Real-world Vulnerability Discovery

Overview

SemesterWinter 2024
Course typePractical Course/ Lab
LecturerTT.-Prof. Dr. Wressnegger, KITCTF
AudienceInformatik Master & Bachelor
Credits4 ECTS
Room149 and -120, Building 50.34
LanguageEnglish and/or German
LinkTBA
Registrationhttps://ilias.studium.kit.edu/ilias.php?baseClass=ilrepositorygui&ref_id=2483966

Description

In this practical course, you work on finding 0-day vulnerabilities in real-world software. You practically learn about exploitation techniques, bug-bounty programs, and vulnerability disclosure. Students will engage in collaborative vulnerability research investigating the security of pre-defined software targets. However, instead of working in a controlled/staged setup with toy vulnerabilities, you will analyze real-world software found in production with an undefined number of vulnerabilities.

You will report your findings in the scope of the vendor's bug-bounty programs or similar disclosure procedures, striving to have a CVE number assigned to the found vulnerability.

Schedule

DateStep
Wed, 23. Oct, 14:00–15:30Kick-off Meeting
Thu, 07. Nov, 19:00What are CTFs? & Web Security
Thu, 14. Nov, 19:00Reverse Engineering
Thu, 21. Nov, 19:00Binary Exploitation
Thu, 28. Nov, 19:00Cryptography
...TBA
Thu, 06. FebHand-in Write-up and PoC
Thu, 13. Feb, 14:00–15:30Presentation at final colloquium

Recommendation

You should have successfully passed the following courses:

  • Lecture "Informationssicherheit"
  • Practical course "Anwendungssicherheit"