| Semester | Winter 2025 |
| Course type | Practical Course/ Lab |
| Lecturer | Prof. Dr. Wressnegger, KITCTF |
| Audience | Informatik Master & Bachelor |
| Credits | 4 ECTS |
| Room | 149 and -120, Building 50.34 |
| Language | English and/or German |
| Link | TBA |
| Registration | TBA |
Kick-off Meeting Canceled! I contrast to previous years we do not do a joint meeting to start the course due to an unfortunate clash of appointment. Please, contact us if you still want to participate. We are happy to give you an individual "intro" to the course.
In this practical course, you work on finding 0-day vulnerabilities in real-world software. You practically learn about exploitation techniques, bug-bounty programs, and vulnerability disclosure. Students will engage in collaborative vulnerability research investigating the security of pre-defined software targets. However, instead of working in a controlled/staged setup with toy vulnerabilities, you will analyze real-world software found in production with an undefined number of vulnerabilities.
You will report your findings in the scope of the vendor's bug-bounty programs or similar disclosure procedures, striving to have a CVE number assigned to the found vulnerability.
| Date | Step |
| Kick-off Meeting (please contact us directly) | |
| Thu, 13. Nov, 19:00 | What are CTFs? & Web Security |
| Thu, 20. Nov, 19:00 | Reverse Engineering |
| Thu, 27. Nov, 19:00 | Binary Exploitation |
| Thu, 04. Dec, 19:00 | Cryptography |
| ... | TBA |
| Thu, 12. Feb | Hand-in Write-up and PoC |
| Fri, 20. Feb, 14:00–15:30 | Presentation at final colloquium |
You should have successfully passed the following courses: