{"id":57375,"date":"2025-04-02T15:27:00","date_gmt":"2025-04-02T13:27:00","guid":{"rendered":"https:\/\/www.usd.de\/?p=57375"},"modified":"2025-05-28T14:59:07","modified_gmt":"2025-05-28T12:59:07","slug":"hacker-contest-wise-24-25","status":"publish","type":"post","link":"https:\/\/www.usd.de\/en\/hacker-contest-wise-24-25\/","title":{"rendered":"Hacker Contest Winter Semester 2024\/2025: TU Students Contribute to #moresecurity"},"content":{"rendered":"\n

Identifying vulnerabilities, taking responsibility, creating real security \u2013 and learning in a hands-on way: That\u2019s what the Hacker Contest at TU Darmstadt is all about. <\/p>\n\n\n\n

27 students, nine teams, one goal: to train in the secure handling of vulnerabilities \u2013 from analysis to hacking to responsible disclosure. Once again, the Hacker Contest demonstrated what practical training in IT security can look like \u2013 and how young talents can contribute to digital security.<\/p>\n\n\n\n

<\/p>\n\n\n\n

From theory to practice <\/h2>\n\n\n\n

The proven concept of the Hacker Contest once again relied on a multi-stage teaching format this winter semester. Participants acquired solid knowledge about penetration testing, vulnerability analysis, and responsible disclosure \u2013 i.e., the professional handling of discovered security flaws. <\/p>\n\n\n\n

In the PentestLab, they were able to directly apply this knowledge and test it in realistic scenarios. Many students praised the hands-on format: trying out different attack techniques, thinking creatively, and navigating complex attack chains \u2013 all of this was trained in the PentestLab. <\/p>\n\n\n\n

<\/p>\n\n\n\n

Vulnerabilities with real-world impact <\/h2>\n\n\n\n

In a practical exercise, students analyzed popular open-source software with the goal of identifying security-relevant vulnerabilities. The results show that the findings went far beyond academic exercises and had real-world relevance. <\/p>\n\n\n\n

\n
\n
\n

Tobias Hamann, Managing Security Consultant at\u202fusd HeroLab: 
\u201cThe students showed that they are capable of analyzing complex security issues and identifying vulnerabilities that are highly relevant to companies and development teams. A remarkable contribution to #moresecurity.\u201d <\/p>\n<\/blockquote>\n<\/div>\n\n\n\n

\n
\"Portrait<\/figure>\n<\/div>\n<\/div>\n\n\n\n

<\/p>\n\n\n\n

Responsible Disclosure: Security is more than just hacking <\/h2>\n\n\n\n

In the practical task, students not only trained their technical security analysis skills but also practiced responsible security communication.<\/p>\n\n\n\n

\n
\n
\n

Tim W\u00f6rner, Managing Security Consultant at\u202fusd HeroLab: 
\u201cResponsible security research doesn\u2019t just mean finding vulnerabilities \u2013 it means documenting them clearly, communicating them effectively, and considering all stakeholders involved. The participants demonstrated this impressively.\u201d <\/p>\n<\/blockquote>\n<\/div>\n\n\n\n

\n
\"\"<\/figure>\n<\/div>\n<\/div>\n\n\n\n

The students reported their findings directly to the respective developers. Some security issues have already been resolved quickly, while responses to others are still pending or in progress. Several participants received positive feedback \u2013 a strong signal from the field. <\/p>\n\n\n\n

All reports followed the usd Responsible Disclosure Policy. The goal: to handle vulnerabilities responsibly and give development teams the opportunity to fix them before any details are made public. <\/p>\n\n\n\n

\n
\n
\n

Matthias G\u00f6hring, Head of usd HeroLab: 
\u201cWe encouraged students to publish their responsible disclosure findings independently. We\u2019re excited to see the results.\u201d <\/p>\n<\/blockquote>\n<\/div>\n\n\n\n

\n
\"\"<\/figure>\n<\/div>\n<\/div>\n\n\n\n

One student has already published their vulnerabilities: Finding Security Vulnerabilities in Open-Source Repos<\/a>. Such publications make an important contribution: they inform users about necessary updates, raise awareness for security risks, and promote knowledge exchange within the security community. <\/p>\n\n\n\n

<\/p>\n\n\n\n

Hacker Contest: More than just a competition <\/h2>\n\n\n\n

The Hacker Contest at TU Darmstadt shows: IT security requires both technical expertise and responsibility. <\/p>\n\n\n\n

We thank all participants for their commitment and their contribution to #moresecurity. We look forward to seeing how their findings continue to develop. <\/p>\n","protected":false},"excerpt":{"rendered":"

Identifying vulnerabilities, taking responsibility, creating real security \u2013 and learning in a hands-on way: That\u2019s what the Hacker Contest at TU Darmstadt is all about.  27 students, nine teams, one goal: to train in the secure handling of vulnerabilities \u2013 from analysis to hacking to responsible disclosure. Once again, the Hacker Contest demonstrated what practical […]<\/p>\n","protected":false},"author":117,"featured_media":57391,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"off","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"categories":[],"tags":[443,444,422,378,1499,487,381,6340],"class_list":["post-57375","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-hacker-contest-en","tag-it-security-2-en","tag-penetration-test","tag-pentest-en","tag-pentester-2","tag-security-analysis-en","tag-security-research-en","tag-tu-darmstadt-en"],"_links":{"self":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/57375","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/users\/117"}],"replies":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/comments?post=57375"}],"version-history":[{"count":5,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/57375\/revisions"}],"predecessor-version":[{"id":57434,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/posts\/57375\/revisions\/57434"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media\/57391"}],"wp:attachment":[{"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/media?parent=57375"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/categories?post=57375"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.usd.de\/en\/wp-json\/wp\/v2\/tags?post=57375"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}