Hacker Contest summer semester 2023: Sample solution of the challenge online

17. April 2023

In the 2023 summer semester, our "Hacker Contest" at Technical University (TU) Darmstadt and at Darmstadt University of Applied Sciences (h_da) will enter the next round. In the popular course Matthias Göhring, Head of usd HeroLab, Tobias Hamann, Senior Consultant IT Security at usd HeroLab, and Tim Wörner, Senior Consultant at usd HeroLab, give students concrete insights into IT security. For this purpose, the usd PentestLab provides a controlled environment in which students can attempt tools and attacks on IT systems and applications as a start. The objective is to identify and exploit vulnerabilities. A fixed component is a practical assignment in which the students independently examine open source software for vulnerabilities and report them to developers according to the usd Responsible Disclosure Process. Thus, the students contribute significantly to the security of open source software.

In order to qualify for participation in the Hacker Contest, the participants faced the Hacker Contest Challenge in the current semester as well.

The Challenge

In the current challenge, the goal was to analyze a fictitious insurance company for vulnerabilities that have a direct impact on the protection goals of information security. In order to close these vulnerabilities in a timely manner, the participants were asked to report understandable and easily reproducible vulnerability descriptions to the developers.

Experts from usd HeroLab have published a Write-up of the challenge for you in their LabNews. If you want to know what a Hacker Contest Challenge looks like, or what flags you might have missed: Click here for the sample solution Hacker Contest Challenge SoSe 2023.

Also interesting:

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

AI Vulnerability Storm: When a Lack of Speed Becomes a Risk

Current developments in AI systems show that vulnerabilities are found more quickly, suitable exploits are developed more quickly, and attacks are increasingly implemented automatically. This significantly reduces the time between discovery and exploitation. What used...

Bafin Publishes 9th Amendment to MaRisk

Bafin Publishes 9th Amendment to MaRisk

On 30 June 2026, all credit institutions and financial services institutions in Germany received an important circular: Following the consultation phase, the German Federal Financial Supervisory Authority (Bafin) published the 9th amendment to its Minimum Requirements...

usd AG Listed as EPI Partner for Mobile Security Evaluations

usd AG Listed as EPI Partner for Mobile Security Evaluations

The popularity of mobile payments is growing, and with it, the demand for verified security. usd AG is expanding its activities in the EPI environment and will also conduct Mobile Security Evaluations in the future. This places us among the few EPI-listed Security...

Categories

Categories