Hasso-Plattner-InstitutSDG am HPI
Hasso-Plattner-InstitutDSG am HPI
Login
 

"Räuber und Gendarm" (CTF-Szenarien) (Sommersemester 2010)

Dozent: Prof. Dr. Christoph Meinel (Internet-Technologien und -Systeme) , Dr. Feng Cheng (Internet-Technologien und -Systeme)
Tutoren: Christian Willems

Allgemeine Information

  • Semesterwochenstunden: 4
  • ECTS: 6
  • Benotet: Ja
  • Einschreibefrist: 30.04.2010
  • Lehrform:
  • Belegungsart: Wahlpflichtmodul

Studiengänge

  • IT-Systems Engineering BA

Beschreibung

This experimental project seminar is about advanced techniques in practical system and networking security.

We will have two teams defeating each other or the tutoring team within three challenges - with changing roles either as an attacker or defender of a target IT system.

For each challenge, the teams will have 4 weeks to prepare their arms: setting up a secure system (under given constraints) for the defenders, choosing and testing recon and penetration tools for the attackers. After preparation, the teams will fight out a supervised Capture-the-Flag contest.

Topics for the challenges:

  1. Network Security
  2. Web- and Application Security
  3. The whole bunch

Important Notice: We are NOT guiding you for hacking and participation in this seminar could NOT be an excuse for any kinds of your malicious actions towards unauthorized resources over Internet!!!

Voraussetzungen

Good knowledge in

  • networking technologies (TCP/IP stack, ...)
  • operating systems (memory management, ...)

Very good knowledge in security basics (i.e. lecture on Internet Security - Weaknesses and Targets)

This seminar has a limited number of participants! Up to 10 students can apply!

Literatur

Leistungserfassung

Team presentation after each challengeIndividual written report (<8 pages LNCS) from every student after every challenge: law and ethics in IT-Security, emerging security issues and techniques, as well as what they have done/learned from that phase

  • Intensive collaboration and discussion within the teams and challenges
  • Termine

    (last update on 20.07.2010)

    • 23.04.2010: First session, topic presentation
    • 30.04.2010: Subscription deadline
      • Team building
      • Challenge 1: Network Security -- Requirement Lists
    • 07.05.2010: Challenge 1:
      • Q&A: Onsite meeting upon request
    • 14.05.2010: Challenge 1: 
      • Attacker Team Meeting: Attack tools
      • Defender Team Meeting: Defending Ideas
    • 21.05.2010: Challenge 1:
      • Attacker Team Meeting: Attacking path
      • Defender Team Meeting: Defending Architecture
    • 25.05.2010: Challenge 1: 
      • Defender Team Meeting: Defending Architecture 
      • Defender team Deadline for Delivery of Defending network  (CET 18 pm)
    • 27.05.2010: Challenge 1:
      • Information released to Attacker (per email around CET 6 am)
      • Distribution of live show regulations (per email around 19 pm) 
    • 28.05.2010: Challenge 1: Live Show (Photos)
    • 04.06.2010:
      • Challenge 1 presenstation is postponed to next week due to the University Festival
    • 08.06.2010:
      • Challenge 1: Deadline for Report Submission (per email CET 15 pm)
      • Challenge 2: Web and Application Security -- Requirement Lists (per email CET 15 pm)
    • 11.06.2010:
      • Challenge 1: Presentation
      • Q&A: Onsite meeting upon request
    • 18.06.2010:  Challenge 2:
      • Attacker Team Meeting: Attack tools
      • Defender Team Meeting: Vulnerability Analysis
    • 25.06.2010: Challenge 2:
      • Attacker Team Meeting: Attacking path
      • Defender Team Meeting: Defending Architecture
    • 28.06.2010: Challenge 2:
      • Defender Team Meeting: Defending Architecture 
      • Information released to Attacker (per email around CET 19 pm)
      • Defender team Deadline for Delivery of Defending architecture (CET 18 pm)
    • 01.07.2010: Challenge 2:
      • Distribution of live show regulations (per email around 19 pm)
    • 02.07.2010: Challenge 2: Live Show (Photos)
    • 09.07.2010:
      • Challenge 2: Presentation
      • Challenge 3: Introduction and Research Recommendations
    • 16.07.2010:
      • Challenge 2: Deadline for Report Submission (per email CET 15 pm)
      • Challenge 3: Live Show  (Photos)
      • Closing BBQ  (Photos)
    • 06.08.2010: Challenge 3: Deadline for Report Submission (CET 15 pm)

    • 09.2010: Presentation (FG-Meinel Research Seminar, no-mandatory)

      Zurück