diff --git a/docs/workshop/5-snake-oil-crypto/decaping.jpg b/docs/workshop/5-snake-oil-crypto/decaping.jpg
new file mode 100644
index 0000000..29e9fac
Binary files /dev/null and b/docs/workshop/5-snake-oil-crypto/decaping.jpg differ
diff --git a/docs/workshop/5-snake-oil-crypto/degate.png b/docs/workshop/5-snake-oil-crypto/degate.png
new file mode 100644
index 0000000..738dd68
Binary files /dev/null and b/docs/workshop/5-snake-oil-crypto/degate.png differ
diff --git a/docs/workshop/5-snake-oil-crypto/faultInjection.png b/docs/workshop/5-snake-oil-crypto/faultInjection.png
new file mode 100644
index 0000000..ab8418f
Binary files /dev/null and b/docs/workshop/5-snake-oil-crypto/faultInjection.png differ
diff --git a/docs/workshop/5-snake-oil-crypto/soc.pdf b/docs/workshop/5-snake-oil-crypto/soc.pdf
index 4521383..d6e5ac1 100644
Binary files a/docs/workshop/5-snake-oil-crypto/soc.pdf and b/docs/workshop/5-snake-oil-crypto/soc.pdf differ
diff --git a/docs/workshop/5-snake-oil-crypto/soc.tex b/docs/workshop/5-snake-oil-crypto/soc.tex
index 4d871cb..b0a9f53 100644
--- a/docs/workshop/5-snake-oil-crypto/soc.tex
+++ b/docs/workshop/5-snake-oil-crypto/soc.tex
@@ -64,8 +64,7 @@
           \item {\bf Confidentiality }: Ensure the secrecy of the message except for
             the {\bf intended } recipient,
           \item {\bf Authentication }: Proving a party's identity,
-          \item {\bf Integrity }: Verifying that data transmitted were not altered in
-            the process,
+          \item {\bf Integrity }: Verifying that data transmitted were not altered,
           \item {\bf Non-repudiation }: Proving that the sender sent a given message.
         \end{itemize}
 
@@ -76,40 +75,79 @@
 
         \begin{itemize}
           \item {\bf In-transit encryption}: protects data while it is
-            transfered from one machine to another,
+            transferred from one machine to another,
           \item {\bf At-rest encryption}: protects data stored on one machine.
         \end{itemize}
 
 \end{frame}
 
-\begin{frame}
-        \frametitle{Attack Models}
-
-        \begin{itemize}
-          \item
-        \end{itemize}
-
-\end{frame}
-
 \begin{frame}
         \frametitle{Kerckhoffs's Principle}
 
-        \begin{itemize}
-          \item
-        \end{itemize}
+        \begin{quote}
+          It [cipher] should not require secrecy, and it should not be a problem if it falls into enemy hands.
+        \end{quote}
+
+        \vspace{10 mm}
+
+        { \bf There is no security in obscurity.}
 
 \end{frame}
 
 
-
-
-\begin{frame}
-        \frametitle{Security Notions}
-
+\begin{frame}[allowframebreaks]
+        \frametitle{Attackers model}
+        Black Box - Attackers may only see inputs / outputs:
         \begin{itemize}
-          \item
+          \item {\bf Ciphertext-Only Attackers (COA) :} see only the ciphertext,
+          \item {\bf Known-Plaintext Attackers (KPA):} see ciphertext and plaintext,
+          \item {\bf Chosen-Plaintext Attacker (CPA):} encrypt plaintext, and
+            see ciphertext, 
+          \item {\bf Chosen-Ciphertext Attakers (CCA):} encrypt plaintext,
+            decrypt ciphertext.
         \end{itemize}
 
+        \framebreak
+
+        Grey Box - Attackers see cipher's implementation:
+        \begin{itemize}
+          \item {\bf Side-Channel Attacks:} study the behavior of the implementation (eg. tpm-fail\cite{244048}),
+
+            \vspace{10 mm}
+
+            \begin{figure}[h!]
+              \includegraphics[width=200px]{./tpmfail.png}
+            \end{figure}
+
+        \framebreak
+
+          \item {\bf Invasive Attacks:} 
+
+            \begin{itemize}
+              \item injecting faults\cite{Matsuda2018},
+
+                \vspace{10 mm}
+
+                \begin{figure}[h!]
+                  \includegraphics[width=200px]{./faultInjection.png}
+                \end{figure}
+
+
+        \framebreak
+
+              \item decapping chips\footnote{https://siliconpr0n.org/wiki/doku.php?id=decap:start}, reverse engineering\footnote{http://siliconzoo.org}\footnote{http://degate.org}, etc.
+
+           \end{itemize}
+ 
+        \end{itemize}
+
+                \begin{figure}[h!]
+                  \includegraphics[width=.49\textwidth]{./decaping.jpg}%
+                  \hfill
+                  \includegraphics[width=.49\textwidth]{./degate.png}
+                \end{figure}
+
+
 \end{frame}
 
 \begin{frame}
@@ -172,9 +210,9 @@
           \item client (ja3),
           \item server (ja3s),
         \end{itemize}
-        \begin{displayquote}
+        \begin{quote}
         ``JA3 is a method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.''\footnote{https://github.com/salesforce/ja3}
-        \end{displayquote}
+        \end{quote}
 
          {\bf Pivot} on additional data points during Incident Response 
 \end{frame}
diff --git a/docs/workshop/5-snake-oil-crypto/tpmfail.png b/docs/workshop/5-snake-oil-crypto/tpmfail.png
new file mode 100644
index 0000000..e3b5f61
Binary files /dev/null and b/docs/workshop/5-snake-oil-crypto/tpmfail.png differ
diff --git a/docs/workshop/references.bib b/docs/workshop/references.bib
index 22ff694..3b5e2f3 100644
--- a/docs/workshop/references.bib
+++ b/docs/workshop/references.bib
@@ -7,4 +7,59 @@
   author    = {Jean-Philippe Aumasson},
 }
 
+@Book{Menezes:1996:HAC:548089,
+  title     = {Handbook of Applied Cryptography},
+  publisher = {CRC Press, Inc.},
+  year      = {1996},
+  author    = {Menezes, Alfred J. and Vanstone, Scott A. and Oorschot, Paul C. Van},
+  address   = {Boca Raton, FL, USA},
+  edition   = {1st},
+  isbn      = {0849385237},
+}
+
+@Book{Anderson:2008:SEG:1373319,
+  title     = {Security Engineering: A Guide to Building Dependable Distributed Systems},
+  publisher = {Wiley Publishing},
+  year      = {2008},
+  author    = {Anderson, Ross J.},
+  edition   = {2},
+  isbn      = {9780470068526},
+}
+
+@Book{DBLP:books/daglib/0025849,
+  title     = {Computer Security {(3.} ed.)},
+  publisher = {Wiley},
+  year      = {2011},
+  author    = {Dieter Gollmann},
+  isbn      = {978-0-470-74115-3},
+  bibsource = {dblp computer science bibliography, https://dblp.org},
+  biburl    = {https://dblp.org/rec/bib/books/daglib/0025849},
+  timestamp = {Mon, 13 Mar 2017 16:08:10 +0100},
+  url       = {http://eu.wiley.com/WileyCDA/WileyTitle/productCd-1118801326.html},
+}
+
+@Article{Matsuda2018,
+  author    = {Kohei Matsuda and Tatsuya Fujii and Natsu Shoji and Takeshi Sugawara and Kazuo Sakiyama and Yu-Ichi Hayashi and Makoto Nagata and Noriyuki Miura},
+  title     = {A 286 F2/Cell Distributed Bulk-Current Sensor and Secure Flush Code Eraser Against Laser Fault Injection Attack on Cryptographic Processor},
+  journal   = {{IEEE} Journal of Solid-State Circuits},
+  year      = {2018},
+  volume    = {53},
+  number    = {11},
+  pages     = {3174--3182},
+  month     = nov,
+  doi       = {10.1109/jssc.2018.2869142},
+  publisher = {Institute of Electrical and Electronics Engineers ({IEEE})},
+  url       = {https://doi.org/10.1109/jssc.2018.2869142},
+}
+
+@InProceedings{244048,
+  title     = {TPM-FAIL: {TPM} meets Timing and Lattice Attacks},
+  booktitle = {29th {USENIX} Security Symposium ({USENIX} Security 20)},
+  year      = {2020},
+  address   = {Boston, MA},
+  month     = aug,
+  publisher = {{USENIX} Association},
+  url       = {https://www.usenix.org/conference/usenixsecurity20/presentation/moghimi},
+}
+
 @Comment{jabref-meta: databaseType:bibtex;}