Cops & Robbers (Sommersemester 2019)

Dozent: Dr. Feng Cheng (Internet-Technologien und -Systeme)
Tutoren: Pejman Najafi

Allgemeine Information

Semesterwochenstunden: 4
ECTS: 6
Benotet: Ja
Einschreibefrist: 26.04.2019
Lehrform: Seminar / Projekt
Belegungsart: Wahlpflichtmodul
Lehrsprache: Englisch

Studiengänge, Modulgruppen & Module

IT-Systems Engineering BA

ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-G Grundlagen
ISAE: Internet, Security & Algorithm Engineering
- HPI-ISAE-V Vertiefung
OSIS: Operating Systems & Information Systems Technology
- HPI-OSIS-G Grundlagen
OSIS: Operating Systems & Information Systems Technology
- HPI-OSIS-V Vertiefung
SAMT: Software Architecture & Modeling Technology
- HPI-SAMT-G Grundlagen
SAMT: Software Architecture & Modeling Technology
- HPI-SAMT-V Vertiefung

Beschreibung

This experimental project seminar is about learning and training with the advanced techniques of practical system and network security. We will have two teams (each with about 4-5 members) defeating each other or the tutoring team within three challenges - with changing roles either as attackers or defenders of a target IT system. For each challenge, the teams will have 4 weeks to prepare their arms: setting up a secure system (under given constraints) for the defenders, choosing and testing recon and penetration tools for the attackers. After preparation, the teams will fight out a supervised Capture-the-Flag live challenge session.

Besides, each participant will select a security relevant topic, do research on it (reading and testing), and give a short presentation (15-20 mins) at the end of the seminar.

Topics for the challenges:
    1. System- and Network Security
    2. Web- and Service/Application Security
    3. The whole bunch

Topics for individual research topics (see below)

Important Notice: We are NOT guiding you for hacking and participation in this seminar could NOT be an excuse for any kinds of your malicious actions towards unauthorized resources over Internet!!!

Voraussetzungen

Good knowledge in

networking technologies (TCP/IP stack, ...)
operating systems (memory management, ...)

We are looking for good team-working players with strong interest in cyber security. If you got interested while seeing this page, please do not wait and just drop a line to Feng (feng.cheng"at"hpi.de) and then come to the first session.

Literatur

Meinel/Sack: Digital Communication Communication, Multimedia, Security, Springer, 2014 (in English)
Meinel/Sack: WWW-Kommunikation, Internetworking, Web-Technologien, Springer, Heidelberg, 2004. (in German)
Stuttard/Pinto: The Web Application Hacker's Handbook - Discovering and exploiting security holes
Koziol/Litchfield/Aitel/Anley/Eren/Mehta/Hassel: The Shellcoder's Handbook - Discovering and exploiting security holes
The Internet

Lern- und Lehrformen

Possible interesting topics:

Password Security and new Authentication Methods
Security of Mobile OSes and Apps
Security of Social Web
Web Security: SSL/TLS, Web Application Firewall (WAF), ...
Email Security: Signature, Encryption, Spamming, Phishing, ...
IoT Security: Home Automation, Vehicle, ...
Virtualization and Cloud Security
Switch, Router, Gateway, and Firewalls
Intrusion Detection (IDS/IPS)
SSH Tunneling and Virtual Private Network (VPN)
IPSec, IPv6 and the relevant Security Issues
Network Scanning and Monitoring
Complex Attacks and APT
SIEM and Security Analytics
Attack Category and Vulnerability Modeling
...

Leistungserfassung

Team behavior/performance/presentation/report after each challenge (3 times) (85%)
Individual technical Presentation (15-20 mins) on a selected topic (1 time) (15%)
Intensive collaboration and discussion within the teams and challenges (bonus)

Termine

(subject to change)

12.04.2019 Introductory Session, H-2.57
22.04.2019 Assignment of individual topic; Team building and Challenge 1 Kick-off
- 19.04.2019 Subscription Deadline
22.04.-17.05.2019 Challenge 1
- Tutorial for Defenders (Team B): CW17
- Tuturial for Attackers (Team A): CW18
- Challenge 1 Live-Challenge Week: 13.-17.05.2019.
- Challenge 2 Kick-off
20.05.-14.06.2019 Challenge 2
- Challenge 1 Presentation: 24.05.2019 (tentative)
- Tutorial for Defenders (Team A): CW22
- Tuturial for Attackers (Team B): CW23
- Challenge 2 Live-Challenge Week: 10.-14.06.2019.
- Challenge 3 Kick-off
17.-28.06.2019 Challenge 3
- Challenge 2 Presentation: 21.06.2019 (tentative)
- Challenge 3 Live-Challenge Session: 28.06.2019.
12.07.2019 Individual Presentation (followed by Seminar BBQ)
31.07.2019 Deadline of final submissions, incl. Challenge 3 Report, Team VM, Slides-deck of individual presentations, etc.

Zurück