Hasso-Plattner-Institut für Softwaresystemtechnik
IT-Systems Engineering

"Es hat sich durch das ganze Studium eigentlich durchgezogen: diese doch recht hohen Anforderungen, die an einen gestellt wurden, aber auf der anderen Seite das Lockere, das Kameradschaftliche." Jörn Hartwig, HPI-Absolvent

31.05.2012
Open Course Design Thinking: d.school-Referent Thomas Both zu Gast

Aufgrund der großen Nachfrage gibt es einen weiteren Open Course Design Thinking vom 31. Mai bis 2....
06.06.2012
Bewerbungsschluss HPI-Schülerkolleg

HPI-Schülerkolleg geht 2012 in sein viertes Jahr. Bis zum 6. Juni können sich interessierte und...
08.06.2012
Hochschulinformationstag am HPI

Am 8. Juni 2012 findet der Hochschulinformationstag der Universität Potsdam auf dem Campus...
09.06.2012
HPI Alumni Homecoming Event 2012

Die zentrale Begegnungsveranstaltung für die Ehemaligen des HPI feiert 2012 gleich mehrere...
14.06.2012
Future SOC Symposium am HPI

Vom 14. bis zum 15. Juni 2012 findet das siebte Future SOC Symposium statt.
19.06.2012
Zertifikatsverleihung HPI-Schülerkolleg 2011/12

15 Seminareinheiten in je 3 bis 4 Modulen haben die rund 55 Schülerinnen und Schüler abgeschlossen,...
27.06.2012
HPDTRP Community Building Workshop

Vom 27. bis 29. Juni 2012 findet der HPDTRP Community Building Workshop am Hasso-Plattner-Institut...

Weitere Termine am HPI

IT-Systems Engineering

Hier finden sie die Hinweise zum Lehrangebot in den Bachelor- und Master-Studiengängen IT-Systems Engineering im laufenden Semester.

Ein Archiv mit dem Lehrangebot älterer Semester finden sie hier.

"Räuber und Gendarm" (CTF-Szenarien) (SS2011)

Dozent: Prof. Dr. Christoph Meinel, Dr. Feng Cheng, Sebastian Roschke (Internet-Technologien und -Systeme)

Beschreibung

This experimental project seminar is about advanced techniques in practical system and networking security.

We will have two teams defeating each other or the tutoring team within three challenges - with changing roles either as an attacker or defender of a target IT system.

For each challenge, the teams will have 4 weeks to prepare their arms: setting up a secure system (under given constraints) for the defenders, choosing and testing recon and penetration tools for the attackers. After preparation, the teams will fight out a supervised Capture-the-Flag contest.

Topics for the challenges:

  1. Network Security
  2. Web- and Application Security
  3. The whole bunch

Important Notice: We are NOT guiding you for hacking and participation in this seminar could NOT be an excuse for any kinds of your malicious actions towards unauthorized resources over Internet!!!

Anforderungen

  • Good knowledge in
  • networking technologies (TCP/IP stack, ...)
  • operating systems (memory management, ...)

Very good knowledge in security basics (i.e., lecture on Internet Security - Weaknesses and Targets)

This seminar has a limited number of participants! Up to 10 students can apply!

  • If you got interest while seeing this page, please do not wait and just drop an email to Feng (put Sebastian on cc) to show your interest and then come to the first session on April 15.
  • After the first session, the selection will be done based on an integrated algorithm (combining FCFS, ITS lecture Scores, and other factors) and the invitation email will be sent to the selected participant.
  • Frau Pamperin will accept your subscription form only in case the you show her the invitation email. Please do not directly subscribe by her before Apri 22.

 

News

  • 15.07.2011: The photos for the last challenges have been uploaded. You can find on the page.
  • 27.06.2011: The photos for the first two challenges have been uploaded. Enjoy yourselves from here.
  • 26.04.2011: Two teams have been built for the seminar.
  • 18.04.2011: Due to  the Easter Holiday, we have to cancel this week's session on April 22. You will get the invitation email around 18 o'clock on April 21. Please shortly come to my office (H-1.13) after holidays on April 26 to draw for the team and topic as well as pick up the requirement list for the first challenge. You can come individually at any time (9-18 o'clock) on April 26.  
  • 15.04.2011: Due to the conflict with 2011 Retreat of HPI Research School, the room has been changed to H-2.57.

Literatur

Leistungserfassungsprozess

  • Team presentation/report after each challenge
  • Individual technical Presentation (15-20 mins) on a selected topic
  • Intensive collaboration and discussion within the teams and challenges

 

Topic List for Individual Presentations

  • New Attacks on Smartphone (Angelo)
  • Security Issues of Social Websites (Hubert)
  • Introduction to Scanners (Eric)
  • New Attacks using Social Engineering (Steffen)
  • Attacks on Router, Switch, and WLAN Access Point (Martin)
  • Security Issues of Virtualization (Max)
  • Vulnerability Model and Popular VDBs (Daniel)
  • Modeling Attack using Attack Graph (Jens)
  • Protecting Privacy on Cloud (Jan)
  • IT-Security related Laws, Rules, and Regulations in Germany (Matthias)
  • Fuzzing Techniques
  • Taint-Analysis for IT Security
  • Reverse-Engineering
  • ...... 

Termine

  • 15.04.2011: Introductory Session (!!! change to Room H-2.57!!!)
  • 21.04.2011: Email Subscription Deadline (18 o'clock)
  • 26.04.2011: Official Subscription Deadline  (!!! changed from  22.04.2011!!!)
    • Submission of the Subscription Form to Frau Pamperin
    • Team building
    • Topic selection
    • Challenge 1: Requirement Lists
  • 29.04.2011: Challenge 1:
    • Q&A: Onsite meeting upon request
  • 06.05.2011: Challenge 1: 
    • Attacker Team Meeting: Attack tools
    • Defender Team Meeting: Defending Ideas
  • 13.05.2011: Challenge 1:
    • Attacker Team Meeting: Attacking path
    • Defender Team Meeting: Defending Architecture
  • 16.-20.05.2011: Challenge 1 Live-Show Week
    • Monday: Delivery of Defending Network (CET 20 pm)
    • Tuesday: Meeting with Defender Team (Architecture Introduction and Rule Discussion)
    • Wednesday: Q&A Court (Defender Team, Attacker Team, and Tutors)
    • Thursday: Game Rule Distribution
    • Friday: Live-Show Session (Photos)
  • 27.05.2011: Inbetween Session 
    • Challenge 1: Presentation
    • Challenge 2: Requirement Lists (per email CET 18 pm)
  • 03.06.2011: Challenge 2:
    • Q&A: Onsite meeting upon request
  • 10.06.2011: Challenge 2: 
    • Attacker Team Meeting: Attack tools
    • Defender Team Meeting: Defending Ideas
  • 17.06.2011: Challenge 2:
    • Attacker Team Meeting: Attacking path
    • Defender Team Meeting: Defending Architecture
  • 20.-24.06.2011: Challenge 2 Live-Show Week
    • Monday: Delivery of Defending Network (CET 20 pm)
    • Tuesday: Meeting with Defender Team (Architecture Introduction and Rule Discussion)
    • Wednesday: Q&A Court (Defender Team, Attacker Team, and Tutors)
    • Thursday: Game Rule Distribution
    • Friday: Live-Show Session (Photos)
  • 01.07.2011: Inbetween Session 
    • Challenge 2: Presentation
    • Challenge 3: Introduction and Research Recommendations
  • 08.07.2011: Individual Technical Presentation Session I&II
  • 15.07.2011: Live-Show Day (Photos)
    • Challenge 3: Live-Show Session
    • Closing BBQ 
  • 01.08.2011: Challenge 3: Deadline for Report Submission (CET 15 pm)
  • 09.2011: Presentation (FG-Meinel Research Seminar, no-mandatory)

(Last Modified: 27.07.2011) 
    Allgemeine Informationen

    ID:

    10 L 1278

    Kennung:

    VT IST,SWA

    SWS:

    4

    ECTS Credit Points:

    6 (benotet)

    Einschreibefrist:

    26.4.2011

    Studiengang:

    IT Systems Engineering (Bachelor)

    Themenmodul:

    Vertiefungsgebiete

    Lehrform:

    Seminar

    Belegungsart:

    Wahlfach

    Themenkomplex:

    Vertiefungsgebiet:

    Internet-Technologien, Mensch-Maschine-Schnittstelle, Systemarchitektur

    Zurück