Cops and Robbers (Sommersemester 2013)
Dozent:
Prof. Dr. Christoph Meinel
(Internet-Technologien und -Systeme)
,
Prof. Dr. Christoph Meinel
(Internet-Technologien und -Systeme)
Allgemeine Information
- Semesterwochenstunden: 4
- ECTS: 6
- Benotet:
Ja
- Einschreibefrist: 10.2.2013 - 30.4.2013
- Lehrform: Projektseminar
- Belegungsart: Wahlpflichtmodul
Studiengänge, Modulgruppen & Module
- Internet & Security Technology
- Operating Systems & Information Systems Technology
- Software Architecture & Modeling Technology
Beschreibung
(last update: 28.04.2013)
This experimental project seminar is about advanced techniques in practical system and networking security.
We will have two teams defeating each other or the tutoring team within four challenges - with changing roles either as an attacker or defender of a target IT system.
For each challenge, the teams will have 2-4 weeks to prepare their arms: setting up a secure system (under given constraints) for the defenders, choosing and testing recon and penetration tools for the attackers. After preparation, the teams will fight out a supervised Capture-the-Flag contest.
Topics for the challenges:
- 0. Preliminary Impression
- 1. System- and Network Security
- 2. Web- and Service/Application Security
- 3. The whole bunch
Important Notice: We are NOT guiding you for hacking and participation in this seminar could NOT be an excuse for any kinds of your malicious actions towards unauthorized resources over Internet!!!
Voraussetzungen
- Good knowledge in
- networking technologies (TCP/IP stack, ...)
- operating systems (memory management, ...)
Very good knowledge in security basics (i.e., lecture on Internet Security - Weaknesses and Targets)
- Only 10 participants will be accepted for this seminar.
- If you got interest while seeing this page, please do not wait and just drop an email to Feng to show your interest and then come to the first session on April 12.
- The invitation email will be sent to the selected participant after the first session. Frau Pamperin will accept the subscription of the selected participants o the list. Please do not directly subscribe by her.
Literatur
- William R. Cheswick, Steven M. Bellovin, “Firewalls and Internet Security”, second Edition, Addison-Wesley, 2003.
- Andrew S. Tanenbaum, "Computer Networks", fourth edition, Prentice Hall PTR, 2003.
- Charlie Kaufman, Radia Perlman, and Mike Speciner. "Network Security: Private Communication in a Public World", second Edition, Prentice Hall PTR, 2002.
- Dafydd Stuttard, Marcus Pinto, "The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws", Wiley & Sons, 2007.
- Interesting Websites: Phrack Magazine, Metasploit, THC, openPGP, nmap, ...
Leistungserfassung
- Team presentation/report after each challenge
- Individual technical Presentation (15-20 mins) on a selected topic
- Intensive collaboration and discussion within the teams and challenges
Topic List for Individual Presentations
- Fuzzing Techniques: Tools, Methods & Examples (Sven)
- Computer Forensics: Tools, Methods & Examples (Timo)
- Security Issues of Social Websites (Tim)
- Rootkits and Malware (Sebastian)
- Honeypot: Tools, Methods, & Examples (Fabio)
- Attacks on Router, Switch, and WLAN Access Point (Daniel)
- Taint-Analysis: Tools, Methods & Examples (Georg)
- New Attacks on Smartphone (Johannes)
- Reverse-Engineering: Tools, Methods & Examples
- Capture the Flag: Organization and Planning
- Penetration Testing and Accountability
- Security Issues of Virtualization
- Privacy Issues in the Cloud
- Recovery: HW, SW, Data
- Side channel attacks
- Electronic fraud
- SIEM solutions
- ......
Termine
- 12.04.2013 Introductory Session (13:30 pm, HE.52)
- 15.04.2013 Invitation Email and Subscription Deadline
- 19.04.2013 Team Building, Initial Research Topics, and Kick-off Challenge 0
- 22.-26.04.2013 Live-Show Week: Challenge 0
- Friday (13:30-17 pm, H-E.52): Live-Challenge Session
- 29.04.2013 (from 13 pm, H-1.13): Kick-Off Challenge 1 (requirement-list pick-up)
- 03.05.2013 Presentation Session: Challenge 0
- 20.-24.05.2013 Live-Show Week: Challenge 1
- Monday (before 18 pm): Scenario Delivery
- Tuesday (16 pm, H-1.13): Meeting of Defender Team and Tutors
- Thursday (16 pm, H-1 Tele-Board Area): Cops and Robbers Court
- Thursday (18 pm): Release of the live-challenge rules
- Friday (13-17 pm, H-E.52): Live-Challenge Session
- 27.05.2013 (from 13 pm, H-1.13): Kick-Off Challenge 2 (requirement-list pick-up)
- 31.05.2013 Presentation Session: Challenge 1 (postponed to June 11: fg-meinel research seminar )
- 17.-21.06.2013 Live-Show Week: Challenge 2
- Monday (before 18 pm): Scenario Delivery
- Tuesday (16 pm, H-1.13): Meeting of Defender Team and Tutors
- Thursday (16 pm, H-1 Tele-Board Area): Cops and Robbers Court
- Thursday (18 pm): Release of the live-challenge rules
- Friday (13-17, H-E.52): Live-Challenge Session
- Friday (17:10 pm): Kick-Off Challenge 3 (no requirement-list)
- 28.06.2013 Presentation Session: Challenge 2
- 01.-08.07.2013 Live-Show Week: Challenge 3
- Friday (12-13pm, H-1 Tele-Board Area): Cops and Robbers Court
- Monday (13-17, H-E.5): Live-Challenge Session
- 02.08.2013
- Report: Challenge 3
- 13:30-17:00 Individiual Presentation Session
- 17:00-19:00 Seminar BBQ
Zurück