Cops and Robbers (Sommersemester 2012)

Dozent: Prof. Dr. Christoph Meinel (Internet-Technologien und -Systeme) , Dr. Feng Cheng (Internet-Technologien und -Systeme)

Allgemeine Information

• Semesterwochenstunden: 4
• ECTS: 6
• Benotet: Ja
• Einschreibefrist: 1.4.2012 - 25.4.2012
• Lehrform: Projektseminar
• Belegungsart: Wahlpflichtmodul

Studiengänge, Modulgruppen & Module

Beschreibung

(last update: 15.07.2012)

This experimental project seminar is about advanced techniques in practical system and networking security.

We will have two teams defeating each other or the tutoring team within three challenges - with changing roles either as an attacker or defender of a target IT system.

For each challenge, the teams will have 4 weeks to prepare their arms: setting up a secure system (under given constraints) for the defenders, choosing and testing recon and penetration tools for the attackers. After preparation, the teams will fight out a supervised Capture-the-Flag contest.

Topics for the challenges:

1. System- and Network Security
2. Web- and Application Security
3. The whole bunch

Important Notice: We are NOT guiding you for hacking and participation in this seminar could NOT be an excuse for any kinds of your malicious actions towards unauthorized resources over Internet!!!

Voraussetzungen

• Good knowledge in
• networking technologies (TCP/IP stack, ...)
• operating systems (memory management, ...)

Very good knowledge in security basics (i.e., lecture on Internet Security - Weaknesses and Targets)

• Only 10 participants will be accepted for this seminar.
• If you got interest while seeing this page, please do not wait and just drop an email to Feng (put Sebastian on cc) to show your interest and then come to the first session on 20.04.2012.
• The invitation email will be sent to the selected participant after the first session. Frau Pamperin will accept the subscription of the selected participants o the list. Please do not directly subscribe by her before.

News

• 27.04.2012 The first challenge has been kicked off today. Please make an appointment with me for the meeting in the next week (The email should come to me two hours before the meeting).
• 23.04.2012 The notfication emails have been sent to the selected students. Please go directly to Frau Pamperin for the official subscription.
• 20.04.2012 Thank you for coming for the first session and sorry for the beamer issue. Here are the slides for today. Please check your email on 23.04.2012 (Monday).

Literatur

• William R. Cheswick, Steven M. Bellovin, “Firewalls and Internet Security”, second Edition, Addison-Wesley, 2003.
• Andrew S. Tanenbaum, "Computer Networks", fourth edition, Prentice Hall PTR, 2003. 
• Charlie Kaufman, Radia Perlman, and Mike Speciner. "Network Security: Private Communication in a Public World", second Edition, Prentice Hall PTR, 2002.
• Dafydd Stuttard, Marcus Pinto, "The Web Application Hacker's Handbook: Discovering and Exploiting Security Flaws",  Wiley & Sons, 2007.
• Interesting Websites: Phrack Magazine, Metasploit, THC, openPGP, nmap, ...

Leistungserfassung

• Team presentation/report after each challenge
• Individual technical Presentation (15-20 mins) on a selected topic
• Intensive collaboration and discussion within the teams and challenges

Topic List for Individual Presentations

• New Attacks on Smartphone (Christian Zöllner)
• Security Issues of Social Websites (Matthias Spriner)
• Attacks on Router, Switch, and WLAN Access Point (Kai Fabian)
• Reverse-Engineering: Tools, Methods & Examples (Daniel Stelter-Gliese)
• Fuzzing Techniques: Tools, Methods & Examples (Malte Swart)
• Security Issues of Virtualization (Jan Teske)
• Privacy Issues in the Cloud (Daniel Kurzynski)
• Taint-Analysis: Tools, Methods & Examples (Christian Bartz)
• Capture the Flag: Organization and Planning (Hannes Rantzsch)
• Computer Forensics: : Tools, Methods & Examples (Thomas Werkmeister)
• Side channel attacks (Open)
• Electronic fraud (Open)
• Penetration testing and Accountability (Open)
• Malware (Open)
• Recovery: HW, SW, Data (Open)
• ...... 

Termine

20.04.2012: Introduction Session

23.04.2012: Subscription Deadline

27.04.2012: Team Building & Challenge I: Requirement list

21-25.05.2012: Challenge I: Live-Show Week

• Tuesday: Meeting with Defender Team (Delivery of Defending Network, Architecture Introduction and Rule Discussion, CET 13:30 pm)
• Wednesday: Q&A Court (Defender Team, Attacker Team, and Tutors, CET 16 pm, room H-1.13)
• Thursday: Game Rule Distribution
• Friday: Live-Show Session

01.06.2012: Inbetween Session 

• Challenge 1: Presentation (submission of slides draft and captured flags: 11:59am)
• Challenge 2: Requirement Lists

25.-29.06.2012: Challenge II: Live-Show Week

• Tuesday: Meeting with Defender Team (Delivery of Defending Network, Architecture Introduction and Rule Discussion, CET 13:30 pm, room H-1.13)
• Wednesday: Q&A Court (Defender Team, Attacker Team, and Tutors, CET 16 pm, room H-1.13)
• Thursday: Game Rule Distribution
• Friday: Live-Show Session

01.07.2012: Challenge 3: Kick-Off

10.07.2012: Inbetween Session (A-1.2, 15:15 pm)

• Challenge 2: Presentation (submission of slides draft: 11:59am)

09.-13.07.2012: Challenge III: Live-Show Week

• Thursday: Cops & Robbers Court
• Friday: Live-Show Session (A-1.1)

20.07.2012: Individual Presentation Session (H-2.58) & BBQ

Zurück