During the course, we will announce a "challenge" here every once in a while. These challenges will allow you to gain some basic practical experience in the security analysis and exploitation of software.

We planned ~8 challenges (with plenty of optional extras) that deal with topics such as common security tools, web vulnerabilities, memory corruption, and reverse engineering. The challenges are directly related to the concepts discussed in the lectures.

These are not necessarily difficult -- at least for people who can program and who have basic web, networking, and software knowledge. You don't need to be an expert software engineer either; this course is more focused on breaking stuff :)


Practical challenges will require you to do research on the Internet, read documentation, and do some self-learning. Of course, you also need patience. As a wise man once said, security is part science and part black magic. The only way to get better is to persevere and keep practicing.

By the way, we are aware that the lab environment is not highly secure -- after all you will be tasked with hacking some of it. At the same time, we trust you that you will NOT try to break parts of the infrastructure that are not explicitly shown to be targets for you to exploit. That is NOT a challenge. The same goes for the university networks and the rest of the Internet -- touch those, and you will be violating various university policies, and possibly committing a crime, too. Remember that you are the good guys/gals. If we notice that you are trying to crack something you are not supposed to, there will be consequences.

Good luck and happy debugging ;-)

Challenge 9
Challenge 8
Challenge 7
Challenge 6
Challenge 5
Challenge 4
Challenge 3
Challenge 2
Challenge 1
Challenge 0

Bonus Challenges

Bonus 4
Bonus 3
Bonus 2
Bonus 1

Last Modified: Tue Mar 27 09:10:11 2018 EST