Learning Path

Introduction to Applied Cryptography and Cryptanalysis

Learn about cryptography; applications, decrypting, and deobfuscating data.
8 hours, 26 minutes

What you will learn

This learning path discusses applied cryptography and cryptanalysis. The fundamentals of cryptography are introduced as well as common applications of cryptography. The path also introduces weak algorithms used by malware, how to identify them and methods for deobfuscating the data.


Security+ - Cryptography

Lab - 00:30:00

When using the Internet, users retrieve or share information. Depending on the application, purpose, and implementation methods, the need to provide data confidentiality, integrity, and authenticity emerges. To ensure these requirements are fulfilled and that only authorized parties have access to the data, the information transmitted over the Internet is obfuscated.
Cryptography and Cryptanalysis Skill Assessment

Assessment - 69 questions

Introduction to Cryptography

Course - 00:28:00

Before diving into the details of how cryptography can be used and attacked in applications, it’s important to start out with the basics. This course defines some of the fundamental vocabulary of cryptography and discusses the most important guiding principles used when designing and implementing cryptosystems.
Fundamentals of Cryptography

Course - 00:21:00

Encryption algorithms all do the same job but can do it in very different ways. However, some features can be found across multiple families of cryptosystems. This course discusses some of the mathematical operations and structural design elements that can be found in many different cryptographic algorithms.
Symmetric Cryptography

Course - 00:46:00

Symmetric cryptography is one of the two major classifications of cryptographic algorithms. This course describes the main features of a symmetric algorithm and the two main subcategories of symmetric ciphers: block and stream. AES and RC4 are discussed as common examples of a block and a stream cipher.
Asymmetric Cryptography

Course - 00:36:00

Asymmetric encryption algorithms take a very different approach to encryption. This course discusses the mathematical principles that are the basis of asymmetric encryption, the ways that RSA and Diffie-Hellman work, how asymmetric cryptography provides more than just confidentiality, and the benefits of elliptic curve cryptography.
Hash Functions

Course - 00:17:00

Hash functions are cryptographic algorithms designed to provide integrity protections rather than confidentiality. This course walks through how collision resistance works (and its importance to hash functions) and describes the SHA hash family, which includes some of the most commonly used hash functions.
Public Key Infrastructure (PKI)

Course - 00:19:00

Public Key Infrastructure is what makes digital signatures and asymmetric cryptography usable in the real world. This course describes how PKI works, the roles and responsibilities of the parties involved, and some of the fundamental assumptions of PKI and their impacts on the security of the system.

Course - 00:26:00

Secure Sockets Layer (SSL) and Transport Layer Security (TLS) underpin the internet, providing confidentiality and authentication to protocols that were not designed to include them (like HTTP). This course describes the history of SSL/TLS, how it works at a high level and some of the main historical attacks against the protocols.
Virtual Private Networks (VPNs)

Course - 00:19:00

Virtual Private Networks (VPNs) are a common security tool used to provide an end-to-end encrypted connection between a client and an endpoint server. This course discusses the pros and cons of the major VPN protocols and some of the limitations of the protections provided to the user by VPN software.
Secure Credential Management

Course - 00:25:00

Passwords are a common method for performing authentication to a system. However, these authentication systems can be attacked in a variety of ways. This course describes how modern credential management systems overcome most attacks and provides case studies of organizations managing passwords poorly.
Full Disk Encryption

Course - 00:10:00

The increasing use of mobile devices and improper disposal practices for devices creates situations where an unauthorized party can steal data from a device. Full disk encryption can help to protect an individual’s data on a device; however, it is not always a perfect solution, as discussed in this course.
Blockchain Technology

Course - 00:25:00

Blockchain is a promising new technology that draws heavily on cryptographic algorithms to provide its promised features. This course discusses how blockchain technology works and some of the ways that it uses public key cryptography and hash functions to implement a decentralized, immutable public ledger.
Introduction to Cryptanalysis

Course - 00:37:00

Cryptographic algorithms, if used correctly, can render data impervious to attack. However, it is common for them to be used incorrectly. This course describes some of the obfuscation methods commonly used instead of strong cryptography and how to identify and break them to read the original data.
Applied Cryptanalysis

Course - 00:26:00

Cryptanalysis is a useful skill for incident response since many malware authors try to protect their data and network traffic through obfuscation. This course demonstrates how to decrypt TLS traffic in Wireshark, how to decode malware command-and-control traffic, and how to identify and break a common way of hiding downloaded malicious files.
Cryptography and Cryptanalysis Project

Project - 02:11:00

Six challenges will test your applied cryptography skills. In this project, you’ll need to find information in encrypted network traffic, circumvent obfuscation to examine malware network communications and configuration samples, break down a hash function operation to find a specific input value and find the values of obfuscated passwords and cookies.

Meet the author

Howard Poston is a copywriter, author, and course developer with experience in cybersecurity and blockchain security, cryptography, and malware analysis. He has an MS in Cyber Operations, a decade of experience in cybersecurity, and over five years of experience as a freelance consultant providing training and content creation for cyber and blockchain security. He is also the creator of over a dozen cybersecurity courses, has authored two books, and has spoken at numerous cybersecurity conferences. He can be reached by email at howard@howardposton.com or via his website at https://www.howardposton.com.

The details

Learning path insights

How to claim CPEs

Should you complete this learning path, you’ll be able to download a certificate of completion. Use this to claim your CPEs or CPUs.

Associated NICE Work Roles

All Infosec training maps directly to the NICE Workforce Framework for Cybersecurity to guide you from beginner to expert across 52 Work Roles.

  • All-Source Analyst
  • Mission Assessment Specialist
  • Exploitation Analyst

No software. No set up. Unlimited access.

Skip the server racks and spin up a realistic environment with one click. Infosec Skills cyber ranges require no additional software, hardware or server space so your team can spend less time configuring environments and more time learning. Unlimited cyber range access is included in every Infosec Skills subscription so your team can skill up however they learn best.

Plans & pricing

Infosec Skills Personal

$299 / year

  • 190+ role-guided learning paths (e.g., Ethical Hacking, Threat Hunting)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Custom certification practice exams (e.g., CISSP, Security+)
  • Skill assessments
  • Infosec peer community support

Infosec Skills Teams

$799 per license / year

  • Team administration and reporting
  • Dedicated client success manager
  • Single sign-on (SSO)
    Easily authenticate and manage your learners by connecting to any identity provider that supports the SAML 2.0 standard.
  • Integrations via API
    Retrieve training performance and engagement metrics and integrate learner data into your existing LMS or HRS.
  • 190+ role-guided learning paths and assessments (e.g., Incident Response)
  • 100s of hands-on labs in cloud-hosted cyber ranges
  • Create and assign custom learning paths
  • Custom certification practice exams (e.g., CISSP, CISA)
  • Optional upgrade: Guarantee team certification with live boot camps

Unlock 7 days of free training

  • 1,400+ hands-on courses and labs
  • Certification practice exams
  • Skill assessments