News
Grillin' funWritten on 23.08.19 by Ben Stock If you signed up (and paid) for the summer party, please select what you'd like to eat at https://doodle.com/poll/hgkay9mnze8wb6kr (sorry for the late notice, just saw now this was merely sent to all CISPA employees, not those people who signed up). |
||||||||||||||||||||
Hacker JeopardyWritten on 05.08.19 by Ben Stock For all those that have registered via the Doodle, please drop by CISPA's front office (first floor) and pay the fee for the BBQ. It is 10€ per person. Apart from that, the Hacker Jeopardy will start at 1pm, which gives us 2 hours before we go BBQing :-) |
||||||||||||||||||||
Grades are onlineWritten on 25.07.19 by Ben Stock I have just put the grades for the talks into the CMS and since Max has already graded the last sheet, we have finalized the grades. I'll try to find a somewhat meaningful way to enter the feedback for the talks in the CMS, but you all already got feedback right after the talk, so this is not my… Read more I have just put the grades for the talks into the CMS and since Max has already graded the last sheet, we have finalized the grades. I'll try to find a somewhat meaningful way to enter the feedback for the talks in the CMS, but you all already got feedback right after the talk, so this is not my highest priority.
Also, as a reminder: please doodle for the hacker jeopardy (even if you are not planning to come!) and do so today. |
||||||||||||||||||||
Hacker JeopardyWritten on 22.07.19 by Ben Stock As indicated, we are planning to do a Hacker Jeopardy. I have spoken with our administration and we can co-locate this with the CISPA summer party on August, 30th. The CISPA party starts at 3pm, so we plan to start the jeopardy (in a dark room, don't worry!) at 1pm. Please fill out the doodle… Read more As indicated, we are planning to do a Hacker Jeopardy. I have spoken with our administration and we can co-locate this with the CISPA summer party on August, 30th. The CISPA party starts at 3pm, so we plan to start the jeopardy (in a dark room, don't worry!) at 1pm. Please fill out the doodle at https://doodle.com/poll/7v3pvw5gf8n4muqk and indicate if you'd like to join. Importantly, please fill out the doodle by Thursday morning, as we need to tell the administration how many people will join from the proseminar. There will be a fee for the BBQ (including food and drinks) of around 10€ per person which you have to pay yourselves. If you are already joining because you are a part of CISPA (e.g., a Hiwi), please indicate that in the doodle behind your name so I don't double-book you. |
||||||||||||||||||||
Points thus far...Written on 08.07.19 by Ben Stock have already been online for a while, but we forgot to make them visible to you :-) Please check your status page. |
||||||||||||||||||||
SlidesWritten on 08.07.19 by Ben Stock Hi all, if your team's slides are not yet available in the CMS, please send them to me via email so I can make them accessible to everyone. Thanks! |
||||||||||||||||||||
Ports off-by-one in exercise sheetWritten on 20.06.19 by Ben Stock There is a small mistake on the sheet, the ports for the binary exploitation parts are off-by-one. Canary is running on 134.96.225.55 22097, roppy on 134.96.225.55 22098 (the 22096 was already in use for something else). Didn't seem to stop some teams, though :) |
||||||||||||||||||||
Snafus on exercise sheetWritten on 19.06.19 (last change on 19.06.19) by Ben Stock The message for EFAIL: SUFNVEhFSU5JVFZFQ1RPUh6gXJiwQCF8gZGD9lky0tBP6ktrSeEMUNLPZPplCjaF2f6D4eDaYy2aAcdx1VUTASsZQ/jO2UO0DU8s3tMJND32OzIwNNf0e24JrLtNFqW+MQl2UF1xckIqGJgNhqq17SO3/qaADpUBKKL+UC8JIa3q+fcMxmBkoeeatmUtxkas The message for the… Read more The message for EFAIL: SUFNVEhFSU5JVFZFQ1RPUh6gXJiwQCF8gZGD9lky0tBP6ktrSeEMUNLPZPplCjaF2f6D4eDaYy2aAcdx1VUTASsZQ/jO2UO0DU8s3tMJND32OzIwNNf0e24JrLtNFqW+MQl2UF1xckIqGJgNhqq17SO3/qaADpUBKKL+UC8JIa3q+fcMxmBkoeeatmUtxkas The message for the oracle: SUFNVEhFSU5JVFZFQ1RPUmubFD0OPl+rDhU+T/qxPH1gbc5VfYOe9on/Zmp3827o Sorry for the confusion :) |
||||||||||||||||||||
Signing up in the LSFWritten on 13.05.19 by Ben Stock I learned today that only 16/20 students have signed up for the course in the LSF. If you are one of the four who did not yet do so, write an email to Evelyn Kraska (kraska@cs.uni-saarland.de), CCing me, and ask to be added. Please do so by Wednesday, as we will otherwise be forced to kick you out… Read more I learned today that only 16/20 students have signed up for the course in the LSF. If you are one of the four who did not yet do so, write an email to Evelyn Kraska (kraska@cs.uni-saarland.de), CCing me, and ask to be added. Please do so by Wednesday, as we will otherwise be forced to kick you out of the course. |
||||||||||||||||||||
Ex1: Task 2Written on 12.05.19 by Sven Bugiel If you solved Task 2 (https://androidlecture.de:5000/tortjader responded with code HTTP code 200 to the POST and signaled successful login) but the same password didn't give you flag: there was a typo in the flagserver, it should now give the flag if used with the right password. |
||||||||||||||||||||
Just noticed an update to Tor's social accountsWritten on 10.05.19 by Sven Bugiel We just noticed an update to some of Tor's social accounts. If you know the old ones, check out the update. Maybe he made himself more vulnerable against credential stuffing... |
||||||||||||||||||||
Askbot availableWritten on 09.05.19 by Sven Bugiel An Askbot system has been installed and is available at https://cms.cispa.saarland/askbot/hacking19/questions/ If you have questions regarding the exercise, use this system, please. |
||||||||||||||||||||
Topics assignedWritten on 25.04.19 by Ben Stock Due to my moving, the assignment of topics got lost somewhere - sorry about that. Since no team picked Prog. Auth (most likely because I presented it fairly badly), when solving the constraints, all teams had that topic "bid on" by us (to be fair to all teams). Please find the results below.
Due to my moving, the assignment of topics got lost somewhere - sorry about that. Since no team picked Prog. Auth (most likely because I presented it fairly badly), when solving the constraints, all teams had that topic "bid on" by us (to be fair to all teams). Please find the results below.
|
||||||||||||||||||||
Reminder: Kick-OffWritten on 16.04.19 by Ben Stock Kick-off is tomorrow, 12:15 in CISPA's lecture hall (E9.1, 0.05). |
Hacking
The goal of this Proseminar is to give students a deeper understanding of the typical security problems and weaknesses that pervade all kinds of IT systems today. To provide a more solid understanding of the discussed attack techniques, this seminar strongly mixes theoretical and practical aspects. On the one hand, participants are conveyed the typical Proseminar learning contents (e.g., presentation techniques, etc.). On the other hand, the participants are required to also learn and apply established tools for exploiting and attacking IT systems in the context of capture-the-flag styled exercises.
The slot for the proseminar is fixed to Wednesdays (see below) from 12:15 to 13:45
Note that direct registration is not possible, as all (pro)seminar assignments are done centrally via https://seminars.cs.uni-saarland.de/
Kick-Off and Meeting Dates
- 17.4. 12:15 Kick-Off
- 8.5. Authentication
- 22.5. Forensics
- 5.6. Fuzzing & Binary Exploitation
- 19.6. Crypto Attacks & Code-Reuse Attacks
- 3.7. Car Hacking & IoT
- 17.7. Wrap-Up Meeting