diff --git a/crypto.koans/README.md b/crypto.koans/README.md
new file mode 100644
index 0000000..69c1dee
--- /dev/null
+++ b/crypto.koans/README.md
@@ -0,0 +1,7 @@
+# crypto.koans
+
+See https://github.captnemo.in/crypto.koans for more details.
+
+Slides are generated using marp
+
+`npx @marp-team/marp-cli slides.md -o index.html`
diff --git a/crypto.koans/slides.md b/crypto.koans/slides.md
new file mode 100644
index 0000000..b005512
--- /dev/null
+++ b/crypto.koans/slides.md
@@ -0,0 +1,396 @@
+---
+theme: default
+paginate: true
+footer: Razorpay
+---
+
+# Practical Cryptography
+
+# Requirements
+
+- `openssl version` (1.1.1a)
+- `curl --version` (7.64.0)
+- `php --version` (7.3.2)
+- `php -m |grep -e openssl -e curl`
+- `composer --version` (See ) (1.8.4)
+- `docker --version` (18.09.2-ce)
+- `libtasn` (`brew install libtasn1`) (4.13)
+
+---
+
+# Practical PKI
+
+[_nemo_](nemo@razorpay.com)
+
+---
+
+
+
+# Why
+
+---
+
+# Objectives
+
+- Get familiar with Crypto primitives
+- Hands-on with
+ - OpenSSL
+ - TLS
+ - Curl
+
+---
+
+# Non-Goals
+
+- Understanding all Crypto-Attacks (we'll discuss a couple)
+- Elliptic Curve Crypto
+- crypto-currencies :money_mouth_face:
+- Math
+- Intermediate Certs
+- Cert Revocation
+
+---
+
+# Requirements
+
+- `openssl version` (1.1.1a)
+- `curl --version` (7.64.0)
+- `php --version` (7.3.2)
+- `php -m |grep -e openssl -e curl`
+- `composer --version` (See ) (1.8.4)
+- `docker --version` (18.09.2-ce)
+- `libtasn` (`brew install libtasn1`) (4.13)
+
+---
+
+# Setup
+
+1. Have a browser open with Google (Lots of googling needed for this)
+2. `git clone git@github.com/captn3m0/crypto.koans.git && cd crypto.koans`
+3. `composer install`
+
+---
+
+# Koans 💃
+
+---
+
+# **koan**
+
+_noun_, **plural ko·ans, ko·an.** _Zen._
+
+1. a nonsensical or paradoxical question to a student for which an answer is demanded, the stress of meditation on the question often being illuminating.
+
+---
+
+# What is the colour of wind?
+
+---
+
+## Ruby 💎
+
+```
+ruby path_to_enlightenment.rb
+
+Thinking AboutAsserts
+test_assert_truth has damaged your karma.
+
+You have not yet reached enlightenment ...
+ is not true.
+
+Please meditate on the following code:
+./about_asserts.rb:10:in `test_assert_truth'
+path_to_enlightenment.rb:27
+
+mountains are merely mountains
+```
+
+---
+
+```ruby
+ # We shall contemplate truth by testing reality, via asserts.
+def test_assert_truth
+ assert false # This should be true
+end
+```
+
+---
+
+# tl;dr
+
+1. Run tests
+2. Why is the test failing? (`koans/files` directories)
+3. Get it to pass
+
+👌🏼 Don't Cheat
+
+- ❗ Means you must do something here
+- Keep a solutions.md file listing down commands as you run them
+
+---
+
+# Setup
+
+1. Have a browser open with Google (Lots of googling needed for this)
+2. `git clone git@github.com/captn3m0/crypto.koans.git && cd crypto.koans`
+3. `composer install`
+4. `vendor/bin/phpunit`
+5. `man openssl`, `man curl`
+
+🧘♀️🧘♂️
+
+---
+
+# `vendor/bin/phpunit`
+
+---
+
+# `OpensslKeyGenerationKoans.php`
+
+`vendor/bin/phpunit --filter BOpensslKeyGenerationKoans`
+
+## Questions❓
+
+---
+
+# `FileFormatKoans.php`
+
+`vendor/bin/phpunit --filter CFileFormatKoans`
+
+## Questions❓
+
+- What is PEM vs DER?
+
+---
+
+# Theory Break 1
+
+- Keys
+- Certificates
+- Signatures
+
+---
+
+# `CA Certificates`
+
+`vendor/bin/phpunit --filter DCaCertificateKoans.php`
+
+---
+
+# Generate A CA Certificate
+
+---
+
+# testCaCertificateExists
+
+```haskell
+openssl req -x509
+-newkey rsa:1024
+-keyout files/ca.key
+-nodes
+-out files/ca.pem
+-subj '/CN=crypto.koans.invalid'
+```
+
+---
+
+# Generate a Certificate Signing Request
+
+---
+
+# Generate a Certificate Signing Request
+
+```haskell
+openssl req -new
+-key files/1.key
+-subj '/CN=server.crypto.koans.invalid'
+-out files/1.csr
+```
+
+---
+
+# Sign your CSR with your CA
+
+---
+
+# Sign your CSR with your CA
+
+```haskell
+openssl x509 -req
+-in files/1.csr
+-CA files/ca.pem
+-CAkey files/ca.key
+-CAcreateserial
+-out files/1.crt
+```
+
+---
+
+# What can a Certificate Do?
+
+---
+
+# What can a Certificate Do?
+
+```perl
+openssl x509
+-in google.pem
+-purpose
+-noout #Remove this and retry
+```
+
+---
+
+# Generate a Client Certificate
+
+---
+
+# Generate a Client Certificate
+
+## Step 1
+
+```bash
+printf "extendedKeyUsage=clientAuth\nkeyUsage=digitalSignature" > client.cnf
+```
+
+---
+
+# Generate a Client Certificate
+
+## Step 2
+
+```bash
+# As Alice
+openssl req -subj '/CN=alice.crypto.koans'
+-key files/client.key
+-new
+-out files/client.csr
+# As Bob
+openssl x509 -req -in files/alice.csr
+-CA files/ca.pem
+-CAkey files/ca.key
+-CAcreateserial
+-extfile client.cnf
+-out files/alice.crt
+```
+
+---
+
+# Generate a Client Certificate
+
+## Step 3
+
+1. Save `alice.crt` as `client.crt`
+2. Save the CA file you received as `bob.pem`
+3. See `testClientBundleGenerated`
+
+---
+
+# Theory Break 2
+
+---
+
+# What Alice Had
+
+1. Client (`client.key`, `client.csr`)
+
+---
+
+# What Bob Had
+
+1. Client CSR (`client.csr`)
+2. CA (`ca.pem`, `ca.key`)
+
+---
+
+# What Bob Had
+
+1. Client CSR (`client.csr`, `alice.crt`)
+2. CA (`ca.pem`, `ca.key`)
+
+---
+
+# What Alice Has
+
+1. Client (`client.key`, `client.csr`, `client.crt`)
+2. Bob's CA (`bob.pem`)
+
+# What Bob Has
+
+1. Server (`1.key`, `1.csr`, `1.crt`)
+2. CA (`ca.pem`, `ca.key`)
+
+---
+
+# What Alice Has
+
+1. Client (`client.key`, `client.crt`)
+2. Bob's CA (`bob.pem`)
+
+# What Bob Has
+
+1. Server (`1.key`, `1.crt`)
+2. Bob's Own CA (`ca.pem`)
+
+---
+
+# Where we're going
+
+# :whale: :rocket:
+
+---
+
+# :whale: :one: / :two:
+
+## As Bob
+
+Bring up a server using your key (`1.key`) and certificate (`1.crt`) and allow any client signed
+by your CA (`ca.pem`) to talk to you.
+
+```bash
+docker run --volume `pwd`/files:/etc/koans
+--publish 8443:443
+captn3m0/crypto.koans
+```
+
+```
+# ssl_certificate /etc/koans/1.crt;
+# ssl_certificate_key /etc/koans/1.key;
+# ssl_client_certificate /etc/koans/ca.pem;
+# Give your WiFi IP to your partner
+```
+
+---
+
+# :whale: :two: / :two:
+
+## As Alice
+
+Use the certificate (signed by Bob) and the key
+(which only you have) to talk to Bob's server (which
+you can verify using the CA given)
+
+```bash
+curl https://server.crypto.koans.invalid:8443
+--resolve server.crypto.koans.invalid:8443:192.168.1.121
+--cert files/client.crt
+--key files/client.key
+--cacert files/bob.pem
+```
+
+```
+# /etc/hosts
+192.168.1.121 server.crypto.koans.invalid
+```
+
+---
+
+# Browser 🌍
+
+1. Import `bundle.pfx` in your browser
+2. Enable CA Usage for websites
+3. Open https://server.crypto.koans.invalid:8443