Warning
This page is located in archive. Go to the latest version of this course pages.

Assignments

Hands-on assignments follow the topics shown in the classes:

  • Each student is assigned a docker container in the class infrastructure at the beginning of the class.
  • Docker containers run Linux and contain all the tools needed during the semester to solve all assignments.
  • All assignments are to be done in the containers unless stated otherwise.
  • All assignments are in the form of Capture the flag: solving a problem yields a flag that can be submitted in the CTFd system for evaluation.
Use university email for accessing the CTFd.

General Rules

You can NOT

  1. Attack others on the Internet from the docker we are giving you.
  2. Attack the assignment servers or CTFd servers
  3. Attack other servers and services in the university network (outside of the IP range given to you)
  4. Share your code or solution with other students

You CAN

  1. Attack the given docker from the Internet.
  2. Attack from the local docker network the dockers for other students (inside the local network)
Containers are to be used for the class only. Failing to comply with the rules will lead to a point deduction and failing the class!

Assignment List

AssignmentStartsDuePoints
Assignment 1 5.10.2023 12.10.2023 23:591
Assignment 2 12.10.2023 20:006.11.2023 23:594
Assignment 3 12.10.2023 20:006.11.2023 23:592
Assignment 4 19.10.2023 20:006.11.2023 23:596
Assignment 5 26.10.2023 20:0010.1.2024 23:595
Assignment 6 2.11.2023 20:0010.1.2024 23:596
Assignment 7 9.11.2023 20:0010.1.2024 23:595
Assignment 8 22.11.2023 20:0010.1.2024 23:594
Assignment 9 30.11.2023 20:0010.1.2024 23:596
Assignment 10 14.12.2023 20:0010.1.2024 23:595
Bonus Assignment TBA TBA 100

Assignment 1: Hello class infrastructure

  1. Log in CTFd with given credentials (Check your email).
  2. Log in to the given docker with the given credentials.
  3. Get the flag and submit it to the CTFd

Assignment 2: Network scanning

  • Log in to your docker
  • Scan and find running devices in the network 172.16.1.100-200
  • Find out which services are running on those devices
  • Find the flag and submit it to the CTFd
  • Answer related questions in the CTFd
PLEASE DO NOT SCAN HOSTS OUTSIDE OF THE GIVEN RANGE

Assignment 3: Packet capturing

  • Log in to your docker
  • Capture traffic for at least 1 hour
  • Search the captured traffic for suspicious/anomalous traffic and potential attack
  • Analyze the attacker's actions
  • Find the flag
  • Submit the flag in the CTFd

Assignment 4: Exploits & Vulnerabilities

Part 1:

  • Log in to your docker
  • Find the library in <IP SHOWN IN CTFd> and explore it
  • Find the flag and answer the question in CTFd

Useful tools: nmap, ls, ssh, cat

Part 2:

  • Log in to your docker
  • Server <IP SHOWN IN CTFd> has a vulnerability
  • Find it and search for an exploit
  • Exploit this vulnerability to read the flag file

Useful tools: nmap, python, cat


Assignment 5: Securing Linux devices

  • The assignment has several parts. You will need to log in to your dockers, investigate potential breaches, and answer the questions in CTFd.
Do not block user access by SSH (pass or public key). Do not harden your dockers before the assignment starts.

Assignment 6: Honeypots

  • Unordered List ItemYou have a Cowrie installation at your docker running SSH on port 2222
  • Attackers will try to connect to this port and detect if it is a honeypot or a real service.
  • You need to try and make the honeypot look more realistic.
  • More details in CTFd

Assignment 7: Persistance&Escalation

  • Find a way to access the given server
  • Make sure you can read all parts of the flag number 1
  • Find a way to access flag number 2

Assignment 8: Reversing

  • Log in to your dockers
  • Analyze the traffic that comes to your container and try to make sense of it. (You can ignore traffic from past assignments)
  • Find the flag and submit it to the CTFd
  • More details in CTFd

Assignment 9: C&C Client

There is a bot server specified in CTFd. Create a bot client that can interact with it, respond to the C&C server commands and obtain the flag. In order to register to the bot master you will need to provide proof of work. Check the attached `pow_solver.py` to see what is needed.


Assignment 10: Malware Detection

  • Part 1: Download a PCAP from CTFd, analyze it and answer the questions
  • Part 2: Modify the ML part in the class Colab according to the instructions in CTFd and solve the questions.

Bonus Assignment

Bonus assignments will be announced before the winter break. Students who complete the bonus assignment can choose not to come to the final exam. More details and exact conditions for passing the bonus will be announced later in the semester.

courses/bsy/assignments.txt · Last modified: 2023/12/18 14:53 by lukasond