News
Enjoyed the projects? Want more?Written on 03.04.18 by Markus Bauer Dear Students, the saarsec CTF Team would like to invite you to participate in our upcoming CTF workshop.
CTF, what? CTF stands for "Capture the flag" competitions or "Hacking for fun". CTFs are international online competitions in which you can hack other students. Each team receives… Read more Dear Students, the saarsec CTF Team would like to invite you to participate in our upcoming CTF workshop.
CTF, what? CTF stands for "Capture the flag" competitions or "Hacking for fun". CTFs are international online competitions in which you can hack other students. Each team receives a virtual machine with services which are written in "random" languages like php, perl or whitespace and disguise themselves as forums or ticket booking systems. Your goal is to find the vulnerability, patch it and exploit other teams with it.
Why should you play? Ever wanted to hack a social network running on your enemy's machine while defending your team's image hosting service? It is really fun. You can practically apply knowledge from lectures and you will always learn something new. We offer a workshop from 27. to 29. April. It covers the basics of playing a CTF and common vulnerability types. The highlight is the CTF between all workshop participants on Sunday. No prior knowledge is required. All you need is some time and the will to learn something new and cool.
Interested? More information on the workshop, a participant's report on the last workshop, and the registration are online at https://workshop.saarsec.rocks (The number of participants is limited and it's first come first serve) We hope to see you there |
Final reexam results in CMSWritten on 29.03.18 by Christian Rossow We have just finalized the re-exam results and grades in CMS to reflect changes in the reexam inspection. Note that some tasks were slightly regraded (to your benefit, if at all) for everyone, i.e., also for students that were not present in the inspection, so you overall grade may have improved. We… Read more We have just finalized the re-exam results and grades in CMS to reflect changes in the reexam inspection. Note that some tasks were slightly regraded (to your benefit, if at all) for everyone, i.e., also for students that were not present in the inspection, so you overall grade may have improved. We will import your grades to LSF next week. |
Re-exam results and inspection dateWritten on 19.03.18 by Christian Rossow Thanks to the hard work of the tutors over the weekend, we have just published the reexam results in CMS. Congratulations to those of you that have passed the reexam or have improved their grade. Exam inspection will be on Mon, March 26th, 14:00-16:00 in room 0.07 at CISPA. The examination office… Read more Thanks to the hard work of the tutors over the weekend, we have just published the reexam results in CMS. Congratulations to those of you that have passed the reexam or have improved their grade. Exam inspection will be on Mon, March 26th, 14:00-16:00 in room 0.07 at CISPA. The examination office has just asked me to clarify something, as they received several questions from students on this topic: All core lectures (including Security) do not offer a "Freiversuch", i.e., all students have exactly three attempts to pass the exam. In particular, this also holds for CySec Bachelor students (even though the lecture is mandatory in this curriculum, it is still not a "Grundvorlesung"). In case of doubt, please consult Ms Wintringer. |
Re-Exam tomorrowWritten on 15.03.18 by Markus Bauer We write the re-exam tomorrow (16.3.) in E2.2 (Günther Hotz Hörsaal). You can find your seat on your personal status page, and a room plan in the material section. Please take a look to see where your seat is. In case you're not on the list, please write us immediately. Re-Exam starts at 10:00, so… Read more We write the re-exam tomorrow (16.3.) in E2.2 (Günther Hotz Hörsaal). You can find your seat on your personal status page, and a room plan in the material section. Please take a look to see where your seat is. In case you're not on the list, please write us immediately. Re-Exam starts at 10:00, so be present at 09:45 latest. Don't forget your student ID and a pen. You are allowed to bring one additional cheat sheet, and get all of your previous sheets together with your exam. In case of questions, write to Markus Bauer. |
Re-exam Registration Opened: Register by Mon, 12thWritten on 07.03.18 by Christian Rossow We have finished the exam inspection and just imported your grades to LSF. You can now register for the re-exam. Registration to the exam is possible until Mon, March 12, 23:59 CET, i.e., we slightly extended the deadline to accomdate for the late grade import. We were frequently asked about cheat… Read more We have finished the exam inspection and just imported your grades to LSF. You can now register for the re-exam. Registration to the exam is possible until Mon, March 12, 23:59 CET, i.e., we slightly extended the deadline to accomdate for the late grade import. We were frequently asked about cheat sheets for the re-exam, and found a good compromise. You can bring one additional cheat sheet to the re-exam, and in addition, use all cheat sheets that you had access to in the first exam (including the extra sheet that you brought in the primary exam). Just to clarify: To ease the process, students that did not write the first exam can also just bring a single sheet. |
Exam #01 and overall Security results publishedWritten on 01.03.18 by Christian Rossow We have just published the exam results in CMS, and you can also see your total grade combined with the bonus points. To cope with the two missing points in exam exercise #1, we added two points for everyone. After this, overall 68/103 (66%) students succeeded in the exam, congratulations! Remember… Read more We have just published the exam results in CMS, and you can also see your total grade combined with the bonus points. To cope with the two missing points in exam exercise #1, we added two points for everyone. After this, overall 68/103 (66%) students succeeded in the exam, congratulations! Remember that you have to pass the exam to pass the course, even if you have bonus points in the projects. Exam inspection will take place on Tue, March 6, from 2pm-5pm at CISPA in room 0.07 (ground floor). |
Exam tomorrow: Hints #2Written on 13.02.18 by Markus Bauer We write the exam tomorrow in E2.2 (Günther Hotz Hörsaal) and E1.3 HS002. In the material section you find plans for both rooms. Please take a look to see in which room you have to go, and where your seat is. In case you're not on the list, please write us immediately. Exam starts at 10:00, so be… Read more We write the exam tomorrow in E2.2 (Günther Hotz Hörsaal) and E1.3 HS002. In the material section you find plans for both rooms. Please take a look to see in which room you have to go, and where your seat is. In case you're not on the list, please write us immediately. Exam starts at 10:00, so be present at 09:45 latest. Don't forget your student ID and a pen. In case of questions, write to Markus Bauer. |
Exam tomorrow: Hints #1Written on 13.02.18 by Christian Rossow While you're likely busy with preparing for it, we wish you best luck for the exam tomorrow. Remember to bring your student ID, pen, and one final cheat sheet, and be there on time. We will spread further information about where to go and when to be there ASAP. As we received several questions… Read more While you're likely busy with preparing for it, we wish you best luck for the exam tomorrow. Remember to bring your student ID, pen, and one final cheat sheet, and be there on time. We will spread further information about where to go and when to be there ASAP. As we received several questions about the exam content, once again: prepare for all topics covered in the lecture, including those taught by guest lecturers and those at the end that were not covered by execise sheets and/or projects. And yes, you will have to understand assembly to solve some of the tasks. We will try our best to answer remaining questions in Askbot, but please understand that we will likely not be able to reply to last-minute questions. |
Reminder - Exam registrationWritten on 06.02.18 by Markus Bauer If you want to participate in the final exam, you should register in the LSF/Hispos system today. If you are not registered there, you are not allowed to take the exam (exception: Erasmus students). The re-exam will have a seperate registration, if you want to take only that one. |
Course Evaluation Results on CMSWritten on 02.02.18 by Christian Rossow Per request of the examination office, find in CMS the evaluation summary for Security '17/'18. Thanks to those of you who provided feedback that we can take into account for the next edition of this lecture. |
Mock exam and final tutorialWritten on 02.02.18 (last change on 02.02.18) by Christian Rossow We have just published a mock exam for Security, that you can find in the CMS materials. This exam will be discussed in two final tutorials next week, Wed 8am and Thu 2pm in HS002 in E1 3. Note that...:
We have just published a mock exam for Security, that you can find in the CMS materials. This exam will be discussed in two final tutorials next week, Wed 8am and Thu 2pm in HS002 in E1 3. Note that...:
|
Project presentation tomorrowWritten on 31.01.18 by Christian Rossow This is a gentle reminder that in the final lecture, tomorrow at 08:30am, we will present solutions to the Security projects (including bonus tasks) and give a few hints about the exam format and topics. Hope to see you then. |
Ex11 publishedWritten on 26.01.18 by Christian Rossow The final exercise sheet for this year on Hardware-Assisted Security has just been released and will be discussed next week. |
Project 3, Minitests and Exam Admission (ACTION REQUIRED)Written on 24.01.18 (last change on 24.01.18) by Markus Bauer We finished grading the third project, you can see your final project results in CMS. If you have questions about your report grading, please contact Giorgi. We also finished grading the last minitest.
If you passed at least 3 minitests and got at least 50% of the project points, you are… Read more We finished grading the third project, you can see your final project results in CMS. If you have questions about your report grading, please contact Giorgi. We also finished grading the last minitest.
If you passed at least 3 minitests and got at least 50% of the project points, you are admitted to take the exam / re-exam. If you want to take the exam, you have to be registered in LSF/HISPOS. That means:
You can check your LSF registration status on your personal status page (updated hourly). |
Ex10 publishedWritten on 19.01.18 by Christian Rossow We have just published exercise sheet 10, which covers the Malware and System Security chapters. It will be discussed in the tutorials next week. |
Minitest #05 on Tue, 23rd & slides on ASLR/CFI/JITROP publishedWritten on 15.01.18 by Christian Rossow Upon popular request, and to complent the existing visual slides by Stefan's lectures, we have added a few slides that describe ASLR, JIT-ROP and CFI in textual form to Chapter 08. Please use these slides as further reference to guide you through Stefan's slides, especially if you missed the lecture.… Read more Upon popular request, and to complent the existing visual slides by Stefan's lectures, we have added a few slides that describe ASLR, JIT-ROP and CFI in textual form to Chapter 08. Please use these slides as further reference to guide you through Stefan's slides, especially if you missed the lecture. It should come as no surprise that this material, including Stefan's guest lectures, are relevant for the exam. Should there be uncertainties, please use the tutorials to shoot your questions, and practice your understanding in the exercise sheets. The final and 5th minitest will take place next week Tuesday (Jan 23rd) and will cover these topics and software security solutions in general. This time, you will need to write (very basic) assembly code yourself, so please familiarize yourself with the basic instructions. Exercise sheet 09 serves as perfect practicing session for the final minitest. The test will cover all material of the Software Security slides, especially from slide 137 onward, and will not cover Malware or other future topics. A gentle reminder: Note that you have to pass at least 3 minitests to be able to participate in the exam. |
Ex09 publishedWritten on 11.01.18 by Christian Rossow We have released exercise sheet 09 on CFI and integer overflows, which will be discussed next week. Good luck. |
Lecture tomorrow (Jan 11th) in HS002 in E1 3Written on 10.01.18 by Christian Rossow We were just informed that the projector technique in our usual lecture room is out of order. We'll have to switch to HS002 in E1 3 (CS building) for tomorrow. We'll be back to normal in our old lecture hall next week, unless you hear otherwise from us. Sorry for the short notice, but the technical… Read more We were just informed that the projector technique in our usual lecture room is out of order. We'll have to switch to HS002 in E1 3 (CS building) for tomorrow. We'll be back to normal in our old lecture hall next week, unless you hear otherwise from us. Sorry for the short notice, but the technical people tried to fix the projector until just now but had to give up. We'll hang out posts for those that will not read this news. Please spread the word to fellow students. |
Ex08 publishedWritten on 05.01.18 by Christian Rossow We have just released Exercise Sheet 08, which covers ROP and ASLR and will be discussed next week. |
Minitest #04 on Tue, Jan 9thWritten on 04.01.18 by Christian Rossow The next minitest will be on Tue, Jan 9th, at 10:15am. Topics covered will be software exploitation (basically slides 117-166 in the Software Security chapter). While we will not cover assembly in great detail, it will help to (i) understand basic shellcode examples, and (ii) to know the stack… Read more The next minitest will be on Tue, Jan 9th, at 10:15am. Topics covered will be software exploitation (basically slides 117-166 in the Software Security chapter). While we will not cover assembly in great detail, it will help to (i) understand basic shellcode examples, and (ii) to know the stack layout. And two related promises: We'll update the slides of today's lecture ASAP, and publish the minitest #03 results latest tomorrow. |
Lectures resume tomorrow (Thu, Jan 4th)Written on 03.01.18 by Christian Rossow This is a gentle reminder that lectures will start tomorrow, as usual at 08:30am. Stefan Nürnberger will present novel security defenses such as Control Flow Integrity and XnR; don't miss it. |
Grading available for Project 2Written on 03.01.18 by Markus Bauer Hi all, and a happy new year! We finished correcting your reports for the second project, you should be able to see the results in CMS. There were both cases where we had to deduct points from the report, as well as cases where we gave points for partial solutions. A solution for "Database… Read more Hi all, and a happy new year! We finished correcting your reports for the second project, you should be able to see the results in CMS. There were both cases where we had to deduct points from the report, as well as cases where we gave points for partial solutions. A solution for "Database Secrets" that didn't report the 4 visible tables and their columns got half the points. If you have questions about your report grading, please contact Markus. |
Ex07 solutions in CMSWritten on 22.12.17 by Christian Rossow As a one-time exception, we have just uploaded the solutions to exercise sheet 07 (Exploitation) to CMS. You can use this sheet to prepare for the third project, which started yesterday, or to get some inspirations on how to approach exploitation in general. In case of questions, feel free to ask them in Askbot. |
Grading available for Project 1. Also notes about Project 3Written on 21.12.17 by Johannes Krupp Hi all, Project 1we have finished correcting your reports for the first project and made the results available in CMS. Under "Test and Exams", you should be able to see the final points for the first project, as well as a breakdown for each challenge. Additionally, we also provide the points… Read more Hi all, Project 1we have finished correcting your reports for the first project and made the results available in CMS. Under "Test and Exams", you should be able to see the final points for the first project, as well as a breakdown for each challenge. Additionally, we also provide the points you gained from the scoreboard under "(Scoreboard)", as well as the report rating under "(Report)". There were both cases where we had to deduct points from the report, as well as cases where we gave points for partial solutions. If your total points are less than your scoreboard points it is most likely due to one of two common mistakes:
If you have questions about your report grading, please contact Johannes. Project 3Project 3 will be relased today at 18:00. This means that you may build new teams until next Sunday (24.12.), should you wish to do so. With this, all the best and have a merry christmas |
A few words about project reportsWritten on 19.12.17 by Johannes Krupp Hi all, as grading of the first project is nearing completion, we’d like to clarify a few things and give you some hints for future reports. Why and HowAs you might have already guessed, the purpose of the report is for us to see that you have understood a vulnerability/an exploit and came… Read more Hi all, as grading of the first project is nearing completion, we’d like to clarify a few things and give you some hints for future reports. Why and HowAs you might have already guessed, the purpose of the report is for us to see that you have understood a vulnerability/an exploit and came up with a solution on your own. This usually boils down to answering two questions:
As an example, here are two solutions for task 1 we received:
This solution raises more questions than it answers, e.g., what is meant be “decode”? How does the script decode things? Why is it possible to write a script that simply decodes the ciphertext? A better solution is the following:
From this solution it becomes clear that the weakness of Caesar’s cipher is the fact, that there are only 255 possible ciphertexts for a given message, which makes it feasible to just try out all possibilities (this answers a)). It also shows enough code to explain how possibilities are computed and how the correct plaintext can be identified (this answers b)). Source CodeAs stated in the project presentation slides, your report should contain a technical description of your solution. However, many submissions we received were written like this:
While it explains where the code that does “the brute-forcing” can be found and that it emits lots of 2B strings, it would have been much more insightful to state what “the brute-forcing” actually was, and what these 2B strings represent. A better solution would have been
Of course, it is sometimes easier to explain something in code rather than describing it, so please don’t be afraid to include code snippets in your report. Ideally, the additional sourcecode you provide only serves as an additional resource for details, but your report should be fully understandable without looking at extra files. Using Third-Party ToolsAs already discussed on askbot (https://cms.cispa.saarland/askbot/sec18/question/74/you-can-includeuse-any-non-commercial-library/), you may use any third-party tools or libraries in your solutions, given that you understand how the tool works, and, more importantly, can explain to us, why it works. As an example, many of you found the RsaCtfTool (https://github.com/Ganapati/RsaCtfTool) helpful for task 2. Consider the following two submissions:
While this submission clearly states that a third-party tool was used, it also becomes evident, that the submitters did not understand the attack or how the tool worked: The weak part of the key is not e. In fact, this value for e is commonly used in many RSA-keys. Further, while the wiener-attack is an attack against RSA, it is not applicable here. The weakness is rather in the fact that n is easily factorizable, by one prime being very small (53) and the other being a well-known mersenne prime (M4423), which allows to easily recompute phi(n) and obtain d. The only reason their “solution” worked was because the RsaCtfTool also implements a bunch of other attacks, one of them trying to factorize n. In contrast, this submission which uses RsaCtfTool is perfectly fine:
This answer makes it clear that the weakness is due to factorizing n and also details how the private key d can be computed from the results. TL;DR
All the best Johannes P.S.: Posting this now might be related to the next project deadline on Thursday morning ;) |
Please prepare for this week's tutorialsWritten on 19.12.17 by Christian Rossow A gentle reminder: Tutorials this week will cover a basic buffer overflow exploitation challenge, which is a fundamental preparation for the third project. In other words, if you cannot solve this exercise sheet, you will inevitably face severe difficulties in solving the third project. We thus highly… Read more A gentle reminder: Tutorials this week will cover a basic buffer overflow exploitation challenge, which is a fundamental preparation for the third project. In other words, if you cannot solve this exercise sheet, you will inevitably face severe difficulties in solving the third project. We thus highly advise you to attend the tutorials this week. Having said this, if you want learn something from this week's tutorials, you will have to prepare for it. At the very least, try to solve the first three questions on the sheet and configure/test your working exploitation environment (either download the VM mentioned in the sheet, or set up your own Linux with gcc/nasm/gdb) prior the tutorial. As already predicted last week, and confirmed by experience from today's tutorial, you will otherwise have no time left to work on the actual exploit, raising frustration for both you and us. Find the VM configuration in CMS, and we also uploaded the vulnerable code/program there. Again, please be prepared, otherwise attendance is not of much value. If despite all preparation you cannot finish the exercise during the tutorial, we will be happy to help you in any questions that remain. Please just post uncertainties or questions to Askbot and we will take care of them. |
Two notes on today's lectureWritten on 14.12.17 by Christian Rossow Two notes about today's lecture:
Two notes about today's lecture:
|
Ex07 (Software Exploitation Hands-On) publishedWritten on 12.12.17 by Christian Rossow The final exercise sheet for this year will be discussed next week and is an applied hands-on task for software exploitation. We urge you to attend the tutorials as preparation for project #03 (which starts right after) if you don't have any exploitation experience yet. We highly advise to bring your… Read more The final exercise sheet for this year will be discussed next week and is an applied hands-on task for software exploitation. We urge you to attend the tutorials as preparation for project #03 (which starts right after) if you don't have any exploitation experience yet. We highly advise to bring your laptops to this tutorial. We have prepared a VM that you can use to solve the challenges with a handful of preinstalled tools. Given that the tutorial timeslot is very tight for this task, if you want to finish this sheet, you will have to start working on this sheet prior to the tutorial. |
Minitest #02 results online, Minitest #03 on Dec 19thWritten on 12.12.17 by Christian Rossow We have just published the score of the 2nd minitest, congratulations to the 88% that passed it. And a gentle reminder: The third minitest will take place on Tue, Dec 19th at 10:15am. Topics covered will be Network Security (Chapter 07) and OS Basics (Chapter 08 until page/slide 30). |
Project #2 starts today 6pmWritten on 30.11.17 by Christian Rossow We'll launch the second Security project on Web Security today (Thu) at 6:00pm CET. Following the democratic vote in today's lecture, we'll again follow the same rules as the previous project and will give bonus points to teams solving challenges first (we were asked to change this by some of you, but… Read more We'll launch the second Security project on Web Security today (Thu) at 6:00pm CET. Following the democratic vote in today's lecture, we'll again follow the same rules as the previous project and will give bonus points to teams solving challenges first (we were asked to change this by some of you, but the majority prefers the bonus the way they are). Good luck and enjoy the 2nd project! About teams: Your old teams stay in place if no further action is taken. However, we allow that you change/build new teams in CMS until Sun Dec 3rd at 23:59. |
Project #1: Reports due Thu 08:29amWritten on 28.11.17 by Christian Rossow This is a gentle reminder that your report for project #1 is due on Thursday 08:29am (just before the lecture). Remember that you will only get points for challenges that you also described in your project report, so the report is a mandatory submission. Each team should upload one report (no need to… Read more This is a gentle reminder that your report for project #1 is due on Thursday 08:29am (just before the lecture). Remember that you will only get points for challenges that you also described in your project report, so the report is a mandatory submission. Each team should upload one report (no need to submit two per team) via CMS, submissions via email will not be accepted. |
Ex05 on Network Security publishedWritten on 28.11.17 by Christian Rossow We have just published the 5th exercise sheet on Network Security that will be discussed next week. This week, we'll discuss sheet #04. Use this chance as a final preparation for the 2nd project that will start on Thursday evening and will deal with Web Security. |
Before the minitest is after the minitestWritten on 23.11.17 by Christian Rossow The next minitest will be on Tue, Dec 5th, at 10:15 and will cover Authentication (Chapter 04), Anonymity (Chapter 05) and Web Security (Chapter 06). Same concept as for the last minitest. You can bring a cheatsheet that will be collected before the test, and the test will be 15 min. We also… Read more The next minitest will be on Tue, Dec 5th, at 10:15 and will cover Authentication (Chapter 04), Anonymity (Chapter 05) and Web Security (Chapter 06). Same concept as for the last minitest. You can bring a cheatsheet that will be collected before the test, and the test will be 15 min. We also finished planning of the minitests. In total, there will be 5 tests, which means you have to pass at least 3 tests to participate in the exam. The dates of the tests are as follows:
|
Ex04 PublishedWritten on 22.11.17 by Christian Rossow We have just published the 4th exercise sheet on Web Security. This sheet will be discussed next week, right in time for the Web Security project that will also start on Thu next week. As usual, active participation in the tutorials is appreciated. Enjoy. |
Reminder: Minitest Tue, Nov 21st at 10:15 (tomorrow)Written on 20.11.17 by Christian Rossow This is a gentle reminder for the minitest tomorrow at 10:15 that will take place in the regular Security lecture hall (GHH). Be there on time, we cannot guarantee that late showups can still participate in the test. Also, remember to bring your first cheat sheet (optional). We will collect the cheat… Read more This is a gentle reminder for the minitest tomorrow at 10:15 that will take place in the regular Security lecture hall (GHH). Be there on time, we cannot guarantee that late showups can still participate in the test. Also, remember to bring your first cheat sheet (optional). We will collect the cheat sheets before the minitest and will not grant submissions later. |
Web security book chapters in CMSWritten on 16.11.17 by Christian Rossow We have uploaded three chapters of Stuttard / Pinto: The Web Applications Hacker’s Handbook (2nd edtn.) that capture the main three topics that we discuss during classes: XSS, CSRF and SQLi. This isn't mandatory reading, but highly recommended to those of you that aren't familiar with Web (security)… Read more We have uploaded three chapters of Stuttard / Pinto: The Web Applications Hacker’s Handbook (2nd edtn.) that capture the main three topics that we discuss during classes: XSS, CSRF and SQLi. This isn't mandatory reading, but highly recommended to those of you that aren't familiar with Web (security) yet. |
Bonus Task "Hidden Messages" removedWritten on 15.11.17 by Johannes Krupp Hi everyone, after some discussion we came to the conclusion that "Hidden Messages" from project01 was pretty much unsolvable and would require too much guessing. To stop you from wasting further time on something so futile we consequently removed bonus task "Hidden Messages" from project01. We… Read more Hi everyone, after some discussion we came to the conclusion that "Hidden Messages" from project01 was pretty much unsolvable and would require too much guessing. To stop you from wasting further time on something so futile we consequently removed bonus task "Hidden Messages" from project01. We hope you still enjoy the other tasks! Best Johannes
P.S.: Should you still wish to solve this task, here are two hints for you:
You may submit flags for this task to johannes.krupp@cispa.saarland (you won't get any points for it though). |
Exercise Sheet 03 (Authentication / Anonymity) PublishedWritten on 14.11.17 by Christian Rossow We have just published the 3rd exercise sheet, which will be discussed in the tutorials next week. |
Further Planning for TutorialsWritten on 13.11.17 by Christian Rossow The first week has shown that the vast majority of students has not prepared for the tutorials (in many cases not even having looked at or having printed the exercise sheet), which is not in the interest of the learning effect meant for the exercises. Please note that exercises are the best way to… Read more The first week has shown that the vast majority of students has not prepared for the tutorials (in many cases not even having looked at or having printed the exercise sheet), which is not in the interest of the learning effect meant for the exercises. Please note that exercises are the best way to prepare for the exams (in contrast to the practical work of the projects), so an active participation is highly recommended. We will thus change the scheme in which tutorials operate. To foster a lively and helpful discussion during the tutorials, we will hand out slightly less time-consuming exercise sheets. At the same time, we expect everyone to prepare for the tutorials and actively participate in them. I have urged the tutors to spur lively discussion for an exercise. Please use this chance to test your understanding of the course material. However, if no such activity can be seen (e.g., because nobody prepared anything), I asked the tutors to skip over and not further discuss an exercise task. Thus, even if you do not have a complete solution to a task yet, and just have a slight idea how an exercise can be solved, actively participate in the tutorials to develop a solution with your fellow students. |
Exercise Sheet 02 (Cryptographic Protocols) PublishedWritten on 08.11.17 by Christian Rossow We have just published the next exercise sheet on Cryptographic Protocols, which will be discussed in the tutorials next week. |
Minitest and Project AnnouncementWritten on 08.11.17 by Christian Rossow
|
Course Contents and TimelineWritten on 03.11.17 by Christian Rossow Upon popular request, we have published a working document that outlines the course contents and the approximate date when each topic will be discussed. This document will be updated frequently, but can still serve you as a rough guideline. Find this Security '17/'18 timeline… Read more Upon popular request, we have published a working document that outlines the course contents and the approximate date when each topic will be discussed. This document will be updated frequently, but can still serve you as a rough guideline. Find this Security '17/'18 timeline here: https://docs.google.com/spreadsheets/d/1GBGSGEcvMlwQWspsZou6KM0k8N1FIxDjv27jUmfGdZE/edit?usp=sharing We will include project dates, deadlines and minitests there soon (and let you know). |
Tutorials assignedWritten on 02.11.17 by Markus Bauer We just assigned your tutorial slots. From all students that stated their preferences, 98% got one of their preferred tutorial slots. Tutorials will start next week. |
Exercise Sheet 01 (Cryptography) PublishedWritten on 29.10.17 by Christian Rossow Find the first exercise sheet on Cryptography in CMS. We will discuss this sheet in the week from Nov 6th to 10th. And a gentle reminder: Remember to set your tutorial preferences in CMS until Wednesday, Nov 1st. |
Tutorial registration started **ACTION BY NOV 1st**Written on 26.10.17 by Christian Rossow Please sign in to CMS and check your tutorial preferences ("Personal Status"). We will offer four disjoint tutorial time slots:
Choose your preferences no later than Wed, Nov 1st. We will assign tutorials on Thu, Nov 2nd. Another note: We'll… Read more Please sign in to CMS and check your tutorial preferences ("Personal Status"). We will offer four disjoint tutorial time slots:
Choose your preferences no later than Wed, Nov 1st. We will assign tutorials on Thu, Nov 2nd. Another note: We'll upload slides usually latest a few hours after the lecture and exactly those slides we covered in the lecture. Please note that we will update existing slides (instead of creating a new Materials entry in CMS) if the topic has not changed between two dates (e.g., we updated the slide deck on Cryptography after it was finished, and some of you missed that). Please monitor the revision numbers for changes. |
Lectures will start on Thu 19thWritten on 09.10.17 by Christian Rossow The first Security lecture will be on Thu, Oct 19th, from 08:30 - 10:00 (in GHH). We'll discuss many organizational matters, so don't miss this first lecture. Note that CMS registration to the course is mandatory and already open, so please proceed if you haven't registered yet. |