Hasso-Plattner-Institut
Hasso-Plattner-Institut
  
Login
 

Cops & Robbers (Sommersemester 2019)

Dozent: Dr. Feng Cheng (Internet-Technologien und -Systeme)
Tutoren: Marian Gawron Pejman Najafi

Allgemeine Information

  • Semesterwochenstunden: 4
  • ECTS: 6
  • Benotet: Ja
  • Einschreibefrist: 26.04.2019
  • Lehrform: Seminar / Projekt
  • Belegungsart: Wahlpflichtmodul
  • Lehrsprache: Deutsch

Studiengänge & Module

IT-Systems Engineering BA
  • ISAE-Grundlagen
  • ISAE-Vertiefung
  • OSIS-Grundlagen
  • OSIS-Vertiefung
  • SAMT-Grundlagen
  • SAMT-Vertiefung

Beschreibung

This experimental project seminar is about learning and training with the advanced techniques of practical system and network security. We will have two teams (each with about 4-5 members) defeating each other or the tutoring team within three challenges - with changing roles either as attackers or defenders of a target IT system. For each challenge, the teams will have 4 weeks to prepare their arms: setting up a secure system (under given constraints) for the defenders, choosing and testing recon and penetration tools for the attackers. After preparation, the teams will fight out a supervised Capture-the-Flag live challenge session.

Besides, each participant will select a security relevant topic, do research on it (reading and testing), and give a short presentation (15-20 mins) at the end of the seminar.


Topics for the challenges:
    1. System- and Network Security
    2. Web- and Service/Application Security
    3. The whole bunch

Topics for individual research topics (come later)

Important Notice: We are NOT guiding you for hacking and participation in this seminar could NOT be an excuse for any kinds of your malicious actions towards unauthorized resources over Internet!!!

Voraussetzungen

Good knowledge in

  • networking technologies (TCP/IP stack, ...)
  • operating systems (memory management, ...)


Strong interest in security and good team-working skills. If you got interested while seeing this page, please do not wait and just drop a line to Feng (feng.cheng"at"hpi.de) and then come to the first session.

Literatur

Lern- und Lehrformen

Possible interesting topics:

  1. Password Security and new Authentication Methods
  2. Security of Mobile OSes and Apps
  3. Security of Social Web  
  4. Web Security: SSL/TLS, Web Application Firewall (WAF), ...
  5. Email Security: Signature, Encryption, Spamming, Phishing, ...
  6. IoT Security: Home Automation, Vehicle, ...
  7. Virtualization and Cloud Security 
  8. Switch, Router, Gateway, and Firewalls
  9. Intrusion Detection (IDS/IPS)
  10. SSH Tunneling and Virtual Private Network (VPN)
  11. IPSec, IPv6 and the relevant Security Issues
  12. Network Scanning and Monitoring
  13. Complex Attacks and APT
  14. SIEM and Security Analytics
  15. Attack Category and Vulnerability Modeling
  16. ...

Leistungserfassung

  • Team behavior/performance/presentation/report after each challenge (3 times) (85%)
  • Individual technical Presentation (15-20 mins) on a selected topic (1 time) (15%)
  • Intensive collaboration and discussion within the teams and challenges (bonus)

Termine

(subject to change)

  • XXXX Introductory Session, H-2.57
  • XXXXX Assignment of individual topic; Team building and Challenge 1 Kick-off

    • XXX Subscription Deadline

  • XXXXX Challenge 1

    • Tutorial for Defenders (Team B): CW18
    • Tuturial for Attackers (Team A): CW19
    • Challenge 1 Live-Challenge Week: XXXXX
    • Challenge 2 Kick-off

  • XXXXXX Challenge 2

    • Challenge 1 Presentation: XXXXX (tentative)
    • Tutorial for Defenders (Team A): CW22
    • Tuturial for Attackers (Team B): CW23
    • Challenge 2 Live-Challenge Week: XXXXX
    • Challenge 3 Kick-off

  • XXXXX Challenge 3

    • Challenge 2 Presentation: XXXX (tentative)
    • Challenge 3 Live-Challenge Session: XXXXX

  • XXXXX Individual Presentation (followed by Seminar BBQ)
  • XXXXX Deadline of final submissions, incl. Challenge 3 Report, Team VM, Slides-deck of individual presentations, etc.

Zurück