News

Grillin' fun

Written on 23.08.19 by Ben Stock

If you signed up (and paid) for the summer party, please select what you'd like to eat at https://doodle.com/poll/hgkay9mnze8wb6kr (sorry for the late notice, just saw now this was merely sent to all CISPA employees, not those people who signed up).

Hacker Jeopardy

Written on 05.08.19 by Ben Stock

For all those that have registered via the Doodle, please drop by CISPA's front office (first floor) and pay the fee for the BBQ. It is 10€ per person.

Apart from that, the Hacker Jeopardy will start at 1pm, which gives us 2 hours before we go BBQing :-)

Grades are online

Written on 25.07.19 by Ben Stock

I have just put the grades for the talks into the CMS and since Max has already graded the last sheet, we have finalized the grades. I'll try to find a somewhat meaningful way to enter the feedback for the talks in the CMS, but you all already got feedback right after the talk, so this is not my… Read more

I have just put the grades for the talks into the CMS and since Max has already graded the last sheet, we have finalized the grades. I'll try to find a somewhat meaningful way to enter the feedback for the talks in the CMS, but you all already got feedback right after the talk, so this is not my highest priority.

 

Also, as a reminder: please doodle for the hacker jeopardy (even if you are not planning to come!) and do so today. 

Hacker Jeopardy

Written on 22.07.19 by Ben Stock

As indicated, we are planning to do a Hacker Jeopardy. I have spoken with our administration and we can co-locate this with the CISPA summer party on August, 30th. The CISPA party starts at 3pm, so we plan to start the jeopardy (in a dark room, don't worry!) at 1pm.

Please fill out the doodle… Read more

As indicated, we are planning to do a Hacker Jeopardy. I have spoken with our administration and we can co-locate this with the CISPA summer party on August, 30th. The CISPA party starts at 3pm, so we plan to start the jeopardy (in a dark room, don't worry!) at 1pm.

Please fill out the doodle at https://doodle.com/poll/7v3pvw5gf8n4muqk and indicate if you'd like to join. Importantly, please fill out the doodle by Thursday morning, as we need to tell the administration how many people will join from the proseminar. There will be a fee for the BBQ (including food and drinks) of around 10€ per person which you have to pay yourselves. If you are already joining because you are a part of CISPA (e.g., a Hiwi), please indicate that in the doodle behind your name so I don't double-book you.

Points thus far...

Written on 08.07.19 by Ben Stock

have already been online for a while, but we forgot to make them visible to you :-) Please check your status page.

Slides

Written on 08.07.19 by Ben Stock

Hi all,

if your team's slides are not yet available in the CMS, please send them to me via email so I can make them accessible to everyone.

Thanks!

Ports off-by-one in exercise sheet

Written on 20.06.19 by Ben Stock

There is a small mistake on the sheet, the ports for the binary exploitation parts are off-by-one.

Canary is running on 134.96.225.55 22097, roppy on 134.96.225.55 22098 (the 22096 was already in use for something else). Didn't seem to stop some teams, though :)

Snafus on exercise sheet

Written on 19.06.19 (last change on 19.06.19) by Ben Stock

The message for EFAIL:

SUFNVEhFSU5JVFZFQ1RPUh6gXJiwQCF8gZGD9lky0tBP6ktrSeEMUNLPZPplCjaF2f6D4eDaYy2aAcdx1VUTASsZQ/jO2UO0DU8s3tMJND32OzIwNNf0e24JrLtNFqW+MQl2UF1xckIqGJgNhqq17SO3/qaADpUBKKL+UC8JIa3q+fcMxmBkoeeatmUtxkas

The message for the… Read more

The message for EFAIL:

SUFNVEhFSU5JVFZFQ1RPUh6gXJiwQCF8gZGD9lky0tBP6ktrSeEMUNLPZPplCjaF2f6D4eDaYy2aAcdx1VUTASsZQ/jO2UO0DU8s3tMJND32OzIwNNf0e24JrLtNFqW+MQl2UF1xckIqGJgNhqq17SO3/qaADpUBKKL+UC8JIa3q+fcMxmBkoeeatmUtxkas

The message for the oracle:

SUFNVEhFSU5JVFZFQ1RPUmubFD0OPl+rDhU+T/qxPH1gbc5VfYOe9on/Zmp3827o

Sorry for the confusion :)

Signing up in the LSF

Written on 13.05.19 by Ben Stock

I learned today that only 16/20 students have signed up for the course in the LSF. 

If you are one of the four who did not yet do so, write an email to Evelyn Kraska (kraska@cs.uni-saarland.de), CCing me, and ask to be added. Please do so by Wednesday, as we will otherwise be forced to kick you out… Read more

I learned today that only 16/20 students have signed up for the course in the LSF. 

If you are one of the four who did not yet do so, write an email to Evelyn Kraska (kraska@cs.uni-saarland.de), CCing me, and ask to be added. Please do so by Wednesday, as we will otherwise be forced to kick you out of the course.

Ex1: Task 2

Written on 12.05.19 by Sven Bugiel

If you solved Task 2 (https://androidlecture.de:5000/tortjader responded with code HTTP code 200 to the POST and signaled successful login) but the same password didn't give you flag: there was a typo in the flagserver, it should now give the flag if used with the right password.

Just noticed an update to Tor's social accounts

Written on 10.05.19 by Sven Bugiel

We just noticed an update to some of Tor's social accounts. If you know the old ones, check out the update. Maybe he made himself more vulnerable against credential stuffing...

Askbot available

Written on 09.05.19 by Sven Bugiel

An Askbot system has been installed and is available at https://cms.cispa.saarland/askbot/hacking19/questions/

If you have questions regarding the exercise, use this system, please.

Topics assigned

Written on 25.04.19 by Ben Stock

Due to my moving, the assignment of topics got lost somewhere - sorry about that. Since no team picked Prog. Auth (most likely because I presented it fairly badly), when solving the constraints, all teams had that topic "bid on" by us (to be fair to all teams). Please find the results below.

 

Read more

Due to my moving, the assignment of topics got lost somewhere - sorry about that. Since no team picked Prog. Auth (most likely because I presented it fairly badly), when solving the constraints, all teams had that topic "bid on" by us (to be fair to all teams). Please find the results below.

 

5 > 5 == true Fuzzing
(ノ◕ヮ◕)ノ*:・゚✧     ┏(^0^)┛🁏┗(^0^) ┓     ╰(◡‿◡✿╰) IoT Security
Mein persönlicher Favorit Memory Forensics
Underscore Human Auth
IoTeam Car Hacking
úÉÜÛï¯ÓÜ͵¦Õ̲Üõ³ÝÊñ¹ÍºÓ¢Á¥ÂþÖöûÆþÕáá£À¨ÇµÏ¹âĪ¶óÛåÓûº¥Ãʲò±ñ¿Ûô Cold Boot
Käsekuchen Crypto Attacks
KeepYourFlagsSafe Prog. Auth
Underhanded Overflow Binary Attacks
404 Not Found Code Reuse

 

Reminder: Kick-Off

Written on 16.04.19 by Ben Stock

Kick-off is tomorrow, 12:15 in CISPA's lecture hall (E9.1, 0.05).

Show all

Hacking

The goal of this Proseminar is to give students a deeper understanding of the typical security problems and weaknesses that pervade all kinds of IT systems today. To provide a more solid understanding of the discussed attack techniques, this seminar strongly mixes theoretical and practical aspects. On the one hand, participants are conveyed the typical Proseminar learning contents (e.g., presentation techniques, etc.). On the other hand, the participants are required to also learn and apply established tools for exploiting and attacking IT systems in the context of capture-the-flag styled exercises.

The slot for the proseminar is fixed to Wednesdays (see below) from 12:15 to 13:45

 

Note that direct registration is not possible, as all (pro)seminar assignments are done centrally via https://seminars.cs.uni-saarland.de/

Kick-Off and Meeting Dates

  • 17.4. 12:15 Kick-Off
  • 8.5. Authentication
  • 22.5. Forensics
  • 5.6. Fuzzing & Binary Exploitation
  • 19.6.  Crypto Attacks & Code-Reuse Attacks
  • 3.7. Car Hacking & IoT
  • 17.7. Wrap-Up Meeting
Privacy Policy | Legal Notice
If you encounter technical problems, please contact the administrators.