Hauptseite

News

saarsec CTF workshop (TL;DR: apply your IT security skills in practice)

Written on 08.04.23 by Julian Rederlechner

Hello there,

we are saarsec, a Capture-the-Flag Team composed of students and lecturers from Saarland University. On April 15 and 16. we will be giving a workshop to familiarize interested students with Capture-the-Flag competitions!
In CTF competitions you attack and defend against security vulnerabilities to achieve points and win the game. CTFs are a great way to actually play around with the practical details of mounting attacks and defenses you have learned about in your lectures. This practical experience is not only be beneficial for your studies but also comes in handy during later stages of your career. The workshop starts with a short introduction to Linux, followed by different topics such as File Inclusions, SQL Injections, and Command Injections. For each topic, you will learn how to find these vulnerabilities, exploit them on a large scale, and fix them. You'll spend more than 50% of the time in each slot on actual challenges!

At the end, we will host a CTF where all workshop participants compete using their newly acquired skills.

FAQ:

Q: When and where?

A: April 15th and 16th, Building E1.9 (Cispa Main Building).

Q: Requirements?

A: We do not require any certain skills as we will start with the basics. However, the knowledge from Cysec1 or Security is definitely an advantage.

Q: Sounds awesome! Where can I register or get more information?

A: https://workshop.saarsec.rocks

See you there,

saarsec

Exam inspection backup exam

Written on 06.04.23 by Ben Stock

The results for the backup exam are visible in the CMS now. For the exam inspection, the timeslot is Tuesday, April 11, 14:30 in CISPA's 0.07 room (the meeting room across the main entrance). Please note that we only have until 16:00, so we will not let anyone in after 15:30.

Backup exam in HS0.02 E1.3

Written on 03.04.23 by Julian Rederlechner

Dear all,

we switched rooms with another event. This means that the exam on 06.04 will not be in the GHH. Instead we will relocate the exam to HS0.02 building E1.3. Apart from that, everything else such as the time will remain the same!

See you on Thursday.

Exam inspection

Written on 14.02.23 by Ben Stock

Dear all,

the team is still busy grading, but given my constraints in the next weeks, we have to schedule the exam inspection right away. This will be this Thursday (February 16) from 9 to 11 in 0.02 (CISPA's showroom). We will stop letting students in at 10:30 to ensure we can end on time at 11.… Read more

Dear all,

Once the exam grades have been entered, you'll receive an email with your points and grades.

Change about exercises

Written on 19.12.22 by Ben Stock

Dear all,

we received feedback from a number of students who really appreciated the Python challenges and from others who struggled a lot, in particular in light of other lectures like MfI1 and Prog1. Therefore, we have decided to alleviate some of the burden on everyone and not release any new challenges after today (we released the fifth and final set of challenges today). This means that the total number of points you can get for the Python tasks will be 50. In addition, there are 240 points available through the regular sheets. Therefore, you need to reach 145 points in total to be admitted to the exam, while ensuring you do not flunk more than two sheets (i.e., less than 25%). If you have done the Python tasks, this will help you towards that goal, if you have not yet done any of the challenges, you need to average about 60% of the points across all exercise sheets. To allow you to track your progress, we have added a separate "Exam Admission" category.

We hope this takes some of the pressure off and wish you a Merry Christmas (if you are celebrating) and a great start into 2023.

Teaching/theses announcement mailing list

Written on 13.12.22 by Ben Stock

Dear all,

On behalf of my colleague Giancarlo Pellegrino, let me tell you that CISPA has set up a dedicated mailing list to announce open hiwi positions, topics for theses, talk announcements, and other student-related activities (e.g., taking parts in studies we run). The list is moderated by… Read more

Dear all,

You can self-subscribe through https://lists.cispa.saarland/listinfo/teaching-announce

Lecture cancelled

Written on 11.12.22 by Ben Stock

Unfortunately, I will not be able to make it to tomorrow's lecture given a second hit of some infection. I have made the video and slides available already. Note that the lecture on December 19 will be fully online given the shutdown of the university heating system between December 19 and January 8.

A note on plagiarism

Written on 05.12.22 by Ben Stock

Dear all,

since we have had a couple of cases already, let me clarify a couple of things about what makes a case of plagiarism.

Copying from previous years' sample solutions: we may reuse tasks from prior years and some of you may have either taken the course before or know others that have.… Read more

Dear all,

since we have had a couple of cases already, let me clarify a couple of things about what makes a case of plagiarism.

Copying from previous years' sample solutions: we may reuse tasks from prior years and some of you may have either taken the course before or know others that have. You may also share the solutions with others through Discord et al. This is plagiarism, irrespective of whether you change a couple of words.
Using online resources: I'm happy if you use additional material beyond the lecture slides to understand a subject. If you, however, start copying sentences (or parts therefore), this is plagiarism, irrespective of whether you change a couple of words.
You have taken the lecture last year and just copy in your solutions without understanding? This is self-plagiarism and also forbidden.

Any student who was caught in conducting any such action before today has already received (at least) a warning through 0P on the sheets. Going forward, anyone with a previous warning and another attempt to plagiarize will be excluded from the exam. Similarly, 0P will be handed out to anyone trying this for the first time, with the second time also leading to exclusion from the exam.

I know the first semester is challenging and plagiarizing might seem like a solution to get the exam admission. However, if you have personal reasons (e.g., family emergencies) and are unable to finish a sheet, I will not hold this against you and be generous in enforcing the admission rules. If you try to cheat, though, you loose any good will from us. Or simply put: if you do only half the sheet, you still have chances to get half of the points. If you plagiarize, you'll get 0P on the entire sheet irrespective of whether you did parts by yourself.

Finally, I know the vast majority of students neither conducts such actions nor endorse them. We have these strict rules in place to ensure that everyone who does the exercises themselves is not unfairly treated given the cheats of others. Hence, if you read this far and are not affected, please disregard this message :-)

Thanks

No lecture tomorrow, December 5

Written on 04.12.22 by Ben Stock

Unfortunately, I need to cancel tomorrow's lecture. I caught a pretty severe cold and my voice isn't back up to a point where I could do a 90-minute lecture. I have uploaded the video from last year, please use this is to prepare for the exercises. If you have questions or something is unclear, feel… Read more

Error in Challenge 3

Written on 03.12.22 by Julian Rederlechner

Dear all,

there is an error in one of the tests of Challenge 3. In the # Test part 4 section of the code, it should be expected_keys = ((33, 17), (3, 11, 13)) instead of expected_keys = ((33, 17), (3, 11, 6)), or in other words, the expected d should be 13 and not 6. Sorry for the… Read more

Dear all,

Have a great weekend and see you on Monday!

Office Hours

Written on 28.11.22 by Julian Rederlechner

Dear all,

we have decided to offer a weekly office hour in addition to the tutorials. Office hours will be held every Tuesday from 9-11am via Zoom. You can find the link to it in the Office Hour tab of the CMS.

Furthermore, here is the link to the survey about the second challenge: … Read more

Dear all,

Furthermore, here is the link to the survey about the second challenge: https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_0Vd1fsnE6rE2yxw

Challenge Submissions

Written on 25.11.22 by Julian Rederlechner

Dear all,

as some of you noticed, we had some problems with our Python execution framework/GameServer. To ensure that these unforeseen issues do not delay your exercise progress, we have decided that the best and fastest solution would be to upload the submissions to the CMS instead. This means that from now on and for all future challenges, all submissions will be made using the CMS and not the GameServer. We are very sorry for this inconvenience!

As a side note: In the past, there were cases in which antivirus software blocked the upload of files that contained code. If you encounter such problems, you should check this first!

Survey Challenge Sheet 1

Written on 24.11.22 by Julian Rederlechner

Dear all,

we created a survey to get a better idea of how well you are doing with the first challenge sheet. You can find it here: https://qfreeaccountssjc1.az1.qualtrics.com/jfe/form/SV_aVOe45uKPoNF0Me

This survey is not tied to a deadline, so you can take it at any time.

Extended deadline

Written on 19.11.22 by Julian Rederlechner

Dear all,

since the tutorials covering the topics required to solve the challenges are very close to the submission date, we have decided to extend the deadlines, giving you two weeks to solve the challenges. In other words, once a challenge is published, you have one week to play around and then at the end of the week ask questions about the challenge and familiarize yourself with the topics in the tutorial. After that, you have another week to solve it with the newly acquired knowledge. Note that the change only applies to the challenges, and not to the deadlines for the exercise sheets!

This means that the deadline for this week's challenge will be extended from 21/11/2022 to 28/11/2022 at 11:59. Additionally, this means that we will not make our GameServer available until shortly before the new deadline.

Thanks to everyone who provided constructive feedback, it really helps us improve our course!

Sheets Graded & Exam Admission

Written on 16.11.22 by Julian Rederlechner

Dear all,

the exercise sheets are graded and the results are visible for you in the CMS.

Dear all,

the exercise sheets are graded and the results are visible for you in the CMS.

In addition, we would like to clarify that both the exercise and challenge sheets are part of the requirements for exam admission. You must achieve at least 50% of all possible points combined and not 50% of the exercise sheets and 50% of the challenge sheets. In contrast, the 25% rule applies only to the exercise sheets and not to the challenges.

Second Exercise Sheet & First Challenges

Written on 14.11.22 by Julian Rederlechner

Dear all,

we just uploaded the second exercise sheet to the Materials page of the CMS. Note that this exercise sheet is due for submission on Monday, 21/11/2022 at 11:59 (i.e., right before the lecture).

Additionally, we have uploaded the first challenge sheet. You can find it in the… Read more

Dear all,

we just uploaded the second exercise sheet to the Materials page of the CMS. Note that this exercise sheet is due for submission on Monday, 21/11/2022 at 11:59 (i.e., right before the lecture).

Additionally, we have uploaded the first challenge sheet. You can find it in the Python Challenges section on the Materials page. The deadline for the submission is Monday, 21/11/2022 at 11:59 as well. Unlike the exercise sheets, you have to upload your solutions to https://cysec1.de/ and not to the CMS. For more details, please read the submission instructions carefully.

First Exercise Sheet & Group Submissions

Written on 31.10.22 by Julian Rederlechner

Dear all,

we just uploaded the first exercise sheet to the Materials page of the CMS. Note that this exercise sheet is due for submission on Monday, 14/11/2022 at 11:59 (i.e., right before the lecture). You can upload your solution as a pdf file in the Submissions section of your Personal Status… Read more

Dear all,

There you will also find the Teams section allowing you to submit your solution in groups of 2. You can create, join, and change your group until just before the first submission deadline. From that point on, teams cannot be changed and will remain until the end of the course.

Note that only one of you has to upload the solution if you submit it as a group!

Tutorials assigned & preparation

Written on 27.10.22 by Julian Rederlechner

Dear all,

we just assigned the tutorials. Please check in your "Personal Status" page to see your tutorial.

Since we will introduce you to Python in tomorrow's tutorial and want to do it very interactively, you will need to install all the necessary tools in advance. For this purpose, we added… Read more

Dear all,

we just assigned the tutorials. Please check in your "Personal Status" page to see your tutorial.

Since we will introduce you to Python in tomorrow's tutorial and want to do it very interactively, you will need to install all the necessary tools in advance. For this purpose, we added a Getting started with Python section to the Information tab of the CMS. There you will find the most important links to download everything required.

For those of you attending a tutorial in the CISPA lecture hall, it means building E9.1 room 0.05.

Have a great day and see you tomorrow!

Reminder: tutorial preferences

Written on 25.10.22 by Ben Stock

As a reminder, please make sure to bid on tutorials by Thursday, noon. After that, we will assign tutorial slots and the tutorial start this Friday.

Clarification on tutorials

Written on 20.10.22 by Ben Stock

Just to clarify: while the lectures will be streamed, the tutorial only happen in person. Should Corona require this at a later time, we would then shift to all-online tutorials.

Welcome Video & Next Steps

Written on 19.10.22 by Ben Stock

Dear all,

welcome to the 2022/2023 iteration of Foundations of Cybersecurity 1! Unfortunately, I will be unable to be present for next week's lecture slot - normally we'd just skip the first slot. However, for this year, we have a novelty through an introduction into Python in the first tutorials. So, to allow tutorials to happen in the first week, I therefore recorded a quick intro video to explain how our lecture will work. Please find the details of how to access the recordings through Access to Lectures and the corresponding slides (with bugfixes) in the Materials Section.

Please also make sure to provide "exclusion points" for the tutorial slots. This can be done on your personal status page. We will assign tutorials on Wednesday, October 26, to allow you to go to the correct tutorial on Friday, October 28, when the tutorials start.

After those, we will have a regular lecture on October 31 in Günter-Hötz Lecture Hall (GHH).

Looking forward to meet you all in person!

Show all

Foundations of Cybersecurity 1

Students learn foundational security principles, basics of cryptography, network and network security, as well as privacy-preserving mechanisms. They learn to define security goals and are familiarized with the most common attack scenarios.

The lecture happens every Monday 12-14 in GHH. The tentative schedule is as follows:

24.10.2022 - Organization (recording only, no lecture!)
31.10.2022 - Information Security Goals, Legal Aspects in Germany
07.11.2022 - Python 101
14.11.2022 - Basic of Crypography 1: Historic Ciphers and Symmetric Cryptography
21.11.2022 - Basic of Crypography 2: Hashes and MACs, Asymmetric Cryptography (Diffie-Hellman, Elgamal)
28.11.2022 - Basic of Crypography 3: Asymmetric Cryptography (RSA), Public Key Infrastructure
5.12.2022 - Authentication
12.12.2022 - Network Security 1: LAN, WLAN, ARP, and DHCP
19.12.2022 - Network Security 2: IPv4, IPv6, Routing
2.1.2023 - Network Security 3: UDP, TCP, and Firewalls
9.1.2023 - Network Security 4: DNS and DNSSEC
16.1.2023 - Network Security 5: TLS, HTTPS, and Certificate Management
23.1.2023 - Network Security 6: Denial of Service and Anonymous Communication
30.1.2023 - Web Security
6.2.2023 - Exam Preparation