Hacker Contest Winter Semester 2023/2024: 29 Students. 14 Vulnerabilities. 1 CVE. Countless Practical Insights.

17. April 2024

Practical knowledge is often neglected during studies - but not for students at TU Darmstadt. In the winter semester, Matthias Göhring, Tobias Hamann and Tim Wörner, Pentest Professionals at usd HeroLab, once again demonstrated in the "Hacker Contest" how they test IT systems and applications for vulnerabilities and how these vulnerabilities could be exploited by attackers.

Afterwards, the 29 students had the opportunity to get hands-on in the course: The usd PentestLab provides a controlled environment in which various tools and attacks can be executed. Thus the students learn how pentesters work and how important their role is for information security.

An integral part of the course and part of the final grade is a practical assignment. This consisted of working in project teams to independently investigate open source software for vulnerabilities that have a direct impact on information security protection goals. The research results had to be documented in a way that any vulnerabilities found can be reported to the developers in line with Responsible Disclosure processes and thus closed as quickly as possible.

Within 9 projects, the students identified a total of 14 vulnerabilities. The majority of the vulnerabilities were fixed within a very short time of being reported. One vulnerability in the WordPress plugin Price Ticker & Coins even received a CVE (CVE-2024-0709), which was classified as critical (CVSS 9.8 out of 10).

"It makes us really proud to see how passionately the students share our mission of "more security". This semester, thanks to their commitment, various vulnerabilities were identified and closed before attackers could exploit them. This is a great contribution to greater security and what drives us as IT security professionals every day," reports Tobias Hamann.

For the first time this year, the third component of the Hacker Contest was an internal security conference. The students presented Tactics, Techniques and Procedures (TTPs) of typical cyber attacks to the usd pentest professionals and their fellow students.

Hacker Contest WiSe 2023/2024

Also interesting:

SWIFT CSCFv2025 - The Three Most Important Questions About the Update

SWIFT CSCFv2025 - The Three Most Important Questions About the Update

Users of the SWIFT network are required to demonstrate compliance with the mandatory security controls through an annual independent audit in accordance with the Customer Security Control Framework (CSCF). As part of this SWIFT Assessment, the security of an...

From Unicode to Exploit: The Security Risks of Overlong UTF-8 Encodings

From Unicode to Exploit: The Security Risks of Overlong UTF-8 Encodings

In the dynamic field of cybersecurity, it is often the obscure and long-forgotten vulnerabilities that pose a hidden threat to otherwise hardened systems. One such vulnerability lies in invalid character encodings that violate the UTF-8 standard. While overlong UTF-8...

Categories

Categories