Hasso-Plattner-InstitutSDG am HPI
Hasso-Plattner-InstitutDSG am HPI

Cops and Robbers (Sommersemester 2014)

Dozent: Prof. Dr. Christoph Meinel (Internet-Technologien und -Systeme) , Dr. Feng Cheng (Internet-Technologien und -Systeme)

Allgemeine Information

  • Semesterwochenstunden: 4
  • ECTS: 6
  • Benotet: Ja
  • Einschreibefrist: 1.4.2014 - 28.4.2014
  • Lehrform: Projektseminar
  • Belegungsart: Wahlpflichtmodul
  • Maximale Teilnehmerzahl: 10

Studiengänge, Modulgruppen & Module

IT-Systems Engineering BA


(last update: 01.09.2014)

This experimental project seminar is about advanced techniques in practical system and networking security.

We will have two teams defeating each other or the tutoring team within four challenges - with changing roles either as an attacker or defender of a target IT system.

For each challenge, the teams will have 2-4 weeks to prepare their arms: setting up a secure system (under given constraints) for the defenders, choosing and testing recon and penetration tools for the attackers. After preparation, the teams will fight out a supervised Capture-the-Flag contest.

Topics for the challenges:

  • 0. Preliminary Impression 
  • 1. System- and Network Security
  • 2. Web- and Service/Application Security
  • 3. The whole bunch

Important Notice: We are NOT guiding you for hacking and participation in this seminar could NOT be an excuse for any kinds of your malicious actions towards unauthorized resources over Internet!!!


Good knowledge in

  • networking technologies (TCP/IP stack, ...)
  • operating systems (memory management, ...)

Very good knowledge in security basics (i.e., lecture on Internet Security - Weaknesses and Targets)

  • Only 10 participants will be accepted for this seminar.
  • If you got interest while seeing this page, please do not wait and just drop an email to Feng to show your interest and then come to the first session on April 11 2014 in H E.51.
  • The invitation email will be sent to the selected participant after the first session. Frau Pamperin will accept the subscription of the selected participants on the list. Please do not directly subscribe by her.


  • William R. Cheswick, Steven M. Bellovin, “Firewalls and Internet Security</b>”, second Edition,&nbsp;Addison-Wesley, 2003.</li>
  • Andrew S. Tanenbaum, &quot;<link />Computer Networks</b>&quot;, fourth edition, Prentice Hall PTR,&nbsp;2003.&nbsp;</li>
  • Charlie Kaufman, Radia Perlman, and&nbsp;Mike Speciner. &quot;<link />Network Security: Private Communication in a Public World</b>&quot;, second Edition, Prentice Hall PTR, 2002.</li>
  • Dafydd Stuttard, Marcus Pinto, &quot;<span id="btAsinTitle"><link ref="sr_1_1?ie=UTF8&amp;s=books-intl-de&amp;qid=1223376935&amp;sr=8-1">The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws</b>&quot;,&nbsp; Wiley &amp; Sons, 2007.</li>
  • Interesting Websites: <a rel="nofollow" target="_blank" href="http://www.phrack.org/" class="external text" title="http://www.phrack.org/">Phrack Magazine</b>, <link />Metasploit</b>, <link />THC</b>,&nbsp;<link />openPGP</b>, <link />nmap</b>, ... </li>


  • Team presentation/report after each challenge
  • Individual technical Presentation (15-20 mins) on a selected topic
  • Intensive collaboration and discussion within the teams and challenges

Topic List for Individual Presentations


  • 11.04.2014
    • Introductory Session (13:30 pm, H E.51) 
    • Team Building
  • till 15.04.2014 Subscription and selection of individual research topic
  • 25.04.2014 Challenge 0 (13:30 pm - 17:00 pm, H E.51)
  • 02.05.2014 Presentation of Challenge 0
  • 23.05.2014 Challenge 1 (13:30 pm - 17:00 pm, H E.51)
  • 30.05.2014 Presentation of Challenge 1
  • 20.06.2014 Challenge 2 (13:30 pm - 17:00 pm, H E.51)
  • 27.06.2014 Presentation of Challenge 2
  • 04.07.2014 Challenge 3 (13:30 pm - 17:00 pm, H E.51)
  • 15.07.2014 Individual Presentation / Seminar BBQ (13:30 pm - 17:00 pm, H E.51)
  • 31.07.2014 Deadline for Report of Challenge 3