SANS Penetration Testing

A Most Enigmatic Adventure

Care for a little adventure story? How about one that is rooted in the history of cryptography, involves an elaborate hack that saved millions of lives, and features a bizarre twist with brain juice at the end? We have just the tale for you, and it's all a true story.

Back in August 2012, Josh Wright and I (Ed Skoudis) fulfilled a dream that was two years in the making: a trip to purchase a genuine Enigma machine. As most of our readers know, the German military used the Enigma machine during World War II to encrypt messages transmitted via telegraph. Through amazing research and crypto-analytic breakthroughs, Polish, British, and American researchers were able to crack the Enigma machine, pioneering techniques that are still applied today in attacking cryptosystems. According to Winston Churchill, this breakthrough shortened the war in Europe by at least two years, saving millions of lives.

Josh and I wrote the following presentation to briefly describe Enigma cryptography, discuss the historical importance of cracking it, and to share details of our adventure in obtaining a real Enigma machine. We were originally going to title our presentation "Sk0d0 & Josh Buy an Enigma," and present it in the style of that classic of Western Civilization, "Harold and Kumar Go To White Castle." But, that strange day, August 16, 2012, something happened that caused us to change the title of the talk. Without further adieu, here is the slide deck from our talk (click on the image below to see the whole slide deck):

We put together a little movie trailer about our adventure. Click below to view the movie trailer.

We also did a movie poster based on the original title of the planned adventure. That poster is here:

If you'd like to see Josh and me present this talk, we did film its debut at SANS Network Security 2012 in September in Caesar's Palace in Las Vegas. The film quality and audio is a little rough at spots, but you can watch the whole recorded presentation by clicking on this image:

There is one final point we'd like to emphasize. The Enigma machine for us is a symbol of something pretty big and pretty profound in our lives. In the penetration testing business, we hack for a living. In our classes (such as SANS SEC560 on Network Penetration Testing & Ethical Hacking and SANS SEC575 on Mobile Device Security & Ethical Hacking) and our projects such as NetWars and CyberCity, we analyze how to hack a variety of different kinds of computers, networks, and other infrastructures. The Enigma machine represents for us a flawed technology, whose owners and operators (the Nazis) were over confident in its security. Brilliant people worked super hard to hack that technology, and in the process helped defeat a profoundly evil regime and save millions of lives. The Enigma is important because its unforeseen weaknesses allowed incredible people to hack it to the world a better place. In our work as security professionals, we should strive for that goal, to have our work used to help make the world a better place.

-Ed Skoudis
SANS Fellow


Posted April 15, 2013 at 10:14 PM | Permalink | Reply

Roxana Grubbs

I love this stuff! Steganography is pretty interesting as well. When does the movie come out? Would love to see it. Keep up the awesome work you guys.

Posted April 16, 2013 at 12:17 AM | Permalink | Reply

Ed Skoudis

Thank you, Roxana. We are really, really thankful for the opportunity to do this kind of work, and to be able to have a little piece of such an incredible history. It's humbling.

Posted April 16, 2013 at 2:25 PM | Permalink | Reply

Tom Heffron

Excellent! Sorry I missed your presentation in Orlando. Thanks for making it available.

Posted April 20, 2013 at 2:58 PM | Permalink | Reply

Russell Eubanks

This is really good material. Humor sure makes the crypto go down smoother.

Post a Comment


* Indicates a required field.