- Weekly lectures are held in EI 8 Pötzl HS, 18:00 to 20:00.
- Challenges will start on Thursdays, 20:00.
- First challenge starts October 11th!
Dates and Slides
- 2018-10-03: Lecture Slides: Introduction, Malware
2018-10-10: Lecture Slides: Mobile Security (Android)
2018-10-17: Lecture Slides: Introduction to CTFs
Registration is handled over the TISS site now!
Once the course has started, register via TISS. We will import your data, and send you the credentials for our environment via email.
From that point, all communication is handled via this site. Your account will be valid for the whole semester and give you detailed feedback on submissions, current points etc..
Staff and Contact
This lecture is held as a cooperation between the Secure Systems Lab at the Automation Systems Group (191/3), the Information and Software Engineering Group (194/1) and SBA Research
If you have questions regarding the lab challenges, please use the TISS Forum
to exchange yourself with other students.
Our tutor is reading it on a daily basis and usually quick to answer with help.
Please refrain from posting (partial) solutions, as you will spoil the fun for others. If you think, you need help beyond that do contact us per email at email@example.com
Advanced Internet Security serves as a continuation for the class Internet Security. The lecture deals with common errors and vulnerabilities as well as ways to detect and avoid them. Examples are used to highlight the general error classes and how they can be abused.
In order to teach the subject in the most authentic way, the lecture uses an "offensive approach": Security-related topics are viewed from an attacker's perspective and possible attack scenarios are shown. In practical challenges the students need to exploit previously discussed security vulnerabilities inside a controlled challenge-environment. This improves the students' understanding of the handled topics and helps them to prevent similar mistakes in own projects and allows them to actively take security measures when handling security relevant projects.
As an optional part of the class, students are able to participate in a hacking contest in which they can prove their knowledge of security and system management by competing as a team against other Teams spread around the globe.
- Malware * Botnets, command&control mechanisms
- Binary Analysis * Fuzzing * Instrumentation * Tainting * Symbolic Execution
- Heap Attacks * Data-driven Attacks * Kernel Security
- Meltdown/Spectre * Rowhammer * CPU Side-Channel Attacks
- IoT Security * Embedded Systems and Firmware
- Hardware Security * Hardware Analysis and Attacks
- Wireless * Radio * RFID * EMV security
- Applied Crypto * RSA * ECDSA
- Mobile Security * Android security concepts
- Windows Security
- Understanding of security fundamentals (e.g. as offered by Internet Security VU or equivalent)
- Good programming/developing skills (C knowledge is advantageous)
- Some experience with Linux and Windows
- Time ;-) You will need to solve a minimum of 4 security challenges during the lecture!
Mode and Grading
7 challenges (assignments)
We will announce a challenge every couple of weeks that will be open for 13 days for you to solve.
These challenges shall give you some basic hands-on experience in penetration testing and security analysis of software and applications.
We have planned 6 challenges that deal with the lecture's topics and are directly related to the concepts discussed
in the lecture part of the course.
The challenges are not necessarily difficult, but may require you to do some research on the Internet and read some documentation.
Of course, you also need some patience.
By the way, we are aware that the InetSec environment is not highly secure. It's a time issue ;-) So we trust you that
you will not try to break or hack the system. That is not a challenge. Remember that you are the good guy/gal.
We will not tolerate any attacks against our infrastructure.
At the end of the semester. Registration via TISS.
75 minutes time, no course material allowed.
The grade you get is best described with the following "python" code:
from decimal import *
LECTURE_CHALLENGES = 7 # example, may vary from semester to semester
LECTURE_EXAM_MAX_POINTS = 35 # example, may vary from exam to exam
return int(math.ceil((Decimal(LECTURE_CHALLENGES) / Decimal(2)) + Decimal(0.1)))
def grade(student_solved_challenges, student_exam_points):
challenge_points = (Decimal(student_solved_challenges) / Decimal(LECTURE_CHALLENGES)) * Decimal(100)
exam_points = (Decimal(student_exam_points) / Decimal(LECTURE_EXAM_MAX_POINTS)) * Decimal(100)
sum_points = int(math.ceil((Decimal(2) * challenge_points + exam_points) / Decimal(3)))
if sum_points <= 50 or student_solved_challenges < min_challenges_to_solve():
elif sum_points <= 63:
elif sum_points <= 75:
elif sum_points <= 88:
if __name__ == "__main__":
# student solved 5 challenges and received 25 points on the exam
Practicums and Theses
Are you a motivated student and looking for a bachelor's thesis or master's thesis, visited our courses and are otherwise also very interested in the security topic? Please visit the internship and theses pages of Seclab and SBA Research:
Internships and Theses at SBA Research
Internships and Theses at Seclab Vienna
Good luck and happy debugging ;-)