Cyber Security Lab (Ethical Hacking)

Course Description:

The goal of this laboratory course is to introduce state-of-the-art security vulnerabilities and countermeasures by an hands-on approach. Therefore the course covers the basic fields of Software Security, Network Security, Web Security, System Security and Mobile Security. To experiment with the known vulnerabilities and attacks there is an example scenario considered for each of the fields. By an hands-on approach, the students develop, among others, prototypes for attacks like, Cross-Site Scripting, Android repackaging, and Meltdown/Spectre. In the scope of this course, among others, we explore some topics from the following rough list:

  • Software Security
    • Buffer-overflow attacks in the light of stack protection mechanisms
    • Return-to-libc attack
    • Format string vulnerabilities
    • Race condition vulnerabilities
    • Environment variables and Set-UID
    • Shellshock attack
    • Dirty COW
  • Web Security
    • Cross-Site Scripting and XSS worm propagation
    • Cross-Site Request Forgery
    • SQL Injection Attack
  • Network Security
    • Packet sniffing and spoofing
    • Attacks on the TCP protocol
    • Firewalls
    • DNS Attacks
    • Virtual Private Networks
    • PKI
    • Transport Layer Security
    • Heartbleed Attack
  • Cryptography
    • Attacks on encryption, signatures, and hash functions
    • PKI and Man-In-The-Middle Attacks
  • System Security
    • Side-channel attacks with respect to CPU caching (Meltdown/Spectre)
  • Mobile Security
    • Reverse engineering of Android applications
    • Android rooting

Please enroll here for the moodle course.

Time Table:

Thursday11:30 - 13:00VG 1C/0.04

This website uses cookies. Those have two functions: On the one hand they are providing basic functionality for this website. On the other hand they allow us to improve our content for you by saving and analyzing anonymized user data. You can redraw your consent to using these cookies at any time. Find more information regarding cookies on our Data Protection Declaration and regarding us on the Imprint.


These cookies are needed for a smooth operation of our website.


Name Purpose Lifetime Type Provider
_pk_id Used to store a few details about the user such as the unique visitor ID. 13 months HTML Matomo
_pk_ref Used to store the attribution information, the referrer initially used to visit the website. 6 months HTML Matomo
_pk_ses Short lived cookie used to temporarily store data for the visit. 30 minutes HTML Matomo