Hacking Bugiel, Nürnberger, Sorge, Stock, Tippenhauer

News

05.08.2019

Hacker Jeopardy

For all those that have registered via the Doodle, please drop by CISPA's front office (first floor) and pay the fee for the BBQ. It is 10€ per person.

Apart from that, the Hacker Jeopardy will start at 1pm, which gives us 2 hours before we go BBQing :-)

25.07.2019

Grades are online

I have just put the grades for the talks into the CMS and since Max has already graded the last sheet, we have finalized the grades. I'll try to find a somewhat meaningful way to enter the feedback for the talks in the CMS, but you all already got feedback right... Read more

I have just put the grades for the talks into the CMS and since Max has already graded the last sheet, we have finalized the grades. I'll try to find a somewhat meaningful way to enter the feedback for the talks in the CMS, but you all already got feedback right after the talk, so this is not my highest priority.

 

Also, as a reminder: please doodle for the hacker jeopardy (even if you are not planning to come!) and do so today. 

22.07.2019

Hacker Jeopardy

As indicated, we are planning to do a Hacker Jeopardy. I have spoken with our administration and we can co-locate this with the CISPA summer party on August, 30th. The CISPA party starts at 3pm, so we plan to start the jeopardy (in a dark room, don't worry!) at... Read more

As indicated, we are planning to do a Hacker Jeopardy. I have spoken with our administration and we can co-locate this with the CISPA summer party on August, 30th. The CISPA party starts at 3pm, so we plan to start the jeopardy (in a dark room, don't worry!) at 1pm.

Please fill out the doodle at https://doodle.com/poll/7v3pvw5gf8n4muqk and indicate if you'd like to join. Importantly, please fill out the doodle by Thursday morning, as we need to tell the administration how many people will join from the proseminar. There will be a fee for the BBQ (including food and drinks) of around 10€ per person which you have to pay yourselves. If you are already joining because you are a part of CISPA (e.g., a Hiwi), please indicate that in the doodle behind your name so I don't double-book you.

08.07.2019

Points thus far...

have already been online for a while, but we forgot to make them visible to you :-) Please check your status page.

08.07.2019

Slides

Hi all,

if your team's slides are not yet available in the CMS, please send them to me via email so I can make them accessible to everyone.

Thanks!

20.06.2019

Ports off-by-one in exercise sheet

There is a small mistake on the sheet, the ports for the binary exploitation parts are off-by-one.

Canary is running on 134.96.225.55 22097, roppy on 134.96.225.55 22098 (the 22096 was already in use for something else). Didn't seem to stop some teams, though :)

19.06.2019

Snafus on exercise sheet

The message for EFAIL:

SUFNVEhFSU5JVFZFQ1RPUh6gXJiwQCF8gZGD9lky0tBP6ktrSeEMUNLPZPplCjaF2f6D4eDaYy2aAcdx1VUTASsZQ/jO2UO0DU8s3tMJND32OzIwNNf0e24JrLtNFqW+MQl2UF1xckIqGJgNhqq17SO3/qaADpUBKKL+UC8JIa3q+fcMxmBkoeeatmUtxkas

The message for the... Read more

The message for EFAIL:

SUFNVEhFSU5JVFZFQ1RPUh6gXJiwQCF8gZGD9lky0tBP6ktrSeEMUNLPZPplCjaF2f6D4eDaYy2aAcdx1VUTASsZQ/jO2UO0DU8s3tMJND32OzIwNNf0e24JrLtNFqW+MQl2UF1xckIqGJgNhqq17SO3/qaADpUBKKL+UC8JIa3q+fcMxmBkoeeatmUtxkas

The message for the oracle:

SUFNVEhFSU5JVFZFQ1RPUmubFD0OPl+rDhU+T/qxPH1gbc5VfYOe9on/Zmp3827o

Sorry for the confusion :)

13.05.2019

Signing up in the LSF

I learned today that only 16/20 students have signed up for the course in the LSF. 

If you are one of the four who did not yet do so, write an email to Evelyn Kraska (kraska@cs.uni-saarland.de), CCing me, and ask to be added. Please do so by Wednesday, as we will... Read more

I learned today that only 16/20 students have signed up for the course in the LSF. 

If you are one of the four who did not yet do so, write an email to Evelyn Kraska (kraska@cs.uni-saarland.de), CCing me, and ask to be added. Please do so by Wednesday, as we will otherwise be forced to kick you out of the course.

12.05.2019

Ex1: Task 2

If you solved Task 2 (https://androidlecture.de:5000/tortjader responded with code HTTP code 200 to the POST and signaled successful login) but the same password didn't give you flag: there was a typo in the flagserver, it should now give the flag if used with the... Read more

If you solved Task 2 (https://androidlecture.de:5000/tortjader responded with code HTTP code 200 to the POST and signaled successful login) but the same password didn't give you flag: there was a typo in the flagserver, it should now give the flag if used with the right password.

10.05.2019

Just noticed an update to Tor's social accounts

We just noticed an update to some of Tor's social accounts. If you know the old ones, check out the update. Maybe he made himself more vulnerable against credential stuffing...

09.05.2019

Askbot available

An Askbot system has been installed and is available at https://cms.cispa.saarland/askbot/hacking19/questions/

If you have questions regarding the exercise, use this system, please.

25.04.2019

Topics assigned

Due to my moving, the assignment of topics got lost somewhere - sorry about that. Since no team picked Prog. Auth (most likely because I presented it fairly badly), when solving the constraints, all teams had that topic "bid on" by us (to be fair to all teams).... Read more

Due to my moving, the assignment of topics got lost somewhere - sorry about that. Since no team picked Prog. Auth (most likely because I presented it fairly badly), when solving the constraints, all teams had that topic "bid on" by us (to be fair to all teams). Please find the results below.

 

5 > 5 == true Fuzzing
(ノ◕ヮ◕)ノ*:・゚✧     ┏(^0^)┛🁏┗(^0^) ┓     ╰(◡‿◡✿╰) IoT Security
Mein persönlicher Favorit Memory Forensics
Underscore Human Auth
IoTeam Car Hacking
úÉÜÛï¯ÓÜ͵¦Õ̲Üõ³ÝÊñ¹ÍºÓ¢Á¥ÂþÖöûÆþÕáá£À¨ÇµÏ¹âĪ¶óÛåÓûº¥Ãʲò±ñ¿Ûô Cold Boot
Käsekuchen Crypto Attacks
KeepYourFlagsSafe Prog. Auth
Underhanded Overflow Binary Attacks
404 Not Found Code Reuse

 

16.04.2019

Reminder: Kick-Off

Kick-off is tomorrow, 12:15 in CISPA's lecture hall (E9.1, 0.05).

Show all
 

Hacking

The goal of this Proseminar is to give students a deeper understanding of the typical security problems and weaknesses that pervade all kinds of IT systems today. To provide a more solid understanding of the discussed attack techniques, this seminar strongly mixes theoretical and practical aspects. On the one hand, participants are conveyed the typical Proseminar learning contents (e.g., presentation techniques, etc.). On the other hand, the participants are required to also learn and apply established tools for exploiting and attacking IT systems in the context of capture-the-flag styled exercises.

The slot for the proseminar is fixed to Wednesdays (see below) from 12:15 to 13:45

 

Note that direct registration is not possible, as all (pro)seminar assignments are done centrally via https://seminars.cs.uni-saarland.de/

Kick-Off and Meeting Dates

  • 17.4. 12:15 Kick-Off
  • 8.5. Authentication
  • 22.5. Forensics
  • 5.6. Fuzzing & Binary Exploitation
  • 19.6.  Crypto Attacks & Code-Reuse Attacks
  • 3.7. Car Hacking & IoT
  • 17.7. Wrap-Up Meeting


Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators