Hasso-Plattner-Institut
Dr. Jiska Classen
 

Summer 2024

iOS and Android Internals (Seminar, 3 ECTS, MSc)

On two weekends, you'll learn hands-on iOS and Android reverse engineering with various practical exercises. Only take this course if you're not afraid of command lines and like programming, because this is what you'll do here! After the two weekends, your task is to create CTF-style mobile security challenges for an even more hands-on experience. Grading is based on the challenges you create.

Please contact Jiska before (until end of February) if you're interested in a Master's thesis during the summer term. You can use the knowledge gained during these exercises as a great start into mobile security research within my group. In case you don't need the credit points any more, you don't need to create CTF-style challenges but can get a certificate of participation.

Save the date: April 12-14 and April 26-28.

Limited seats available, as you'll all get a jailbroken iPhone for the exercises.

Recent Topics in Cybersecurity (Lecture Series, 6 ECTS, BSc) & Advanced Recent Topics in Cybersecurity (Lecture Series, 6 ECTS, MSc)

In this lecture series, you'll learn about recent hot topics from cybersecurity experts. The list of topics is not complete yet but will likely cover fields like hardware security (CPU side channels, fault injection, ...), firmware and software security (rehosting, fuzzing, ...), analysis of in-the-wild 0-days (from building your own analysis toolchain to malware analysis and forensics), penetration testing and more. Topics and speakers will be announced once finalized. Stay tuned, there'll be some awesome guest speakers whose names you know from the top cybersecurity conferences.

During the lecture series, you'll summarize the lectures as mini papers (1-2 pages) and review them. This will follow the scheme of anonymous peer review in academic conferences. You'll practice your academic writing and can use these summaries to learn for the exam. Writing (MSc) and reviewing (BSc) these papers will be required to attend the final exam.

In parallel to visiting the lecture for credit points, you can also help as SHK with the lecture. Please contact Jiska if you're looking for a student assistant job.

Winter 2023/24

Mobile Security (Lecture, 6 ECTS, MSc)

This lecture covers mobile security on an application and system level, with many hands-on exercises. Students will learn state-of-the-art security concepts for both, iOS and Android, and will be able to perform security testing of mobile apps, mobile malware analysis, as well as testing security-critical components within mobile operating systems. Grading is based on exercises and the final exam.

The course catalogue contains further details.

Reverse Engineering for Security Analysis (Project seminar, 6 ECTS, MSc)

In this project, Master students will get a short introduction on reverse engineering. From then on, they can work on individual projects in small groups with the goal to reverse engineer real-world software to uncover and report security vulneabilities. Safe harbour policies of leading vendors allow reverse engineering, enabling students to work on impactful projects.

The course catalogue contains further details.

Open-Source Fuzzing (Project seminar, 6 ECTS, BSc)

In this project, Bachelor students will get a short introduction to fuzzing. Similar to the reverse engineering project, they will work on individual projects in small groups. They can choose to fuzz a software that is already open-source — or join a reverse-engineering group to fuzz interesting interfaces that they discovered. Discovered vulnerabilities will be disclosed to the vendors, thereby improving security of open-source software projects.

The course catalogue contains further details.