SecLab SS 2023
| Type | Practical Project Seminar |
| SWS | 4 |
| ECTS | 7.0 |
| Schedule Type | Weekly Meetings |
| Area | Data and Information Management |
| Lecturer | Prof. Dr. Ulrike Meyer |
| Teaching Assistants | Andreas Klinger, Alexander Löbel |
| Contact | seclab-orga@itsec.rwth-aachen.de |
Application
In order to apply for the lab, please send us an email with your write-up of the entry challenge and a motivation why you want to participate. See below for further information regarding the entry challenge.
We will notify you whether you have a spot in the lab or not before the start of the registration for other labs/seminars. If you got a spot, you need to confirm as soon as possible that you actually want to participate.
Participants who have been accepted will receive a personalized code, which is required for the registration for the lab in SuPra. Without this code, participation in the SecLab is not possible.
Important Dates
- Entry Challenge: 2022-12-05, 12:00 noon till 2022-12-18, 23:59.
- Lab: TBA
Requirements
- Major: Master of Computer Science, Master SSE, Master Media Informatics
- No other practical course/lab already completed in your Master's studies
- Basic IT-security knowledge (e.g. have attended the IT-Security lecture, the Security in Mobile Communications lecture, ...).
- Basic Linux (command-line) skills.
- At least decent or advanced programming skills in one programming language.
- Decent knowledge of networking (TCP/IP).
Topics
We will discuss mainly the following topics and implement various practical attacks in those application fields.
- Wireless technologies in practice, e.g. session hijacking, WEP/WPA/WPA2 hacking...
- Network traffic analysis, e.g. analysis of authentication protocols, sniffing...
- Security countermeasures, e.g. reactive security, system analysis...
- Attacks against cryptography, e.g. key recovery in cryptographic ciphers, factorization attacks...
- Web application security, e.g. cross-site scripting, wargames...
- Code analysis, e.g. java byte code analysis, reverse engineering...
- Malware analysis, e.g. analysis of botnet samples and rootkits
- Android security, e.g. analysis of mobile malware and forensic data analysis
- ...
You have to solve common tasks every two weeks and work on it in the lab (if possible) or at home. Be prepared to spend some time in the lab. More organizational information will be communicated to all participants in the first weeks of the lab.
Entry Challenge
The challenge, that you can solve in order to significantly increase your chances of getting a spot in the Security Lab, will be available here. Note, that the quality of your solution to the entry challenge influences your chance of getting one of the highly sought-after spots in the lab.
The entry challenge is now available for download via gigamove.
Information, keys, etc. from the challenge should not be used to attack or probe any real servers.
Submission
You can submit your solution as a pdf file (written in English or German) until Sunday, December 18th, 2022 at 23:59. We will announce whether you were able to enter the lab before the deadline of choosing practical courses. This way, you can still apply for a different course if you did not make it.
Please do not submit in teams and try to solve the challenge on your own instead!
Submissions should be sent via email.
Task
Collect as much information as possible about this file. If you think you have found everything, you might want to dig deeper or try something else...
Write-Up
For the write-up, make sure to tell us:
- How you approached the problem.
- What you found in each step (including everything interesting).
- Why you pursued or didn't pursue any particular avenue.
- Also write down everything you tried (even if it did not lead to success).
Make sure, to also include:
- A short motivation, where you describe in a few sentences, less than 1/2 page, why you want to attend the lab
- Your major
- Your student number
Have Fun!