Hasso-Plattner-InstitutSDG am HPI
Hasso-Plattner-InstitutDSG am HPI
Login
 

"Räuber und Gendarm" (CTF-Szenarien) (Sommersemester 2011)

Dozent: Prof. Dr. Christoph Meinel (Internet-Technologien und -Systeme) , Dr. Feng Cheng (Internet-Technologien und -Systeme)

Allgemeine Information

  • Semesterwochenstunden: 4
  • ECTS: 6
  • Benotet: Ja
  • Einschreibefrist: 26.04.2011
  • Lehrform: Seminar
  • Belegungsart: Wahlpflichtmodul

Studiengänge

  • IT-Systems Engineering BA

Beschreibung

This experimental project seminar is about advanced techniques in practical system and networking security.

We will have two teams defeating each other or the tutoring team within three challenges - with changing roles either as an attacker or defender of a target IT system.

For each challenge, the teams will have 4 weeks to prepare their arms: setting up a secure system (under given constraints) for the defenders, choosing and testing recon and penetration tools for the attackers. After preparation, the teams will fight out a supervised Capture-the-Flag contest.

Topics for the challenges:

  1. Network Security
  2. Web- and Application Security
  3. The whole bunch

Important Notice: We are NOT guiding you for hacking and participation in this seminar could NOT be an excuse for any kinds of your malicious actions towards unauthorized resources over Internet!!!

Voraussetzungen

  • Good knowledge in
  • networking technologies (TCP/IP stack, ...)
  • operating systems (memory management, ...)

Very good knowledge in security basics (i.e., lecture on Internet Security - Weaknesses and Targets)

This seminar has a limited number of participants! Up to 10 students can apply!

  • If you got interest while seeing this page, please do not wait and just drop an email to Feng (put Sebastian on cc) to show your interest and then come to the first session on April 15.
  • After the first session, the selection will be done based on an integrated algorithm (combining FCFS, ITS lecture Scores, and other factors) and the invitation email will be sent to the selected participant.
  • Frau Pamperin will accept your subscription form only in case the you show her the invitation email. Please do not directly subscribe by her before Apri 22.

 

News

  • 15.07.2011: The photos for the last challenges have been uploaded. You can find on the page.
  • 27.06.2011: The photos for the first two challenges have been uploaded. Enjoy yourselves from here.
  • 26.04.2011: Two teams have been built for the seminar.
  • 18.04.2011: Due to  the Easter Holiday, we have to cancel this week's session on April 22. You will get the invitation email around 18 o'clock on April 21. Please shortly come to my office (H-1.13) after holidays on April 26 to draw for the team and topic as well as pick up the requirement list for the first challenge. You can come individually at any time (9-18 o'clock) on April 26.  
  • 15.04.2011: Due to the conflict with 2011 Retreat of HPI Research School, the room has been changed to H-2.57.

Literatur

Leistungserfassung

  • Team presentation/report after each challenge
  • Individual technical Presentation (15-20 mins) on a selected topic
  • Intensive collaboration and discussion within the teams and challenges

 

Topic List for Individual Presentations

  • New Attacks on Smartphone (Angelo)
  • Security Issues of Social Websites (Hubert)
  • Introduction to Scanners (Eric)
  • New Attacks using Social Engineering (Steffen)
  • Attacks on Router, Switch, and WLAN Access Point (Martin)
  • Security Issues of Virtualization (Max)
  • Vulnerability Model and Popular VDBs (Daniel)
  • Modeling Attack using Attack Graph (Jens)
  • Protecting Privacy on Cloud (Jan)
  • IT-Security related Laws, Rules, and Regulations in Germany (Matthias)
  • Fuzzing Techniques
  • Taint-Analysis for IT Security
  • Reverse-Engineering
  • ...... 

Termine

  • 15.04.2011: Introductory Session (!!! change to Room H-2.57!!!)
  • 21.04.2011: Email Subscription Deadline (18 o'clock)
  • 26.04.2011: Official Subscription Deadline  (!!! changed from  22.04.2011!!!)
    • Submission of the Subscription Form to Frau Pamperin
    • Team building
    • Topic selection
    • Challenge 1: Requirement Lists
  • 29.04.2011: Challenge 1:
    • Q&A: Onsite meeting upon request
  • 06.05.2011: Challenge 1: 
    • Attacker Team Meeting: Attack tools
    • Defender Team Meeting: Defending Ideas
  • 13.05.2011: Challenge 1:
    • Attacker Team Meeting: Attacking path
    • Defender Team Meeting: Defending Architecture
  • 16.-20.05.2011: Challenge 1 Live-Show Week
    • Monday: Delivery of Defending Network (CET 20 pm)
    • Tuesday: Meeting with Defender Team (Architecture Introduction and Rule Discussion)
    • Wednesday: Q&A Court (Defender Team, Attacker Team, and Tutors)
    • Thursday: Game Rule Distribution
    • Friday: Live-Show Session (Photos)
  • 27.05.2011: Inbetween Session 
    • Challenge 1: Presentation
    • Challenge 2: Requirement Lists (per email CET 18 pm)
  • 03.06.2011: Challenge 2:
    • Q&A: Onsite meeting upon request
  • 10.06.2011: Challenge 2: 
    • Attacker Team Meeting: Attack tools
    • Defender Team Meeting: Defending Ideas
  • 17.06.2011: Challenge 2:
    • Attacker Team Meeting: Attacking path
    • Defender Team Meeting: Defending Architecture
  • 20.-24.06.2011: Challenge 2 Live-Show Week
    • Monday: Delivery of Defending Network (CET 20 pm)
    • Tuesday: Meeting with Defender Team (Architecture Introduction and Rule Discussion)
    • Wednesday: Q&A Court (Defender Team, Attacker Team, and Tutors)
    • Thursday: Game Rule Distribution
    • Friday: Live-Show Session (Photos)
  • 01.07.2011: Inbetween Session 
    • Challenge 2: Presentation
    • Challenge 3: Introduction and Research Recommendations
  • 08.07.2011: Individual Technical Presentation Session I&II
  • 15.07.2011: Live-Show Day (Photos)
    • Challenge 3: Live-Show Session
    • Closing BBQ 
  • 01.08.2011: Challenge 3: Deadline for Report Submission (CET 15 pm)
  • 09.2011: Presentation (FG-Meinel Research Seminar, no-mandatory)

(Last Modified: 27.07.2011) 

    Zurück