diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/CREDIT.md b/docs/workshop/5-snake-oil-crypto/hands-on-support/CREDIT.md
new file mode 100644
index 0000000..d6ae89d
--- /dev/null
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/CREDIT.md
@@ -0,0 +1,4 @@
+* Parts of this material (the keys) has been borrowed to Sjoerd Langkemper
+https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/
+* Some Algorithms were borrowed from Daniel J. Bersntein's website:
+http://facthacks.cr.yp.to/fermat.html
diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/fermat.sage b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/fermat.sage
new file mode 100644
index 0000000..843a7e9
--- /dev/null
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/fermat.sage
@@ -0,0 +1,22 @@
+def fermatfactor(N):
+  if N <= 0: return [N]
+  if is_even(N): return [2,N/2]
+  a = ceil(sqrt(N))
+  while not is_square(a^2-N):
+    a = a + 1
+  b = sqrt(a^2-N)
+  return [a - b,a + b]
+
+# Very CloseQP
+#n = 112421669060399956986367421471522274763620630713869928275575801768805742928429125845443925273931224902361917953532406156094313050840872610487333863447808074966477755274534568334940704111115937296330388429409569440785006316555673801318745308608773691570316883074174605863734103561500162053873040254255024422007
+
+# Not so ClosePQ
+n = 490963276439300163974358078751564966935647623573945092674153919631095106803113960790445734183657340544356961673814947178422179864580766235512590323915826448266616741533232891220025698071647988317789125525821000237672311769577294966790885260094640627513288213434253048131773244591800441567386069459534350419701 
+
+print("n = {}".format(n))
+
+p, q = fermatfactor(n)
+
+print("p = {}".format(p))
+print("q = {}".format(q))
+print("p * q = {}".format(p * q))
diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/fermat.sage.py b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/fermat.sage.py
new file mode 100644
index 0000000..b712943
--- /dev/null
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/fermat.sage.py
@@ -0,0 +1,29 @@
+
+
+# This file was *autogenerated* from the file fermat.sage
+from sage.all_cmdline import *   # import sage library
+
+_sage_const_0 = Integer(0); _sage_const_2 = Integer(2); _sage_const_1 = Integer(1); _sage_const_490963276439300163974358078751564966935647623573945092674153919631095106803113960790445734183657340544356961673814947178422179864580766235512590323915826448266616741533232891220025698071647988317789125525821000237672311769577294966790885260094640627513288213434253048131773244591800441567386069459534350419701 = Integer(490963276439300163974358078751564966935647623573945092674153919631095106803113960790445734183657340544356961673814947178422179864580766235512590323915826448266616741533232891220025698071647988317789125525821000237672311769577294966790885260094640627513288213434253048131773244591800441567386069459534350419701)
+def fermatfactor(N):
+  if N <= _sage_const_0 : return [N]
+  if is_even(N): return [_sage_const_2 ,N/_sage_const_2 ]
+  a = ceil(sqrt(N))
+  while not is_square(a**_sage_const_2 -N):
+    a = a + _sage_const_1 
+  b = sqrt(a**_sage_const_2 -N)
+  return [a - b,a + b]
+
+# Very CloseQP
+#n = 112421669060399956986367421471522274763620630713869928275575801768805742928429125845443925273931224902361917953532406156094313050840872610487333863447808074966477755274534568334940704111115937296330388429409569440785006316555673801318745308608773691570316883074174605863734103561500162053873040254255024422007
+
+# Not so ClosePQ
+n = _sage_const_490963276439300163974358078751564966935647623573945092674153919631095106803113960790445734183657340544356961673814947178422179864580766235512590323915826448266616741533232891220025698071647988317789125525821000237672311769577294966790885260094640627513288213434253048131773244591800441567386069459534350419701  
+
+print("n = {}".format(n))
+
+p, q = fermatfactor(n)
+
+print("p = {}".format(p))
+print("q = {}".format(q))
+print("p * q = {}".format(p * q))
+
diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/getModulusBase10.sh b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/getModulusBase10.sh
new file mode 100755
index 0000000..73f5f7f
--- /dev/null
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/answers/getModulusBase10.sh
@@ -0,0 +1,2 @@
+#!/bin/bash
+openssl rsa -in $1 -pubin -modulus -noout | awk '{print substr($1 ,9)}' | xargs -I {} echo 'ibase=16; {}' | bc | tr -d '\\\n' 
diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/notsoclosepq.pem b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/notsoclosepq.pem
new file mode 100644
index 0000000..58c132d
--- /dev/null
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/notsoclosepq.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQK7J6hkZs8eu5gmwWk7oK2IEtDt
+zEeWixZ1JS2F2ISZeR5gy3THt7dtesDCIkXse3cFe+HURmct9B7wUob65GG1gTI1
+jLEBtb1/Da0R9suVXn2ef42SIZLR+dW+uUf8iQUkxB4z8OM/9d/lb/wxW3JZogke
+jcysnFAJBVkHqWCG9QIDAQAB
+-----END PUBLIC KEY-----
diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/veryclosepq.pem b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/veryclosepq.pem
new file mode 100644
index 0000000..a16677b
--- /dev/null
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/ClosePQ/veryclosepq.pem
@@ -0,0 +1,6 @@
+-----BEGIN PUBLIC KEY-----
+MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCgGAFd1hdbe7FIq14C4Zfe2ox9
+TVWB66OTQH/3IyMfH5Fm+WoUcwaxf+n2viH/aGW2LtW2iQc+kXRufwyLJHyKPZCx
+r3cyYF9s2MbUPfGb2ToySdWziGzO9CPqW5IasCwEH85XYPczMOm+h/FgBublKcXQ
+Nfe3pNQ2q2m2SJG8dwIDAQAB
+-----END PUBLIC KEY-----
diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/CREDIT.md b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/CREDIT.md
deleted file mode 100644
index aa83a95..0000000
--- a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/CREDIT.md
+++ /dev/null
@@ -1,2 +0,0 @@
-Parts of this material (the key) has been borrowed to Sjoerd Langkemper
-https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/
diff --git a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulusBase10.sh b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulusBase10.sh
index 11ddc5b..73f5f7f 100755
--- a/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulusBase10.sh
+++ b/docs/workshop/5-snake-oil-crypto/hands-on-support/SmallKey/answers/getModulusBase10.sh
@@ -1,2 +1,2 @@
 #!/bin/bash
-openssl rsa -in ../smallkey.pem -pubin -modulus -noout | awk '{print substr($1 ,9)}' | xargs -I {} echo 'ibase=16; {}' | bc 
+openssl rsa -in $1 -pubin -modulus -noout | awk '{print substr($1 ,9)}' | xargs -I {} echo 'ibase=16; {}' | bc | tr -d '\\\n' 
diff --git a/docs/workshop/5-snake-oil-crypto/soc.pdf b/docs/workshop/5-snake-oil-crypto/soc.pdf
index ce6b80b..c6f49a3 100644
Binary files a/docs/workshop/5-snake-oil-crypto/soc.pdf and b/docs/workshop/5-snake-oil-crypto/soc.pdf differ
diff --git a/docs/workshop/5-snake-oil-crypto/soc.tex b/docs/workshop/5-snake-oil-crypto/soc.tex
index 9027fd5..28ca744 100644
--- a/docs/workshop/5-snake-oil-crypto/soc.tex
+++ b/docs/workshop/5-snake-oil-crypto/soc.tex
@@ -28,10 +28,13 @@
 
         \begin{itemize}
           \item Cryptography 101,
-          \item Cryptography and Network captures,
+          \item Encryption an Law Enforcement,
+          \item Use-Case: RSA,
+          \item First Hands-on: Understanding RSA,
+          \item Snake-Oil-Crypto: a primer,
+          \item Second Hands-on: RSA in Snake-Oil-Crypto,
           \item D4 passiveSSL Collection,
-          \item Leveraging OpenPGP metedata,
-          \item Checking for weak crypto.
+          \item Interactions with MISP.
         \end{itemize}
 
 \end{frame}
@@ -444,21 +447,25 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.''
   \begin{itemize}
     \item Key size too small: keys up to 1024 bits are breakable given the
       right means,
-    \item  
-    \item
-    \item
-    \item
+    \item close p and q,
+    \item unsafe primes, smooth primes,
+    \item broken primes (FactorDB, Debian OpenSSL bug).
   \end{itemize}
 
 \end{frame}
 
-
 \begin{frame}
-  \frametitle{With a bunch of  keys}
+  \frametitle{With a set of  keys}
+  Several potential weaknesses:
+  \begin{itemize}
+   \item share moduli: if n1 = n2 then the keys share p and q,
+   \item share p or q,
+  \end{itemize}
+ \vspace{10mm}
+  {\bf In both case, it is trivial to recover the private keys.}
+
 \end{frame}
 
-
-
 \begin{frame}
   \begin{center}
     {\bf Hands-on: Exploiting Weaknesses in RSA}
@@ -470,7 +477,7 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.''
 \end{frame}
 
 \begin{frame}[fragile]
-  \frametitle{Breaking small keys}
+  \frametitle{Breaking small keys\footnote{https://www.sjoerdlangkemper.nl/2019/06/19/attacking-rsa/}}
   \begin{itemize}
   \item Go into:
 
@@ -487,36 +494,45 @@ plaintext, $P_2$ , is related to $P_1$ in a meaningful way.''
   \end{itemize}
 
   \vspace{8mm}
-  {\bf Let's generate the private key.}
+  {\bf Let's generate the private key: }using p, then using q.
   
 \end{frame}
 
+\begin{frame}[fragile]
+  \frametitle{Close Prime Factors}
+  \begin{itemize}
+  \item Go into:
+\begin{lstlisting}
+~/ClosePQ
+\end{lstlisting}
 
-\begin{frame}
-  \frametitle{Using Snake-Oil-Crypto}
+   \item use Fermat Algorithm\footnote{\url{http://facthacks.cr.yp.to/fermat.html}} to find {\bf both p and q:}
+
+\begin{lstlisting}
+def fermatfactor(N):
+  if N <= 0: return [N]
+  if is_even(N): return [2,N/2]
+  a = ceil(sqrt(N))
+  while not is_square(a^2-N):
+    a = a + 1
+  b = sqrt(a^2-N)
+  return [a - b,a + b]
+\end{lstlisting}
+
+  \end{itemize}
+ 
 \end{frame}
 
 
 
-
-
-
-
 \begin{frame}
-  \begin{center}
-    {\bf D4 passiveSSL Collection}
-  \end{center}
+  \frametitle{Shared prime factors}
 \end{frame}
 
 \begin{frame}
   \begin{center}
-    {\bf Leveraging OpenPGP metedata}
-  \end{center}
-\end{frame}
-
-\begin{frame}
-  \begin{center}
-    {\bf Checking for weak crypto}
+    {\bf Hands-on: Exploiting Weaknesses in RSA}\\
+    {\bf -- at bigger scale --}\\
   \end{center}
 \end{frame}
 
@@ -653,6 +669,26 @@ Given n=pq and n' = pq' it is trivial to recover the shared p by computing their
 \end{frame}
 
 
+\begin{frame}
+  \frametitle{PassiveSSL}
+\end{frame}
+
+\begin{frame}
+  \frametitle{Using Snake-Oil-Crypto}
+\end{frame}
+
+\begin{frame}
+  \begin{center}
+    {\bf Leveraging OpenPGP metedata}
+  \end{center}
+\end{frame}
+
+\begin{frame}
+  \begin{center}
+    {\bf Checking for weak crypto}
+  \end{center}
+\end{frame}
+
 
 \begin{frame}
 \frametitle{Get in touch if you want to join/support the project, host a passive ssl sensor or contribute}
@@ -663,6 +699,8 @@ Given n=pq and n' = pq' it is trivial to recover the shared p by computing their
 \end{itemize}
 \end{frame}
 
+
+
 \nocite{*} 
 \begin{frame}[allowframebreaks]
         \frametitle{References}