Semester | Winter 2024 |
Course type | Practical Course/ Lab |
Lecturer | TT.-Prof. Dr. Wressnegger, KITCTF |
Audience | Informatik Master & Bachelor |
Credits | 4 ECTS |
Room | 149 and -120, Building 50.34 |
Language | English and/or German |
Link | TBA |
Registration | https://ilias.studium.kit.edu/ilias.php?baseClass=ilrepositorygui&ref_id=2483966 |
In this practical course, you work on finding 0-day vulnerabilities in real-world software. You practically learn about exploitation techniques, bug-bounty programs, and vulnerability disclosure. Students will engage in collaborative vulnerability research investigating the security of pre-defined software targets. However, instead of working in a controlled/staged setup with toy vulnerabilities, you will analyze real-world software found in production with an undefined number of vulnerabilities.
You will report your findings in the scope of the vendor's bug-bounty programs or similar disclosure procedures, striving to have a CVE number assigned to the found vulnerability.
Date | Step |
Wed, 23. Oct, 14:00–15:30 | Kick-off Meeting |
Thu, 07. Nov, 19:00 | What are CTFs? & Web Security |
Thu, 14. Nov, 19:00 | Reverse Engineering |
Thu, 21. Nov, 19:00 | Binary Exploitation |
Thu, 28. Nov, 19:00 | Cryptography |
... | TBA |
Thu, 06. Feb | Hand-in Write-up and PoC |
Thu, 13. Feb, 14:00–15:30 | Presentation at final colloquium |
You should have successfully passed the following courses: