Category: Talks and Learning Resources

• Oct 11, 2024 Intro Talks WS 2024/2025

  Starting on the 07th of November, we will be holding introductory talks for the main categories of Capture the Flag. We meet on Thursdays at 7pm in the CS building 50.34, room -101. Please bring a laptop if possible.

• Apr 11, 2024 Intro Talks 2024

  Starting on the 25th of April, we will be holding introductory talks for the main categories of Capture the Flag. We meet on Thursdays at 7pm in the CS building 50.34, room -101. Please bring a laptop if possible.

• Dec 20, 2023 Talk: Frida Game Hacking

  CTF challenges are usually well-behaved programs. But what do you do in more complex cases such as games, messenger applications (e.g. e2e encryption) or mobile applications (e.g. certificate pinning)? Frida to the rescue!

• Nov 2, 2023 Talk: Insecure GitHub Actions

  You know GitHub Actions, these small building blocks that make your dev life easier… But they can also get you pwned in no time, if you are not careful.

• Oct 19, 2023 Intro Talks WS 2023/2024

  Starting on the 2nd of November, we will be holding introductory talks for the main categories of Capture the Flag. We meet on Thursdays at 7pm in the CS building 50.34 room -120.

• Sep 21, 2023 Talk: Nix and NixOS

  Slides, in German, for the talk What is Nix and NixOS. The talk was held on August 24, 2023.

• Jul 27, 2023 Talk: Introduction to V8 JIT Compilation

  Deep dive in how the Chrome browser executes JavaScript and how this can break.

• Jul 7, 2023 Python Jail Escapes

  At our weekly meetings we had a talk about Python jail escapes, aka. getting around restrictions that make it hard to execute os.system('cat flag.txt'). In the talk we went through challenges, that we present here as exercises to practice. Starting very simple and then digging more and more into python internals.

• Jun 22, 2023 Talk: Introduction to SpiderMonkey exploitation

  How is javascript actually executed in firefox from the interpreter to the optimizing JIT compiler? This and other questions related to spidermonkey exploitation are answered in a walkthrough of the GPNCTF 2023 challenge icefox.

• May 19, 2023 Talk: Linux Namespaces

  What are linux namespaces and how can we e.g. build docker using it?

• Apr 19, 2023 Intro Talks 2023

  Starting on the 27th of April, we will be holding introductory talks for the main categories of Capture the Flag. We meet on Thursdays at 7pm in the CS building 50.34 room -120 (sometimes we may meet in room -118).

• Apr 13, 2023 Talk: Advanced Ghidra

  We tame the dragon and get it to teamwork. This talk is about advanced Ghidra usage, specifically:

• Apr 10, 2023 Talk: Elliptic Curves 2

  Continuation of Elliptic Curves 1 by Benedikt. Here are the Slides. As always CryptoHack is a great place to practice.

• Apr 4, 2023 Talk: CodeQL Workshop

  Finding vulnerabilities at scale by doing static analysis with CodeQL. intrigus’ workshop tells you how!

• Feb 24, 2023 Talk: Lattice-based Cryptography

  Continuing our theme of learning about foundations of modern crypto algorithms, Robert introduced us to lattices. Specifically we covered:

• Feb 23, 2023 Talk: Elliptic Curves

  We look at curves that look like fish and do some maths to break some crypto. Benedikt shows us how.

• Feb 23, 2023 Talk: C++ Reversing

  What weird things can happen when reversing C++ binaries and how not die from them? Slides of Liam’s talk from 2023-01-26.

• Feb 21, 2023 Talk: Intro to Smart Contract Exploitation

  More and more CTFs include web3 challenges. On 2023-02-09 @mawalu talks about web3, common vulnerabilities in smart contracts, and touch on what you need to run a web3 challenge. We’ll do (ethereum) challenges afterwards!

• Feb 21, 2023 Intro Talks 2022

  Archive of 2022 introductory talks. Even if you missed the talks, you can always attend our weekly in-person meetings: Thursdays 7pm, 50.34 room -120 (sometimes we may be in room -118).

• Jul 21, 2022 How to learn (non-exhaustive list)

  Useful resources for learning hacking with CTFs.

• May 16, 2019 Einführungsvorträge im Sommersemester '19

  Auch im Sommersemester 19 wird es Einführungsvorträge zu relevanten Themenbereichen geben.

• Nov 13, 2018 Folien der Vorträge im Wintersemester '18/19

  Auch im Wintersemester 18/19 gab es wieder Einführungsvorträge zu relevanten Themenbereichen.

• Oct 15, 2018 Folien der Vorträge im Sommersemester '18

  Binary Exploitation (07. Mai)

  Hier sind die Folien des Einführungsvortrags zum Thema Binary Exploitation am 07.05.2018.

• Apr 23, 2018 Folien vom Einführungsvortrag im Sommersemester '18

  Hier sind die Vortragsfolien vom heutigen Einführungsvortrag. Die Beispielaufgaben sind noch eine Weile verfügbar.

• Dec 11, 2014 Basic Tools

  CTFs are about the skill, not about the tools. Still, you’ll need a couple of tools to be successful.
  In general a good advice is to get used to working with the OS shell. There’s really a lot of things you can do very quickly and effectively if you know your way around bash/zsh/your_favourite_shell_here and python or your_favourite_scripting_language_here.

• Nov 13, 2014 Staying up-to-date in infosec

  tl;dr just subscribe to r/netsec on reddit.
  The following is a list of sources to help you stay up-to-date in infosec. If you’re just starting out it probably still can’t hurt to read some of the posts and try to understand them. More often than not they’ll also point you to introductory resources for the topic.

• Nov 13, 2014 Getting Started with CTF

  We’ve created a small guide to get you started with CTF and more or less infosec in general. There are a few selected resources for each of the major CTF disciplines that should help you get up to speed in those.