Practical knowledge is often neglected during studies - but not for students at TU Darmstadt. In the winter semester, Matthias Göhring, Tobias Hamann and Tim Wörner, Pentest Professionals at usd HeroLab, once again demonstrated in the "Hacker Contest" how they test IT systems and applications for vulnerabilities and how these vulnerabilities could be exploited by attackers.
Afterwards, the 29 students had the opportunity to get hands-on in the course: The usd PentestLab provides a controlled environment in which various tools and attacks can be executed. Thus the students learn how pentesters work and how important their role is for information security.
An integral part of the course and part of the final grade is a practical assignment. This consisted of working in project teams to independently investigate open source software for vulnerabilities that have a direct impact on information security protection goals. The research results had to be documented in a way that any vulnerabilities found can be reported to the developers in line with Responsible Disclosure processes and thus closed as quickly as possible.
Within 9 projects, the students identified a total of 14 vulnerabilities. The majority of the vulnerabilities were fixed within a very short time of being reported. One vulnerability in the WordPress plugin Price Ticker & Coins even received a CVE (CVE-2024-0709), which was classified as critical (CVSS 9.8 out of 10).
"It makes us really proud to see how passionately the students share our mission of "more security". This semester, thanks to their commitment, various vulnerabilities were identified and closed before attackers could exploit them. This is a great contribution to greater security and what drives us as IT security professionals every day," reports Tobias Hamann.
For the first time this year, the third component of the Hacker Contest was an internal security conference. The students presented Tactics, Techniques and Procedures (TTPs) of typical cyber attacks to the usd pentest professionals and their fellow students.
