
Practice
Requirements
Price
€2,000.00
I am interested: Breaking a White-Box implementation embedded in an Android Application (Intermediate Level).
Breaking a White-Box implementation embedded in an Android Application (Hard Level).
Description
This practical course targets an Android Application containing a native white-box library protected with device binding mechanisms. You will learn how to defeat these mechanisms to extract the white- box library, and how to execute and attack it to recover the secret key.
Topic covered
White-Box, Computational Analysis, Differential Fault Analysis, Device Binding, Android.
Outcome
What you will learn:
Practice
Requirements
Price
€2,000.00
I am interested: Breaking a White-Box implementation embedded in an Android Application (Hard Level).
Side-Channel Attacks Essential
- Introduction to Python programming language
- Most important Python features for side-channel
- Most important Python libraries for side-channel
- Python optimizations for efficient side-channel
- Presentation of the Scared open-source side-channel library
- Manipulate multi-dimensional arrays with numpy
- Perform most common statistical operations on traces data
- Implement your own analysis object • Use Scared Python APIs to pilot a side-channel analysis
- Basic knowledge in programming
-
Before starting - Python for Side-Channel crash course
- Side-channel (leakage) origins
- Leakage model(s) to consider on products?
- How do I characterize the device leakage?
- What methodology do I have to follow?
- How to select and define the selection function for the cryptographic operation I am targeting
- How to combine with a statistical distinguisher?
- Perform DPA and correlation basic tests
- Code your own DPA attack and your AES selection function
- Run characterization tests
- Attack real traces for different use cases
- Basic knowledge in cryptographic algorithms (AES, TDES)
- Basic knowledge in coding (Python)
- Basic knowledge in algebra
-
Side-Channel Analysis Principles
- Observe side-channel traces on modern devices
- Play with the device functionalities
- Scan the IC area with EM probes
- Find significant leakage areas
- Set-up traces collection and run it
- Prepare your T-test
- Synchronize your traces
- Run T-test and side-channel reverse analysis for characterization
- Run attacks to recover the key
- On site in Pessac (France) training only
- Basic version on your premises possible
- Basic knowledge instrumentation (oscilloscope)
- Basic knowledge in side-channel (module SCAE.2)
-
Collect traces - Measurement Training
- Overview of misalignment phenomenons
- Presentation of signal processing techniques for SCA (filters, moving operators, pattern detection)
- How to use filters: high/low pass, band-pass.
- How to use moving operators.
- How to use pattern detection.
- How to use peak detection.
- Practice signal processing methods on real side-channel dataset
- Apply filters, moving operators, patterns and peaks detection
- Combine different signal processing techniques to align noisy and de-synchronized side-channel dataset from scratch.
- Basic knowledge in coding (Python)
- Basic knowledge in side-channel (module SCAE.2)
-
Prepare traces - Traces alignment
- Strategy and methodology for leakage analysis
- Introduction to T-test and reverse side-channel analysis
- How to detect potential exploitable leakage in side-channel datasets.
- Perform reverse correlation tests on metadata
- Code your own T-test
- Run characterization tests: T-test to identify leakages in given traces
-
Observe traces - Leakage detection
- Presentation of attack strategies for key recovery on symmetric algorithms
- Presentation of masking countermeasures for symmetric algorithms
- Introduction to second-order attacks to defeat masking
- Code your own first order selection function for AES use case
- Test classical first order attacks and/or characterization on given trace set. Observe the results.
- Code your own second order selection function for AES use case
- Attack the related first order protected AES implementation and recover the secret on traces from a real use case
- Given traces from a second use case you will develop the right second order attack and recover the secret
-
Attack traces - Side-Channel Analysis on symmetric algorithms
- Introduction to profiled side-channel attacks
- Description of template attack method
- Introduction to Deep Learning for profiled side-channel analysis
- Practice template attack on side-channel datasets.
- Detect points of interest for templates.
- Run static template attacks on key values.
- Perform DPA-Template attacks to recover secret key.
-
Attack traces with learning - Profiled Attacks on symmetric algorithms
- Introduction to side-channel analysis on public key
- Get an overview of RSA attacks
- Get an overview of Ellliptic Curves attacks
- Practice leakage detections and key recovery attacks on RSA and ECC implementations
-
Attacking Public Key Cryptography (RSA, ECC): an overview of attack vectors
- Understand alignment issues for classical distinguishers
- Scatter principles: from traces to distributions
- Scatter distinguishers
- Reverse side-channel analysis with scatter
- Defeating shuffling, misalignment with scatter
- Implemented yourself a scatter attack
- Run scatter attacks on several use cases
- Compare with CPA
- Basic knowledge in coding (Python)
- Basic knowledge in side-channel (module SCAE.2)
-
Exploring a new attack: Scatter Principles
- Understand modular exponentiation techniques: Barrett, Montgomery, common algorithms
- Learn side-channel simple attacks on exponentiation
- Chosen message attacks
- Differential side-channel attacks on exponentiation
- Perform simple analysis on exponentiation use cases
- Run chosen message attacks
- Code your own correlation attack on given traces
- Basic knowledge in public key algorithms (RSA)
- Basic knowledge in coding (Python)
- Basic knowledge in algebra
- Basic knowledge in side-channel (module SCAE.2)
-
Analysing RSA: Focus on Modular Exponentiation
- Understand the typical ECC implementation techniques
- Understand modular exponentiation techniques: Barrett, Montgomery, common algorithms
- Learn side-channel simple attacks on scalar multiplication
- Learn Differential side-channel attacks on scalar multiplication
- Perform simple analysis on scalar multiplication use cases
- Implement core operations on ECC: doubling, addition, scalar multiplication
- Code your own side-channel attack on given traces
- Recover the secret scalar from given traces
- Basic knowledge in public key algorithms (Elliptic Curves)
- Basic knowledge in coding (Python)
- Basic knowledge in algebra
- Basic knowledge in side-channel (module SCAE.2)
-
Analysing ECC: Focus on Point Scalar Multiplication
Before starting - Python for Side-Channel crash course
Description
Python is today the preferred language for Data Science. Python open-source libraries for data science, statistics and machine learning make it a great language to perform efficient Side-Channel analysis. During this crash course, you will quickly get up to speed with Python, focusing on the language features and libraries useful to perform side-channel analysis.
Topic covered
python, side-channel, open-source
Outcome
Practice
Requirements
Price
€1,500.00
I am interested: Before starting - Python for Side-Channel crash course
Side-Channel Analysis Principles
Description
In this module, you will get the principles of side-channel analysis and the background knowledge needed to perform your first analysis. You will also practice on basic examples then on real use cases to become familiar with these techniques.
Topic covered
T-test, Distinguisher, DPA, Correlation, AES, Reverse analysis, Leakage models
Outcome
Practice
Requirements
Price
€1,500.00
I am interested: Side-Channel Analysis Principles
Collect traces - Measurement Training
Description
In this module, you will practice side-channel measurements on several modern hardware devices in side-channel laboratory. You will investigate for the good signal and run traces collections. Finally, you will analyze these traces.
Topic covered
measurement bench, oscilloscope, EM probes
Outcome
Practice
Requirements
Price
€1,500.00
I am interested: Collect traces - Measurement Training
Prepare traces - Traces alignment
Description
In this module, you will get knowledge on the main signal processing techniques to observe and align side-channel traces. We provide misaligned trace sets and you practice until your success to realign and perform successful attacks on several use cases.
Topic covered
signal processing, resynchronisation, trace alignment
Outcome
Practice
Requirements
Price
€1,500.00
I am interested: Prepare traces - Traces alignment
Observe traces - Leakage detection
Description
In this module, you will get knowledge on making your first steps in spotting leakages in side-channel traces. Some techniques using Welch T-Test or Chi2 can be used to characterize potential leakages. When metadata are available, it is also important to make analyses on them, since it provides valuable insights about the traces, the leakage model and potential information about the traces.
Topic covered
T-test, distinguisher, DPA, correlation (CPA), reverse analysis, leakage models
Outcome
Practice
Requirements
Price
I am interested: Observe traces - Leakage detection
Attack traces - Side-Channel Analysis on symmetric algorithms
Description
In this module, you will get the principles of side-channel analyses and the background knowledge needed to perform first and second order analyses. You will also practice on examples made from real use cases to become familiar with these techniques. In an incremental approach, you will go to a high order analyses and see how a masking protection can be defeated.
Topic covered
selection functions, AES, masking protection, centered product, CPA, first and second order.
Outcome
Practice
Requirements
Price
I am interested: Attack traces - Side-Channel Analysis on symmetric algorithms
Attack traces with learning - Profiled Attacks on symmetric algorithms
Description
In this module, you will get the principles of profiled side-channel analyses and the background knowledge needed to perform such analyses. You will learn that it involved having a learning phase with known, or even chosen, secrets. This is followed by an exploitation phase. This practical experience will give you an idea of the difficulty to apprehend such attacks in practice.
Topic covered
profiled attacks, template attacks, machine learning, deep learning
Outcome
Practice
Requirements
Price
I am interested: Attack traces with learning - Profiled Attacks on symmetric algorithms
Attacking Public Key Cryptography (RSA, ECC): an overview of attack vectors
Description
In this module, you will get an introduction about the different implementation and attacks related to Elliptic Curves or RSA algorithms. This will show you what are the different parts of the algorithm subject to potential attacks, and their principle. The practical will give you an experience on the reality of running such attack, with one of the main challenge is to deal with long data traces.
Topic covered
elliptic curves, RSA, CRT RSA, scalar multiplications, ECDSA, ECDH, simple and statistical analysis
Outcome
Practice
Requirements
Price
I am interested: Attacking Public Key Cryptography (RSA, ECC): an overview of attack vectors
Exploring a new attack: Scatter Principles
Description
In this module, you will get the knowledge of the new attack technique scatter. You will practice on examples using aligned and misaligned traces on real use-case to see the advantages.
Topic covered
misalignment, Chi-squared, mutual-information
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Exploring a new attack: Scatter Principles
Analysing RSA: Focus on Modular Exponentiation
Description
In this module, you will get the knowledge on public key cryptosystems implementations like RSA and DSA and the side-channel attacks threatening them. You will practice by implementing attack on trace sets provided to you.
Topic covered
exponentiation, correlation, RSA, DSA, modular arithmetic
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Analysing RSA: Focus on Modular Exponentiation
Analysing ECC: Focus on Point Scalar Multiplication
Description
In this module, you will get the knowledge on elliptic curve cryptosystems implementations like ECDSA, ECDH and ECIES and the side-channel attacks threatening them. You will practice by implementing attack on trace sets provided to you.
Topic covered
elliptic curves, scalar multiplications, ECDSA, ECDH, simple and statistical analysis
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Analysing ECC: Focus on Point Scalar Multiplication
Side-Channel Attacks Advanced
- AES side-channel chosen message explanation
- Why monobit leakage?
- (T)DES: how to select and define the selection functions
- Chosen messages on (T)DES
- Code chosen message attack on AES-256 FPGA traces at 1st round
- Develop the right selection function and attack the second round
- Find the key
- Code attack on (T)DES traces and recover the key
- Basic knowledge in cryptographic algorithms (AES, TDES)
- Basic knowledge in coding (Python)
- Basic knowledge in algebra
- Basic knowledge in side-channel (module SCAE.2)
-
Recover the key on a real FPGA use case
- Learn the different families of countermeasures: protocols, re-keying, desynchronization, masking
- Learn common countermeasures use cases for symmetric algorithms
- Attack an not protected AES implementation and recover the key
- Then protect this implementation by implementing an efficient countermeasure
- Reproduce the attack, use characterization to validate countermeasure efficiency on AES
- Test more countermeasures
- Familiar with AES algorithm
- Basic knowledge in coding (Python)
- Familiar with side-channel concepts (module SCAE.2)
-
Side-Channel Countermeasures
- Understand high order analysis leakage principles
- Learn side-channel high order attacks selection functions for classical symmetric algorithms countermeasures
- Test classical first order attacks and/or characterization on given trace set. Observe the results.
- Code your own second order selection function for AES use case
- Attack the related first order protected AES implementation and recover the secret on traces from a real use case
- Given traces from a second use case you will develop the right second order attack and recover the secret
- Familiar with AES algorithm
- Basic knowledge in coding (Python)
- Familiar with side-channel concepts (module SCAE.1)
-
High-Order Side-Channel Analysis
- Understand long integer multiplication attack on ECDSA
- Learn the different side-channel attacks to apply on long integer multiplication
- Perform simple analysis on ECDSA to identify the area of interest
- Characterize the sensitive data on provided trace sets
- Implement the attack(s) on provided trace sets
- Improve the attack on realistic multipliers architectures
- Familiar with Elliptic Curves
- Basic knowledge in coding (Python)
- Familiar with side-channel concepts (module SCAE.1)
-
Attack on ECDSA final multiplication
- Understanding the horizontal analysis principles
- Learning the horizontal side-channel attack targeting the scalar multiplication
- Implement the reverse analysis selection function(s) to identify the leakages
- Implement the horizontal attack selection function(s)
- Perform the horizontal analysis on given traces and recover the secret scalar
- Familiar with Elliptic Curves
- Basic knowledge in coding (Python)
- Familiar with side-channel concepts (module SCAE.1)
-
Horizontal Attack on ECC
- Understand the cross-correlation analysis principles
- Learn the cross-correlation side-channel attack targeting the double and add always scalar multiplication
- Implement the reverse analysis selection function(s) to identify the leakages
- Perform the cross-correlation analysis on given traces and recover the secret scalar
- You will use cluster analysis to improve the attack efficiency
- Familiar with Elliptic Curves
- Basic knowledge in coding (Python)
- Familiar with side-channel concepts (module SCAE.1)
-
Cross-Correlation Attack on ECC
- Understand the CRT-RSA operations in the CRT recombination
- Learn the side-channel attack targeting the multiplication by the secret prime value in the recombination
- Implement the reverse analysis selection function(s) to identify the leakages.
- Implement the CRT recombination selection function.
- Perform the correlation analysis on given traces and recover the secret prime first bytes.
- Improve the attack techniques to recover efficiently all secret bytes of the secret prime for modern multipliers architectures
- Familiar with CRT RSA
- Basic knowledge in coding (Python)
- Familiar with side-channel concepts (module SCAE.1)
-
Attack on CRT-RSA Recombination
- Remember side-channel countermeasures.
- Drawbacks of classical second order attacks.
- 2nd order accumulation, joint distributions and probability density functions.
- Scatter distinguishers.
- Compute the accumulators, joint distributions and probability density functions.
- Apply distinguisher and identify the secret.
- Attack first order protected AES implementation traces set from a real use case, given to you.
- Given traces from a secret trace set, with no indication from trainers at a first stage, recover the secret.
- Familiar with AES algorithm
- Basic knowledge in coding (Python)
- Familiar with side-channel concepts (module SCAE.2)
- Basic knowledge in Scatter attack (module SCAE.6)
-
Second-order scatter analysis
Recover the key on a real FPGA use case
Description
In this module, you will get knowledge on more complex side-channel attacks like chosen message attacks. You will practice on an AES-256 FPGA traces use-case to become familiar with these techniques.
Topic covered
chosen message, monobit model, Hamming distance, AES-256, TDES
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Recover the key on a real FPGA use case
Side-Channel Countermeasures
Description
In this module, you will get the knowledge on the main countermeasures’ principles (protocols, desynchronization, de-correlation) to protect your implementation from classical side-channel attacks. You will practice by implementing countermeasures and validate their efficiency.
Topic covered
desynchronization, shuffling, masking, first order attacks
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Side-Channel Countermeasures
High-Order Side-Channel Analysis
Description
In this module, you will learn the principles of high-order side-channel analysis that threatens first order protected implementations with masking. You will code the attack on a masked AES implementation. You will practice second-order attacks on different set of traces for different second order attack paths until your recover the keys.
Topic covered
high order, centered product, masking, selection function
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: High-Order Side-Channel Analysis
Attack on ECDSA final multiplication
Description
In this module, you will gain the knowledge on this attack and implement the basic attack. Then you will practice and learn how to improve the attack to make it efficient on realistic multipliers architectures. Using the provided traces, you will practice until you recover the ECDSA key.
Topic covered
long integer multiplication, ECDSA, correlation, iterative selection function
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Attack on ECDSA final multiplication
Horizontal Attack on ECC
Description
In this module, you will understand and implement a horizontal side-channel attack on an ECC double-and-add-always scalar multiplication. You will learn the principle of horizontal attacks. You will implement the attack and experience it on a provided trace set.
Topic covered
ECC, scalar multiplication, ECDSA, ECDH, ECIES, horizontal correlation
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Horizontal Attack on ECC
Cross-Correlation Attack on ECC
Description
In this module, you will get the knowledge on collision correlation attack (named sometimes cross-correlation) on ECC double and add always scalar multiplication. Then, you will implement the attack and practice until you recover the secret scalar on the provided trace set.
Topic covered
ECC, double and add always, cross correlation, collision
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Cross-Correlation Attack on ECC
Attack on CRT-RSA Recombination
Description
In this module, you will gain the knowledge on this attack and implement the basic attack. Then you will practice and learn how to improve the attack to make it efficient on realistic multipliers architectures. Using the provided traces, you will practice until you recover the RSA keys.
Topic covered
CRT-RSA, long integer multiplication, correlation
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Attack on CRT-RSA Recombination
Second-order scatter analysis
Description
In this module, you will learn the principles of scatter second order side-channel analysis. This technique threatens first order protected implementations including masking, jitter and shuffling combined together. You will be guided to implement steps of the attack on a masked AES implementation. You will practice second-order scatter attacks on different set of traces for different second order attack paths until your recover the keys.
Topic covered
high order, masking, joint distribution, joint probability density function, projection, distinguisher, selection function.
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Second-order scatter analysis
Side-Channel Attacks Deep Learning
- Smooth introduction to Deep Learning, with history and context.
- Understand Neural Networks. Presentation of different networks architectures.
- Understand key Deep Learning concepts: loss and accuracy, Gradient Descent, optimizers etc.
- Get familiar with the main Deep Learning frameworks: TensorFlow, Keras, PyTorch.
- Manipulate tensors.
- Build and manipulate neural networks.
- Prepare and format training data.
- Use DL frameworks APIs to perform Stochastic Gradient Descent.
- Perform a full Deep Learning training to classify data.
- Basic knowledge in coding (Python)
-
https://eshard.com//img/escoaching/side_channel.png
Introduction to Deep Learning
- Understand the CNN architecture.
- Get famliar with CNN layers and parameters: convolution, pooling, padding, channels
- Understand how to build efficient CNNs.
- Understand translation invariance of CNNs.
- Manipulate CNN layers.
- Compute input/output shapes and get familiar with layers chaining.
- Create custom CNN networks.
- Apply CNN to a data classification problem.
- Observe translation invariance on a use case.
- Basic knowledge in coding (Python)
- Knowledge on Deep Learning is required (module DL.1)
-
https://eshard.com//img/escoaching/side_channel.png
Convolutional Neural Networks
- Understand backpropagation and gradient descent.
- Understand optimization techniques such as learning rate decay, early stopping and transfer learning.
- Understand how to properly choose hyper-parameters.
- Advanced usage of Deep Learning frameworks
- Weights and gradients manipulation
- Manually compute gradients. Implement gradient descent manually.
- Perform transfer learning.
- Apply learning rate decay and early stopping.
- Basic knowledge in coding (Python)
- Knowledge on Deep Learning required (module DL.1)
-
https://eshard.com//img/escoaching/side_channel.png
Advanced Deep Learning
- Introduction to Profiled Side-Channel attacks
- Description of Deep Learning-based Side-Channel attacks
- Interests of Deep Learning for Side-Channel analysis
- Prepare and format side-channel data for Deep Learning
- Train Neural Network to classify side-channel leakages
- Exploit trained Neural Networks to perform DL-based Differential attacks
- Perform DL-based Side-Channel attack on standard AES implementation.
- Perform DL-based Side-Channel attack on masked AES implementation.
- Basic knowledge in coding (Python)
- Knowledge on Deep Learning required (module DL.1)
-
https://eshard.com//img/escoaching/side_channel.png
Deep Learning for SCA
- Understand how to build CNN architectures for Side-Channel analysis.
- Understand how to defeat de-synchronization of side-channel traces using CNNs.
- Understand how to use Data Augmentation to improve DL-Side-Channel attacks efficiency.
- Build CNN architecture for side-channel analysis
- Train CNN on desynchronized traces
- Perform DL attack on desynchronized traces
- Improve training and attack using data augmentation
- Basic knowledge in coding (Python)
- Knowledge on Deep Learning required (module DL.1)
-
https://eshard.com//img/escoaching/side_channel.png
CNN for SCA
- Understand how to run hyper-parameter search to optimize your side-channel network
- Understand how to use Sensitivity analysis to detect point of interests using neural networks
- Understand how to perform DL side-channel attacks in black box, without key knowledge, using non-profiled Deep Learning attacks
- Run hyper-parameter searchs to find optimal parameters
- Detect masks and Sbox points of interest in a masked AES implementation using a neural network
- Perform a Non-Profiled deep learning attack to recover a masked AES key without profiling.
- Knowledge on Deep Learning is required (module DL.1)
- Advanced Knowledge on Deep Learning is recommended (module DL.3)
-
https://eshard.com//img/escoaching/side_channel.png
Advanced Deep Learning SCA
Introduction to Deep Learning
Description
This module provides a general introduction to Deep Learning. It covers the basics of Deep Learning and gives an introduction to the most famous Deep Learning frameworks. At the end of the module the trainee will be able to understand basics of Deep Learning and to perform standard Deep Learning training tasks.
Topic covered
deep learning, neural networks, training, metrics, deep learning frameworks
Outcome
Practice
Requirements
Price
€1,500.00
I am interested: Introduction to Deep Learning
Convolutional Neural Networks
Description
Convolutional Neural Network (CNN) is one of the most efficient and most widely used neural network architecture. This module provides a comprehensive understanding of CNNs and presents the main interests of using such architecture.
Topic covered
Convolutional neural networks, convolution, pooling, translation invariance
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Convolutional Neural Networks
Advanced Deep Learning
Description
In this module, you will get a comprehensive understanding of the advanced concept used in Deep Learning and study how to further improve Deep Learning trainings using optimization techniques and good choice of hyper-parameters
Topic covered
gradient descent, backpropagation, hyper-parameters choice, learning rate decay, early stopping, transfer learning.
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Advanced Deep Learning
Deep Learning for SCA
Description
In this module you will study how Deep Learning techniques can be applied to perform Profiled Side-Channel Attacks as well as the interests of using such techniques to improve Side-Channel analysis of devices.
Topic covered
profiled attacks, deep learning side-channel attacks, masking
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: Deep Learning for SCA
CNN for SCA
Description
CNNs offer great benefits to perform Side-Channel analysis as the translation invariance property of this architecture can be used to overcome the effect of traces de-synchronization. In this module you will learn how Convolutional Neural Networks can be used to improve Side-Channel attacks.
Topic covered
CNN, desynchronised traces, translation invariance, data augmentation
Outcome
Practice
Requirements
Price
€2,000.00
I am interested: CNN for SCA
Advanced Deep Learning SCA
Description
In this module you will learn how to perform more advanced Side-Channel analysis with Deep Learning such as running hyper-parameters search to optimize your side-channel network, detecting points of interests using Sensitivty analysis and perform non-profiled Deep Learning attacks.
Topic covered
sensitivity analysis, non-profiled deep learning attacks, hyper-parameters search
Outcome
Practice
Requirements
Price
€2,000.00