Video Lectures and further information on the course offensive security at Hochschule Bonn-Rhein-Sieg.

Community: **LEA Course, Discord, BBB**

This segment is about **introduction, motivation and formalities**.

This segment is about **HTTP and the OWASP Top 10**.

This segment is about **sessions in the HTTP**.

In this week's homework you're supposed to get an understanding of how security relevant bugs occur. It's mainly about OWASP A2, A3 and A5. The homework consits of these tasks:

- Do the python tutorial at learnpython.org
- Check out the documentation of Python requests. It will be very useful for the tasks. You can install it with pip install requests
- Reach the required amount of points at hackfest.redrocket.club at course HackPra-Week0.

This segment is about **giving an introduction to injections**.

This segment is about command injection.

This segment is about **code injections**.

This segment is about **SQL injections**.

In this week's homework you're supposed to learn how injection bugs are exploited. The homework consits of these tasks:

- Do the shell tutorial at shellscript.sh. Beeing able to use the shell will boost your productivity by a factor of 10!
- Read the writeup at openwall about bypassing OpenBSD services login with command injection. Have a laugh.
- Reach the required amount of points at hackfest.redrocket.club at course HackPra-Week1. Use a search engine of your choice to find relevant information.

This segment is about **what is different this week**.

This segment is about cross site scripting.

This segment is about **XML security**.

This segment is about **serialization**.

This segment is about **race conditions and desynchronization**.

In this week's homework you're supposed to learn how injection bugs are exploited. The homework consits of these tasks:

- Read the writeup by Netanel Rubin about hacking moodle. It combines multiple topics we've covered into one exploit. It will help you with the 1337 task!
- Reach the required amount of points at hackfest.redrocket.club at course HackPra-Week2. Use a search engine of your choice to find relevant information.

This segment is about **this week**.

This segment is about **introducing the topic**.

This segment is about **symmetric cryptography**.

This segment is about **block cipher modi**.

This segment is about **hashes and message authenticity**.

This segment is about **unrelated things**.

In this week's homework you're supposed to learn how injection bugs are exploited. The homework consits of these tasks:

- FYI (not a homework) good and free course on cryptography by one of the best cryptographers in the world: On Coursera
- Reach the required amount of points at hackfest.redrocket.club at course HackPra-Week3. Use a search engine of your choice to find relevant information.

This segment is about **this week**.

This segment is about **introducing the topic**.

This segment is about **the background on RSA**.

This segment is about **choosing bad parameters**.

This segment is about **common pitfalls**.

This segment is about **bad padding**.

- You only need 50 points to pass this week. I'm mainly interested if you can solve kekse with the supplied literature.
- Read up on how RSA signing works, e.g. here.
- Read up on the bellcore attack, e.g. Section 5.2 here. Then solve the task "keks".
- I recommend pycryptodome for the tasks
- Reach the required amount of points at hackfest.redrocket.club at course HackPra-Week4.

This segment is about **the next weeks**.

This segment is about **entropy**.

This segment is about **the linear congruential generator*.

This segment is about **the mersenne twister**.

This segment is about **ECC and ECDSA**.

In this week's homework you're supposed to learn how entropy fails can be exploited. The homework consits of these tasks:

- Reach the required amount of points at hackfest.redrocket.club at course HackPra-Week5.