The CISPA Spring School 2018 will give you a deep dive into four highly relevant areas of system security. You will be able to meet and learn from top experts in these fields. During hands-on training sessions you will learn how to understand, find and exploit vulnerabilities for different platforms (Mobile, Web, and PC) and how to counter these exploits. Furthermore, you will be able to showcase your own best work in a poster session and discuss them with top researchers.
When: April 3 - April 6, 2018
Where: CISPA - Helmholtz Center i.G.
Participation fee: 180,- € (including public transportation, 1 excursion, 4x lunch, 3x dinner, 8x coffee break, social program).
Accommodation: not included in the participation fee, but CISPA is providing support in finding accommodation. Click here for more information.
Application deadline: Late registration until February 25, 2018!
• Michael Backes (CISPA)
• Sven Bugiel (CISPA)
• Nick Nikiforakis (Stony Brook University)
• Stefan Nürnberger (CISPA)
• Siegfried Rasthofer (Fraunhofer SIT)
• Christian Rossow (CISPA)
• Ben Stock (CISPA)
• Andreas Zeller (CISPA)
Attacking Android Apps
Mobile apps have become an integral aspect of most of our daily routines and are hence entrusted with some of the most sensitive private information. In this session, we will cover basics of Android apps’ architecture and then delve into some of the most common security vulnerabilities of apps, their effects, and their root causes. In addition, we will look into state-of-the-art code analysis techniques for apps and their challenges in the particular setting of Android’s system design.
Grammar-based Testing & Fuzzing
Finding Web Security Flaws
The Web today has grown into a fully-fledged application platform, fueling widely used services like Social Networks, email clients, or even office applications. In this session, we cover the basic security principleson the client, showing different attacks allowing an adversary to control the browser of his victim, such as XSS or CSRF. Moreover, we cover lesser-known classes of flaws, which may allow adversaries to extract information from their victim. Based on the attack techniques taught in the course itself, you will then be able to test your newly acquired skills by exploiting vulnerable Web applications.
Crafting Software Exploits
Ever wondered about what use-after-free vulnerabilities, heap spraying, buffer overflows, control-flow integrity or ASLR are really about? This One-day session covers a wide range of software exploitation techniques and cutting-edge defenses. We lay the foundation with in-depth knowledge about operating systems and software-hardware interaction in general. This is followed by a crash course on 64 bit Intel assembly, which will give you first building blocks for attack techniques against vulnerable software. This ranges from basic exploitation techniques that piggyback malicious payload to sophosticated code-reuse attacks, which can change the behavior of a victim program. By the end of this day, you will be able to prove your fresh skills by cracking a vulnerable software.
For more information, please send an email to spring-schoolnoSpam@cispa.saarland.