Hasso-Plattner-Institut25 Jahre HPI
Hasso-Plattner-Institut25 Jahre HPI
 

"Räuber und Gendarm" (CTF-Szenarien) (Sommersemester 2009)

Dozent: Prof. Dr. Christoph Meinel (Internet-Technologien und -Systeme)
Tutoren: Christian Willems Dr. Feng Cheng

Allgemeine Information

  • Semesterwochenstunden: 4
  • ECTS: 6
  • Benotet: Ja
  • Einschreibefrist: 27.04.2009
  • Lehrform:
  • Belegungsart: Wahlpflichtmodul

Studiengänge

  • IT-Systems Engineering BA

Beschreibung

This experimental project seminar is about advanced techniques in practical system and networking security.

We will have two teams defeating each other or the tutoring team within three challenges - with changing roles either as an attacker or defender of a target IT system.

For each challenge, the teams will have 4 weeks to prepare their arms: setting up a secure system (under given constraints) for the defenders, choosing and testing recon and penetration tools for the attackers. After preparation, the teams will fight out a supervised Capture-the-Flag contest.

Topics for the challenges:

  1. Network Security
  2. Web- and Application Security
  3. The whole bunch

Voraussetzungen

Good knowledge in

  • networking technologies (TCP/IP stack, ...)
  • operating systems (memory management, ...)

Very good knowledge in security basics (i.e. lecture on Internet Security - Weaknesses and Targets)

This seminar has a limited number of participants! Up to 10 students can apply!

Leistungserfassung

  • Groupwise presentation after each challenge
  • Individual written report (<5 pages) from every student after every challenge: reflect, what they have done/learned from that phase
  • Intensive collaboration and discussion within the teams and challenges

Termine

(last update on October 06, 2009)

  • 20.04.09: First session, topic presentation
  • 27.04.09:Subscription deadline
  • 27.04.09:
    • Team building
    • Challenge 1: Network Security -- Requirement Lists
  • 04.05.09: Challenge 1: Attacker Team Meeting: Attack tools
  • 06.05.09: Challenge 1: Defender Team Meeting: Defending Ideas
  • 11.05.09: Challenge 1: Attacker Team Meeting: Attacking path
  • 12.05.09: Challenge 1: Defender Team Meeting: Defending Architecture
  • 15.05.09: Challenge 1: 
    • Defender Team Meeting: Defending Architecture 
    • Information released to Attacker (per email around CET 19 pm)
  • 22.05.09: Challenge 1:
    • Defender team Deadline for Delivery of Defending network  (CET 9 am)
    • Distribution of life show regulations (per email around 19 pm) 
  • 25.05.09:Challenge 1: Live Show
  • 01.06.09:
    • Challenge 1: Deadline for Report Submission (CET 15 pm)
    • Challenge 2: Web and Application Security -- Requirement Lists
  • 08.06.09:
    • Challenge 1: Presentation
    • Challenge 2: General Discussion, Source Codes provided to Defender Team.
  • 15.06.09:
    • 15.06.09: Challenge 2: General Discussion Defender Team
    • 17.06.09: Challenge 2: General Discussion Attacker Team
  • 22.06.09:
    • Challenge 2: General Discussion
    • Information provided to Attacker Team
  • 26.06.09:
    • Defender team Deadline for Delivery of Defending architecture (CET 9 am)
    • Distribution of life show regulations (per email around 19 pm)
  • 29.06.09: Challenge 2: Live Show
  • 06.07.09:
    • Challenge 2: Deadline for Report Submission (CET 15 pm)
    • Challenge 3: Introduction and Research Recommendations
  • 13.07.09: Challenge 2: Presentation
  • 20.07.09: Challenge 3: Live Show
  • 24.07.09: Challenge 3: Deadline for Submission of exploits source code and report (CET 15 pm)
  • Sep 09: Presentation (FG-Meinel Research Seminar, no-mandatory)

Zurück