Cops & Robbers (Sommersemester 2019)

Dozent: Dr. Feng Cheng (Internet-Technologien und -Systeme)
Tutoren: Pejman Najafi

Allgemeine Information

• Semesterwochenstunden: 4
• ECTS: 6
• Benotet: Ja
• Einschreibefrist: 26.04.2019
• Lehrform: Seminar / Projekt
• Belegungsart: Wahlpflichtmodul
• Lehrsprache: Englisch

Studiengänge, Modulgruppen & Module

Beschreibung

This experimental project seminar is about learning and training with the advanced techniques of practical system and network security. We will have two teams (each with about 4-5 members) defeating each other or the tutoring team within three challenges - with changing roles either as attackers or defenders of a target IT system. For each challenge, the teams will have 4 weeks to prepare their arms: setting up a secure system (under given constraints) for the defenders, choosing and testing recon and penetration tools for the attackers. After preparation, the teams will fight out a supervised Capture-the-Flag live challenge session.

Besides, each participant will select a security relevant topic, do research on it (reading and testing), and give a short presentation (15-20 mins) at the end of the seminar.

Topics for the challenges:
    1. System- and Network Security
    2. Web- and Service/Application Security
    3. The whole bunch

Topics for individual research topics (see below)

Important Notice: We are NOT guiding you for hacking and participation in this seminar could NOT be an excuse for any kinds of your malicious actions towards unauthorized resources over Internet!!!

Voraussetzungen

Good knowledge in

• networking technologies (TCP/IP stack, ...)
• operating systems (memory management, ...)

We are looking for good team-working players with  strong interest in cyber security. If you got interested while seeing this page, please do not wait and just drop a line to Feng (feng.cheng"at"hpi.de) and then come to the first session.

Literatur

• Meinel/Sack: Digital Communication Communication, Multimedia, Security, Springer, 2014 (in English)
• Meinel/Sack: WWW-Kommunikation, Internetworking, Web-Technologien, Springer, Heidelberg, 2004. (in German)
• Stuttard/Pinto: The Web Application Hacker's Handbook - Discovering and exploiting security holes
• Koziol/Litchfield/Aitel/Anley/Eren/Mehta/Hassel: The Shellcoder's Handbook - Discovering and exploiting security holes
• The Internet

Lern- und Lehrformen

Possible interesting topics:

1. Password Security and new Authentication Methods
2. Security of Mobile OSes and Apps
3. Security of Social Web  
4. Web Security: SSL/TLS, Web Application Firewall (WAF), ...
5. Email Security: Signature, Encryption, Spamming, Phishing, ...
6. IoT Security: Home Automation, Vehicle, ...
7. Virtualization and Cloud Security 
8. Switch, Router, Gateway, and Firewalls
9. Intrusion Detection (IDS/IPS)
10. SSH Tunneling and Virtual Private Network (VPN)
11. IPSec, IPv6 and the relevant Security Issues
12. Network Scanning and Monitoring
13. Complex Attacks and APT
14. SIEM and Security Analytics
15. Attack Category and Vulnerability Modeling
16. ...

Leistungserfassung

• Team behavior/performance/presentation/report after each challenge (3 times) (85%)
• Individual technical Presentation (15-20 mins) on a selected topic (1 time) (15%)
• Intensive collaboration and discussion within the teams and challenges (bonus)

Termine

(subject to change)

• 12.04.2019 Introductory Session, H-2.57
• 22.04.2019 Assignment of individual topic; Team building and Challenge 1 Kick-off
  • 19.04.2019 Subscription Deadline
• 22.04.-17.05.2019 Challenge 1
  • Tutorial for Defenders (Team B): CW17
  • Tuturial for Attackers (Team A): CW18
  • Challenge 1 Live-Challenge Week: 13.-17.05.2019.
  • Challenge 2 Kick-off
• 20.05.-14.06.2019 Challenge 2
  • Challenge 1 Presentation: 24.05.2019 (tentative)
  • Tutorial for Defenders (Team A): CW22
  • Tuturial for Attackers (Team B): CW23
  • Challenge 2 Live-Challenge Week: 10.-14.06.2019.
  • Challenge 3 Kick-off
• 17.-28.06.2019 Challenge 3
  • Challenge 2 Presentation: 21.06.2019 (tentative)
  • Challenge 3 Live-Challenge Session: 28.06.2019.
• 12.07.2019 Individual Presentation (followed by Seminar BBQ)
• 31.07.2019 Deadline of final submissions, incl. Challenge 3 Report, Team VM, Slides-deck of individual presentations, etc.

Zurück