News
|
23.08.2019
|
Grillin' funIf you signed up (and paid) for the summer party, please select what you'd like to eat at https://doodle.com/poll/hgkay9mnze8wb6kr (sorry for the late notice, just saw now this was merely sent to all CISPA employees, not those people who signed up). |
||||||||||||||||||||
|
05.08.2019
|
Hacker JeopardyFor all those that have registered via the Doodle, please drop by CISPA's front office (first floor) and pay the fee for the BBQ. It is 10€ per person. Apart from that, the Hacker Jeopardy will start at 1pm, which gives us 2 hours before we go BBQing :-) |
||||||||||||||||||||
|
25.07.2019
|
Grades are onlineI have just put the grades for the talks into the CMS and since Max has already graded the last sheet, we have finalized the grades. I'll try to find a somewhat meaningful way to enter the feedback for the talks in the CMS, but you all already got feedback right... Read more I have just put the grades for the talks into the CMS and since Max has already graded the last sheet, we have finalized the grades. I'll try to find a somewhat meaningful way to enter the feedback for the talks in the CMS, but you all already got feedback right after the talk, so this is not my highest priority.
Also, as a reminder: please doodle for the hacker jeopardy (even if you are not planning to come!) and do so today. |
||||||||||||||||||||
|
22.07.2019
|
Hacker JeopardyAs indicated, we are planning to do a Hacker Jeopardy. I have spoken with our administration and we can co-locate this with the CISPA summer party on August, 30th. The CISPA party starts at 3pm, so we plan to start the jeopardy (in a dark room, don't worry!) at... Read more As indicated, we are planning to do a Hacker Jeopardy. I have spoken with our administration and we can co-locate this with the CISPA summer party on August, 30th. The CISPA party starts at 3pm, so we plan to start the jeopardy (in a dark room, don't worry!) at 1pm. Please fill out the doodle at https://doodle.com/poll/7v3pvw5gf8n4muqk and indicate if you'd like to join. Importantly, please fill out the doodle by Thursday morning, as we need to tell the administration how many people will join from the proseminar. There will be a fee for the BBQ (including food and drinks) of around 10€ per person which you have to pay yourselves. If you are already joining because you are a part of CISPA (e.g., a Hiwi), please indicate that in the doodle behind your name so I don't double-book you. |
||||||||||||||||||||
|
08.07.2019
|
Points thus far...have already been online for a while, but we forgot to make them visible to you :-) Please check your status page. |
||||||||||||||||||||
|
08.07.2019
|
SlidesHi all, if your team's slides are not yet available in the CMS, please send them to me via email so I can make them accessible to everyone. Thanks! |
||||||||||||||||||||
|
20.06.2019
|
Ports off-by-one in exercise sheetThere is a small mistake on the sheet, the ports for the binary exploitation parts are off-by-one. Canary is running on 134.96.225.55 22097, roppy on 134.96.225.55 22098 (the 22096 was already in use for something else). Didn't seem to stop some teams, though :) |
||||||||||||||||||||
|
19.06.2019
|
Snafus on exercise sheetThe message for EFAIL: SUFNVEhFSU5JVFZFQ1RPUh6gXJiwQCF8gZGD9lky0tBP6ktrSeEMUNLPZPplCjaF2f6D4eDaYy2aAcdx1VUTASsZQ/jO2UO0DU8s3tMJND32OzIwNNf0e24JrLtNFqW+MQl2UF1xckIqGJgNhqq17SO3/qaADpUBKKL+UC8JIa3q+fcMxmBkoeeatmUtxkas The message for the... Read more The message for EFAIL: SUFNVEhFSU5JVFZFQ1RPUh6gXJiwQCF8gZGD9lky0tBP6ktrSeEMUNLPZPplCjaF2f6D4eDaYy2aAcdx1VUTASsZQ/jO2UO0DU8s3tMJND32OzIwNNf0e24JrLtNFqW+MQl2UF1xckIqGJgNhqq17SO3/qaADpUBKKL+UC8JIa3q+fcMxmBkoeeatmUtxkas The message for the oracle: SUFNVEhFSU5JVFZFQ1RPUmubFD0OPl+rDhU+T/qxPH1gbc5VfYOe9on/Zmp3827o Sorry for the confusion :) |
||||||||||||||||||||
|
13.05.2019
|
Signing up in the LSFI learned today that only 16/20 students have signed up for the course in the LSF. If you are one of the four who did not yet do so, write an email to Evelyn Kraska (kraska@cs.uni-saarland.de), CCing me, and ask to be added. Please do so by Wednesday, as we will... Read more I learned today that only 16/20 students have signed up for the course in the LSF. If you are one of the four who did not yet do so, write an email to Evelyn Kraska (kraska@cs.uni-saarland.de), CCing me, and ask to be added. Please do so by Wednesday, as we will otherwise be forced to kick you out of the course. |
||||||||||||||||||||
|
12.05.2019
|
Ex1: Task 2If you solved Task 2 (https://androidlecture.de:5000/tortjader responded with code HTTP code 200 to the POST and signaled successful login) but the same password didn't give you flag: there was a typo in the flagserver, it should now give the flag if used with the... Read more If you solved Task 2 (https://androidlecture.de:5000/tortjader responded with code HTTP code 200 to the POST and signaled successful login) but the same password didn't give you flag: there was a typo in the flagserver, it should now give the flag if used with the right password. |
||||||||||||||||||||
|
10.05.2019
|
Just noticed an update to Tor's social accountsWe just noticed an update to some of Tor's social accounts. If you know the old ones, check out the update. Maybe he made himself more vulnerable against credential stuffing... |
||||||||||||||||||||
|
09.05.2019
|
Askbot availableAn Askbot system has been installed and is available at https://cms.cispa.saarland/askbot/hacking19/questions/ If you have questions regarding the exercise, use this system, please. |
||||||||||||||||||||
|
25.04.2019
|
Topics assignedDue to my moving, the assignment of topics got lost somewhere - sorry about that. Since no team picked Prog. Auth (most likely because I presented it fairly badly), when solving the constraints, all teams had that topic "bid on" by us (to be fair to all teams).... Read more Due to my moving, the assignment of topics got lost somewhere - sorry about that. Since no team picked Prog. Auth (most likely because I presented it fairly badly), when solving the constraints, all teams had that topic "bid on" by us (to be fair to all teams). Please find the results below.
|
||||||||||||||||||||
|
16.04.2019
|
Reminder: Kick-OffKick-off is tomorrow, 12:15 in CISPA's lecture hall (E9.1, 0.05). |
Hacking
The goal of this Proseminar is to give students a deeper understanding of the typical security problems and weaknesses that pervade all kinds of IT systems today. To provide a more solid understanding of the discussed attack techniques, this seminar strongly mixes theoretical and practical aspects. On the one hand, participants are conveyed the typical Proseminar learning contents (e.g., presentation techniques, etc.). On the other hand, the participants are required to also learn and apply established tools for exploiting and attacking IT systems in the context of capture-the-flag styled exercises.
The slot for the proseminar is fixed to Wednesdays (see below) from 12:15 to 13:45
Note that direct registration is not possible, as all (pro)seminar assignments are done centrally via https://seminars.cs.uni-saarland.de/
Kick-Off and Meeting Dates
- 17.4. 12:15 Kick-Off
- 8.5. Authentication
- 22.5. Forensics
- 5.6. Fuzzing & Binary Exploitation
- 19.6. Crypto Attacks & Code-Reuse Attacks
- 3.7. Car Hacking & IoT
- 17.7. Wrap-Up Meeting