Skip to main content.
Hacking
Proseminar in Summer Term 2014

Instructor
Prof. Dr. Michael Backes
Prof. Dr. Christoph Sorge
Teaching Assistants
Sven Bugiel, Frederik Möllers, Stefan Nürnberger, Philipp von Styp-Rekowsky
Time/Place
Regular presentation sessions in E1.1 Room 2.06 (CIP Pool of ISC Group) and practical capture-the-flag styled exercises between meetings
Organisational Meeting
Thursday, 2014-04-24, 16:00-18:00 in E1.1 Room 2.06 (CIP Pool of ISC Group)
Language
English (German is possible on request)
Contact
b
5cfmhd5l4l
ugie
i0p662e1j8
l
m104hmilv4
@cs.uni-saarland.de
University Calendar

Latest News

Description

Goal of this Proseminar is to give students a deep understanding of the typical security problems and weaknesses that pervade all kinds of IT systems today. The participants should be enabled to analyze IT systems for security vulnerabilities and hence to optimally secure such systems.

To this end, this seminar deals primarily with offensive aspects and techniques of IT security, for example, as used to compromise and infiltrate computer systems. A particular focus lies on the exploitation of vulnerabilities in security protocols and of software implementations. To provide a more solid understanding of the discussed attack techniques, this seminar strongly mixes theoretical and practical aspects. On the one hand, participants are conveyed the typical Proseminar learning contents (e.g., presentation techniques, autonomous work on the assigned topic, etc.). On the other hand, the participants are required to also introduce and apply established tools for exploiting and attacking IT systems in the context of capture-the-flag styled exercises as well as to consider defensive mechanisms to mitigate and prevent those attacks. Solely the topic "Social Engineering" is an exception from this approach and is discussed only theoretically.

Students are organised in teams of two. Every team has to deal in depth with one topic and give one presentation on their assigned topic. The practical exercises have to be worked on by every team. In contrast to the presentation sessions, there are no fixed dates for the practical exercises, but instead these tasks have to be solved in between the presentation session dates.

The exercise topic list includes:

Registration

Please note that the number of participants is limited to 48 (24 teams)! A CIP pool with workstations for the practical exercises is provided, however, for some tasks, it is beneficial if the participants have a laptop available.

Registration is closed. Final registration is done in the organisational meeting and physical presence at this meeting is required for participation in the seminar.

Prerequisites

There are no formal requirements for participation. However, basics in the area of computer networks as well as basics in programming are expected to be able to solve the practical exercises.

Modus operandi

1) Proseminar Talk and Summary

Each team gives one presentation in English (20 minutes and 10 minutes discussion) and provides a written summary in English (2-3 pages) about their assigned topic. Templates for common presentation programs are provided. The summary must be written in LaTeX (you can use our template with example bibliography file). The summary should include a short overview of the topic including necessary technical background information as well as a thorough description of the assigned attack/vulnerability. Since other teams are encouraged to use your summary as an introduction to the topic and start the practical exercise based on this information, your summaries should be of sufficient quality!

Each team will be supervised by the TA responsible for the assigned topic. There will be a discussion session where each team meets with their advisor and discusses the topic. Before giving the presentation, each team will have to prepare the structure of their talk and discuss it with their advisor; here, the "structure" means the presentation with empty slides and titles only. Additionally, each team will have to give a practice talk in a separate session with their advisor before the presentation.

Here is a list of recommended literature on how to prepare a good presentation and a good report: 2) Practical Exercises and Exercise Reports

Additionally, between two presentation sessions, the participants have to solve a practical exercise. Each exercise deals with the topic of the last presentation session, i.e., after the first teams presented WLAN/Network security, the practical exercise deals with, for instance, breaking wireless WLAN encryption. A list of recommended tools to perform the practical exercise is provided further down on this site. Each team has to submit until the subsequent presentation session a short report on how they solved the exercise. In contrast to the assigned Proseminar summary (see above), these exercise reports are not evaluated by their form and layout, but purely by their content. Thus, although we encourage the use of LaTex to practice writing scientific documents, these reports can be authored in any other program (e.g., MS Word, OpenOffice, nano,...) as long as they remain readable.

Every presentation session starts with a short recap on how the teams solved the last exercise, thus, also reserving time to answer open questions and briefly discuss alternative approaches or counter-measures.

Presentation session schedule

All presentation sessions take place between 14:00-16:00 (Group A) or 16:00-18:00 (Group B) in E1.1 Room 2.06 (CIP Pool of the InfSec group) at the following dates. Participation in the organizational meeting and all the presentation sessions is mandatory!
We encourage all students to present in English (see below for an explanation), but we allow presentations in German when requested.

Date Topic Teaching Assistant Group A (14:00 - 16:00) Group B (16:00 - 18:00)
24-Apr-14
Exercise 0
Kick-Off Meeting
08-May-14
Exercise 1
WLAN Security Sven Bugiel Markus Bauer, Marc Jose N/A
Report  Slides N/A
Layer 2 Sven Bugiel Conrad Lampe, Sören Bund-Becker N/A
Report  Slides N/A
22-May-14
Exercise 2
SQL Injections Philipp von Styp-Rekowsky Omair Shahzad Bhatti, Jan Ehrlich N/A
Report  Slides N/A
XSS Philipp von Styp-Rekowsky Eva Gressung, Peter Nietz Lukas Stemmler, Lukas Wedeking
Report  Slides Report  Slides
05-Jun-14
Exercise 3
Password Security Frederik Möllers Filip Fatz, Philip Christopher Hell Thomas Müller, Orlando Kühn
Report  Slides Report  Slides
Legal Aspects Prof. Christoph Sorge Andreas Knobel, Philipp Knobel Nicolas Erbach, Nils Lipp
Report  Slides Report  Slides
12-Jun-14
Exercise 4
Buffer Overlow Stefan Nürnberger Marvin Barth, Florian Pusse Christian Faber, Nicolas Huaman
Report  Slides Report  Slides
ROP Stefan Nürnberger Till Speicher, Umangathan Kandasamy Sascha Groß, Kai Glauber
Report  Slides Report  Slides
26-Jun-14
Exercise 5
File Systems Frederik Möllers Nils Vossebein, Joshua Steffensky Moein Alinaghian, Nima Nassiri
Report  Slides Report  Slides
Cold Boot Frederik Möllers Mark Timon Hüneberg, Steffen Spier Julien Schuh, Tobias Schuck
Report  Slides Report  Slides
10-Jul-14
Exercise 6
Privilege Escalation Philipp von Styp-Rekowsky Oliver Hoog, Simon Koch Kevin Peter Hoffeld, Gerrit Schelter
Report  Slides Report  Slides
Rootkits Sven Bugiel Fabian Schwarz, Mathäus Jany Hüseyin Alecakir, Marvin Wißfeld
Report  Slides Report  Slides

Please note that this list of dates might be subject to changes! Any changes will be propagated via email to the participants.
The course material can only be accessed from within the Saarland University network. Please use a VPN to connect.

List of tools

The following list provides an overview of the suggested tools to be used in the practical exercises. In general, most of these tools are already available in the software repositories of the major Linux distributions and are included in dedicated Linux distributions for security tests such as Kali.
Tool URL Description
nmap nmap.org Open source for network discovery; additions are available like GUI or tools for results analysis
Wireshark wireshark.org Network sniffer
Etherape etherape.sourceforge.net Network monitor
Ettercap ettercap.github.io Network monitor and tool for man-in-the-middle attacks
Netcat netcat.sourceforge.net Network "swiss army knife"
OpenVAS openvas.org Open source vulnerability scanner
Metasploit metasploit.com Penetration test suite
John the ripper openwall.com/john/ Password cracker
Cain and Abel oxid.it/cain.html Password recovery tool
Rainbow tables project-rainbowcrack.com General purpose cracking of hashes
Aircrack-ng aircrack-ng.org WEP and WPA-PSK key cracker
Kismet kismetwireless.net WLAN detector and sniffer

Tips and General Background Information

During the course of the seminar, we will update this section with general tips and background information that popped up or that we think might not be known by all participants.

Kali VM on student laptops Terminology

Why English?

Like other groups, we decided to hold this Proseminar in English for several reasons:

The TAs speak both German and English and will help you in case of problems. Moreover, your grade will not be influenced by your language skills! We strongly encourage you for above mentioned reasons to present in English, but we allow presentations in German if favoured by the speaker.

Requirements for obtaining credit points (Scheinvergabe)

Your final grade is based on 1) the quality of your presentation and the quality of your written summary (35%); and 2) solving the practical exercises and submitting reports on how they were solved (65%). Both grades must be 4.0 or higher to successfully pass the course.
Participation in the organisational meeting and all the presentation sessions is required for obtaining the credit points!