Hacker Contest summer semester 2023: Sample solution of the challenge online

17. April 2023

In the 2023 summer semester, our "Hacker Contest" at Technical University (TU) Darmstadt and at Darmstadt University of Applied Sciences (h_da) will enter the next round. In the popular course Matthias Göhring, Head of usd HeroLab, Tobias Hamann, Senior Consultant IT Security at usd HeroLab, and Tim Wörner, Senior Consultant at usd HeroLab, give students concrete insights into IT security. For this purpose, the usd PentestLab provides a controlled environment in which students can attempt tools and attacks on IT systems and applications as a start. The objective is to identify and exploit vulnerabilities. A fixed component is a practical assignment in which the students independently examine open source software for vulnerabilities and report them to developers according to the usd Responsible Disclosure Process. Thus, the students contribute significantly to the security of open source software.

In order to qualify for participation in the Hacker Contest, the participants faced the Hacker Contest Challenge in the current semester as well.

The Challenge

In the current challenge, the goal was to analyze a fictitious insurance company for vulnerabilities that have a direct impact on the protection goals of information security. In order to close these vulnerabilities in a timely manner, the participants were asked to report understandable and easily reproducible vulnerability descriptions to the developers.

Experts from usd HeroLab have published a Write-up of the challenge for you in their LabNews. If you want to know what a Hacker Contest Challenge looks like, or what flags you might have missed: Click here for the sample solution Hacker Contest Challenge SoSe 2023.

Also interesting:

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

DORA Deep Dive: Threat-Led Penetration Testing (TLPT)

The Digital Operational Resilience Act (DORA) will apply as of January 17, 2025. In addition to routine operational resilience testing, DORA will also make it mandatory for certain financial companies to carry out threat-led penetration testing (TLPT) every three...

Security Advisory on Gambio

Security Advisory on Gambio

The pentest professionals at usd HeroLab examined the online shop software Gambio during their pentests. The software offers merchants various functions that support the management of inventory and orders. Our professionals discovered a vulnerability in the password...

Categories

Categories