Universität Hamburg

Universität Hamburg

SVS - Security in Distributed Systems
MIN Faculty.Informatics.SVS
   UHH  >  Dept. of Informatics  >  SVS  >  Research >  Projects >  Software Security > Open Study Group: Practical Insecurities      SiteMapSitemap  SearchSearch Seitenende
*SVS Homepage
*General Information
*Events and Conferences
*People
*Research
 - Publications
 - Talks
 - Projects
   - BADO
   - BIONETS
   - Orka
   - R4eGov
   - Secologic
   - Software Security
     - CInsects
     - CISAT
   - VoIP Security
   - Web Application Security
*Teaching
*For Students
*Open Positions
CInsects Logo

Open Study Group: Practical Insecurities

Who are we?

In weekly meetings we are approaching computer insecurities from the practical side.

Note: This is neither a lecture nor a seminar. There won't be an instructor. All participants are expected to work together to gain the desired knowledge. And BYOL (Bring your own laptop).

The addressed topics may include:

  • C Security (Buffer Overflows, Format String Exploits, Heap Overflows, Integer Manipulation)
  • Web Application Insecurities (SQL Injection, XSS, Remote Command Execution)
  • Examination of recent / interesting vulnerabilities and exploits

Requirements:

  • Basic/advanced programming skills (e.g. C(++), JavaScript,.)
  • For C Insecurities: Knowledge on basic OS functionality, CPU instruction sets and memory management
  • For Web-Security: Clear understanding how web-applications work
  • A laptop with a C compiler and a web browser

Time: Thursday 16:00 - 18:00

Location: F-630

If you want to participate please write an email to Martin Johns or Daniel Schreckling or show up at one of our meetings.

Mailing List

Participation in CTFs

Our group is regularly participating in Capture the Flag (CTF) Competitions. In the following we list all CTFs we participated in and indicate how we finished.

Competition Team name # Teams Place Normalised Place
22C3 CInsects 6 5 83
CIPHER2 CInsects 18 7 39
23C3 CInsects 10 2 20
COutsects 10 6 60
CErrsects 10 9 90
iCTF 2006 CInsects 25 6 24
CIPHER3 CInsects 24 4 17
iCTF 2007 CInsects 36 6 17

Advisories

ID Title Date
CISA-2007-05 Apple OS X Software Update Remote Command Execution 17. Dec 2007
CISA-2007-04 Session Riding and multiple XSS in WebCit 24. Jun 2007
CISA-2007-03 tcpdump: off-by-one stack overflow in 802.11 printer 01. Mar 2007
CISA-2007-02 MPlayer DMO buffer overflow 01. Mar 2007
CISA-2007-01 Code injection via CSRF in Wordpress < 2.03 02. Jan 2007
CISA-2006-02 Using eval() in Greasemonkey scripts considered harmful 26. Dez 2006
CISA-2006-01 (somewhat) breaking the same-origin policy by undermining dns-pinning 14. Aug 2006
CISA-2005-01 Cross-Site-Scripting Vulnerability in Horde IMP 17. Nov 2005

  Impressum Last modified: 02/01/2008 - 15:45:19 by mj Seitenanfang