Cops & Robbers (Sommersemester 2019)
Dozent: Dr. Feng Cheng
(Internet-Technologien und -Systeme)
- Semesterwochenstunden: 4
- ECTS: 6
- Einschreibefrist: 26.04.2019
- Lehrform: Seminar / Projekt
- Belegungsart: Wahlpflichtmodul
- Lehrsprache: Deutsch
Studiengänge & Module
This experimental project seminar is about learning and training with the advanced techniques of practical system and network security. We will have two teams (each with about 4-5 members) defeating each other or the tutoring team within three challenges - with changing roles either as attackers or defenders of a target IT system. For each challenge, the teams will have 4 weeks to prepare their arms: setting up a secure system (under given constraints) for the defenders, choosing and testing recon and penetration tools for the attackers. After preparation, the teams will fight out a supervised Capture-the-Flag live challenge session.
Besides, each participant will select a security relevant topic, do research on it (reading and testing), and give a short presentation (15-20 mins) at the end of the seminar.
Topics for the challenges:
1. System- and Network Security
2. Web- and Service/Application Security
3. The whole bunch
Topics for individual research topics (come later)
Important Notice: We are NOT guiding you for hacking and participation in this seminar could NOT be an excuse for any kinds of your malicious actions towards unauthorized resources over Internet!!!
Good knowledge in
- networking technologies (TCP/IP stack, ...)
- operating systems (memory management, ...)
Strong interest in security and good team-working skills. If you got interested while seeing this page, please do not wait and just drop a line to Feng (feng.cheng"at"hpi.de) and then come to the first session.
Lern- und Lehrformen
Possible interesting topics:
- Password Security and new Authentication Methods
- Security of Mobile OSes and Apps
- Security of Social Web
- Web Security: SSL/TLS, Web Application Firewall (WAF), ...
- Email Security: Signature, Encryption, Spamming, Phishing, ...
- IoT Security: Home Automation, Vehicle, ...
- Virtualization and Cloud Security
- Switch, Router, Gateway, and Firewalls
- Intrusion Detection (IDS/IPS)
- SSH Tunneling and Virtual Private Network (VPN)
- IPSec, IPv6 and the relevant Security Issues
- Network Scanning and Monitoring
- Complex Attacks and APT
- SIEM and Security Analytics
- Attack Category and Vulnerability Modeling
- Team behavior/performance/presentation/report after each challenge (3 times) (85%)
- Individual technical Presentation (15-20 mins) on a selected topic (1 time) (15%)
- Intensive collaboration and discussion within the teams and challenges (bonus)
(subject to change)
- XXXX Introductory Session, H-2.57
- XXXXX Assignment of individual topic; Team building and Challenge 1 Kick-off
- XXX Subscription Deadline
- XXXXX Challenge 1
- Tutorial for Defenders (Team B): CW18
- Tuturial for Attackers (Team A): CW19
- Challenge 1 Live-Challenge Week: XXXXX
- Challenge 2 Kick-off
- XXXXXX Challenge 2
- Challenge 1 Presentation: XXXXX (tentative)
- Tutorial for Defenders (Team A): CW22
- Tuturial for Attackers (Team B): CW23
- Challenge 2 Live-Challenge Week: XXXXX
- Challenge 3 Kick-off
- XXXXX Challenge 3
- Challenge 2 Presentation: XXXX (tentative)
- Challenge 3 Live-Challenge Session: XXXXX
- XXXXX Individual Presentation (followed by Seminar BBQ)
- XXXXX Deadline of final submissions, incl. Challenge 3 Report, Team VM, Slides-deck of individual presentations, etc.