News
Exam locationWritten on 14.08.25 by Ali Abbasi Hi,
Exam location tomorrow will be at Cispa building in Campus room C0-2.01(Cispa building at UdS campus, second floor, room 2.01) You should bring your own laptop to show us your work.
Cheers, Ali
|
|||||||||||||||||||||||||||||||
Some notes about the final projectWritten on 12.08.25 by Ali Abbasi Hi, I want to remind you about how your work is evaluated. Your final project is about the entire process, not just the final bug you find in the control target or fuzzing a new target. We want to see your methodology, your attempts, and your learning. Each of these steps helps you get a better… Read more Hi, I want to remind you about how your work is evaluated. Your final project is about the entire process, not just the final bug you find in the control target or fuzzing a new target. We want to see your methodology, your attempts, and your learning. Each of these steps helps you get a better grade. See you all on Thursday.
Cheers, Ali
|
|||||||||||||||||||||||||||||||
Exam ScheduleWritten on 08.08.25 (last change on 08.08.25) by Ali Abbasi Hi, Below is your exam schedule for 14 August. If your Mat. number is not listed, you should contact us ASAP.
Hi, Below is your exam schedule for 14 August. If your Mat. number is not listed, you should contact us ASAP.
|
|||||||||||||||||||||||||||||||
Winter is Coming… and So Is Your ExamWritten on 06.08.25 (last change on 06.08.25) by Ali Abbasi Hi,
We decided to set the exam date exactly on 14 August (the original plan was between 12 and 14 August). As a result of this move, you will have one additional day to submit the final project (until 12th August instead of 11th August). We will soon provide the schedule for the exact time of… Read more Hi,
We decided to set the exam date exactly on 14 August (the original plan was between 12 and 14 August). As a result of this move, you will have one additional day to submit the final project (until 12th August instead of 11th August). We will soon provide the schedule for the exact time of your verbal exam. Furthermore, since one of you asked about it, you are not obliged to use Fuzzware for your firmware rehosting/fuzzing campaign. You can use any other rehosting/fuzzing tool (e.g., Hoedur, MULTIFUZZ, GDMA, P2IM, SAFIREFUZZ, Icicle, etc.) as you wish. However, you are probably way more familiar with Fuzzware now than with any other tool. Additionally, please take a look at the exam info presentation. It is extremely important that you deliver the required documents and materials.
Cheers, Ali
|
|||||||||||||||||||||||||||||||
Final Project Control TargetWritten on 31.07.25 (last change on 31.07.25) by Ali Abbasi Hi, Just to make sure there is no confusion: The first (control) target is BLE_GAP of mbed-os (which you had to build as part of your homework). To make your life easier and enable fuzzing, we decided to provide you with two patches. Please apply the following: Hi, Just to make sure there is no confusion: The first (control) target is BLE_GAP of mbed-os (which you had to build as part of your homework). To make your life easier and enable fuzzing, we decided to provide you with two patches. Please apply the following:
If it helps, you could look at: https://github.com/ARMmbed/mbed-os-example-ble/tree/development/BLE_GAP https://github.com/ARMmbed/mbed-os https://os.mbed.com/docs/mbed-os/v6.16/build-tools/use.html
For those who could not do the homework, where you built the BLE GAP: Clone the BLE_GAP example from the repo BLE GAP. Initialize the project with mbed-tools, which will automatically clone the required submodules, including the mbed-os repository. Apply the above-mentioned patches directly to the main mbed-os repository within your project directory. |
|||||||||||||||||||||||||||||||
Reminder on registration for the examWritten on 29.07.25 by Ali Abbasi Hi, This is a reminder that you need to register for the course exam if you plan to do it. Cheers, Ali
|
|||||||||||||||||||||||||||||||
Extended deadline for exercise 10Written on 21.07.25 by Ali Abbasi Hi I just extended deadline for the fuzzware exercise. You will have now one additional week. There will be no further deadline extension, no matter how busy you are with your other exams.
Cheers, Ali
|
|||||||||||||||||||||||||||||||
Submission of SSH Public KeysWritten on 16.07.25 by Ali Abbasi Hi, To give you access to the Fuzzing servers for your exam, we need you to submit your public SSH key in the submission form (SSH Public Key for Project) by the end of this week so we can send server information next week.
Cheers, Ali
|
|||||||||||||||||||||||||||||||
Coverage mapping plugin for GhidraWritten on 16.07.25 by Pouya Narimani Hi,
Here is the link for Cartographer: https://github.com/fuzzware-io/Cartographer
Pouya |
|||||||||||||||||||||||||||||||
Zoom link for online tutorialWritten on 09.07.25 by Ali Abbasi Hi, Below is the Zoom link for the online tutorial:
https://cispa-de.zoom-x.de/j/67799361935?pwd=z1eVEXuEMsaLvBPkN8M7FRPk1xmarv.1
Ali
|
|||||||||||||||||||||||||||||||
Rescheduled Tutorial SessionWritten on 04.07.25 by Ali Abbasi Hi, We have rescheduled the tutorial session that was previously cancelled. The new session will take place on Monday from 12:00 to 14:00.
You can join the session using the following Zoom link: https://cispa-de.zoom-x.de/j/62673833430?pwd=y8ajr2CXScRac6fe0Q0rUUbzk27eE3.1
A… Read more Hi, We have rescheduled the tutorial session that was previously cancelled. The new session will take place on Monday from 12:00 to 14:00.
You can join the session using the following Zoom link: https://cispa-de.zoom-x.de/j/62673833430?pwd=y8ajr2CXScRac6fe0Q0rUUbzk27eE3.1
A recording will be provided afterward, in case the timing conflicts with other commitments.
Cheers, Ali
|
|||||||||||||||||||||||||||||||
Cancellation of Tutorial TodayWritten on 02.07.25 by Ali Abbasi Hi, Sorry for late minute cancellation. We just received this info now. Cheers |
|||||||||||||||||||||||||||||||
Deadline Flexibility for Students Affected by Ongoing ConflictsWritten on 18.06.25 by Ali Abbasi Hi,
It was brought to our attention that some students may be affected by the escalating tensions in the Middle East, particularly due to concerns for family members in the region. We understand that such circumstances can cause ongoing stress and make it difficult to focus on your… Read more Hi,
It was brought to our attention that some students may be affected by the escalating tensions in the Middle East, particularly due to concerns for family members in the region. We understand that such circumstances can cause ongoing stress and make it difficult to focus on your studies. If you are experiencing difficulties as a result and are finding it hard to concentrate, please feel free to reach out. For affected students, we will offer deadline extensions for exercises on a case-by-case basis for as long as necessary.
Cheers, |
|||||||||||||||||||||||||||||||
Extending deadline for Exercise sheet 5Written on 03.06.25 by Ali Abbasi Hi, We have extended the deadline for Sheet 5. It would help if you start earlier with the challenges. Often we do not see any forum activity regarding the exercises until the very last day. Cheers, Ali
|
|||||||||||||||||||||||||||||||
Extending deadline for Exercise sheet 3Written on 20.05.25 by Ali Abbasi Hi, Some of you had a problem with the Renode challenge. We extended the deadline for the Renode challenge until the end of this week. The answer sheet will also be released end of the week. Additionally, based on CISPA's front office request we have to move our tutorial location from C0.05 to… Read more Hi, Some of you had a problem with the Renode challenge. We extended the deadline for the Renode challenge until the end of this week. The answer sheet will also be released end of the week. Additionally, based on CISPA's front office request we have to move our tutorial location from C0.05 to C0.02 (right across the hall). The first lecture slide is updated to reflect this change.
Cheers, Ali
|
|||||||||||||||||||||||||||||||
First Exercise Sheet ReleasedWritten on 30.04.25 by Julian Rederlechner Hello everyone, Just a quick reminder: We released the first exercise sheet yesterday. It's due next Tuesday, 06.05, at 12:00, right when the lecture starts. Hope you're having a great day, and see you in the tutorial! |
|||||||||||||||||||||||||||||||
Room for tutorialWritten on 22.04.25 by Ali Abbasi Hi,
As mentioned today, the tutorial room for tomorrow is C0-0.07. Also, you do not need to register for two or three time slots simultaneously, you just have to register for one slot. Tomorrow you will get familiar with basic hardware stuff such as the UART… Read more Hi,
As mentioned today, the tutorial room for tomorrow is C0-0.07. Also, you do not need to register for two or three time slots simultaneously, you just have to register for one slot. Tomorrow you will get familiar with basic hardware stuff such as the UART interface.
Cheers, Ali
|
|||||||||||||||||||||||||||||||
Tutorial slotWritten on 16.04.25 (last change on 16.04.25) by Julian Rederlechner Hey everyone, Hope you're all settling into the semester smoothly. The first tutorial session for our course will be happening next week! That means it’s time to choose your preferred tutorial slot. Here are your options, all on… Read more Hey everyone, Hope you're all settling into the semester smoothly. The first tutorial session for our course will be happening next week! That means it’s time to choose your preferred tutorial slot. Here are your options, all on Wednesday:
Each slot has limited space, so if one of them is crucial for your schedule, make sure to sign up quickly! Registration opens today at 16:00 and will close on Tuesday, April 22nd at 16:00 See you soon! |
Foundations of Firmware Security
This course introduces students to the security of embedded systems, with a focus on identifying and analyzing firmware vulnerabilities. The course begins with core concepts in embedded systems and hardware communication protocols such as UART, SPI, and JTAG. Students will learn to extract and analyze firmware from real-world devices.
The curriculum then moves into reverse engineering of unknown binaries, teaching foundational techniques for recovering control and data structures. Tools such as Ghidra and QEMU are used for firmware emulation and reverse engineering. Students then explore vulnerability discovery through fuzzing and re-hosting techniques and learn to design or adapt fuzzers for analyzing embedded firmware. Additional topics include software vulnerabilities, side-channel analysis, and bug triaging. The course also includes a weekly hands-on tutorial session.
Instead of a written exam, students complete a final project report and oral exam, where they should demonstrate their skills by identifying 0-day vulnerabilities in embedded firmware.
Prerequisites
A strong background in high-level programming languages such as C and cybersecurity is essential for this course. Without it, you are very likely to struggle and fail, regardless of your confidence or prior experience. If you lack this foundation, we strongly advise against enrolling. Do not play with the fire when you know you are going to get burned.
Course Book:
We recommend the following course books so you can get familiar with the topics:
1. Fuzzing Against the Machine: Automate vulnerability research with emulated IoT devices on QEMU, ISBN: 978-1804614976
2. The Hardware Hacking Handbook: Breaking Embedded Security with Hardware Attacks, ISBN: 978-1593278748
3. Microcontroller Exploits, ISBN: 978-1718503885
More info: https://www.infomath-bib.de/tmp/vorlesungen/info-advanced_foundations-of-firmware-security.html
Time, Location, and Structure
Lectures: Tuesdays 12:00-14:00, CISPA C0-05
Tutorials: Wednesdays 10:00-12:00 (First three tutorials, are gonna be between 10:00 AM to 16:00 (in 3 blocks)
Kickoff Lecture: 22nd of April.
Course practical session for hardware-based firmware extraction
Grading
There is no written exam in this course. 40% of your final grades come from tasks and homework. 60% of your grades come from the final project report and your verbal exam. To be admitted to the exam, you must achieve at least 50% of the points from the exercises. The final project is applying learned techniques in the class to a set of targets (bypassing fuzzing obstacles, selecting and building the targets, finding vulnerable code, and writing PoC). Then the students should write a "Final Project Report". The final project report should contain a step-by-step detailed description of the whole process. To pass the course, you must score at least 50% on the final oral exam.
Strict no cheating policy
You may discuss the assignments with other students, but you are not allowed to collaborate with others on the solution. Your solution should be original and not an existing solution (e.g., from someone else, the internet, LLMs, etc). All submissions will be automatically checked for plagiarism, as we have a strict no-cheating policy. If we find a case of plagiarism, we will assign zero points. If you ever get stuck, you can ask questions in the forum or participate in the exercise lessons. We invite you to help fellow students who have asked questions but avoid giving away the solution. Nobody likes spoilers :)
Regardless, the course is designed in such a way that by cheating you guarantee your failure on the final project and oral exam.
Verbal Exam
This course does not have a written exam. At the end of the semester, there will be an oral exam of your final project for 30 minutes. All questions of the oral exam are in English. You need to bring your laptop and present your final project report step by step. We will ask related questions about the report and lectures.
Verbal Exam Date: 12-14 August, Between 08:00 to 17:00, room 2.01 at C0.