Du får et grundlæggende kendskab til Linux, og lærer de vigtigste kommandoer. Derudover kommer vi til at vise nogle grundlæggende command-line værktøjer i Kali Linux, som er særligt brugbart indenfor cybersikkerhed. Denne session kræver ikke at man har en computer der kører Linux eller særlig software, så alle kan være med, og alt kører i en browser.

Learn to write bash scripts for fun and profit! Automate every day tasks! Impress your friends! Bring doom and despair to your enemies!1!! In this course we will learn to use bash to write scripts, and to use parameters and variables in those scripts. These scripts can be used to automate every day tasks such as making remote backups of interesting files and folders (wink wink​ We totally won’t be exfiltrating the data in those backups).

Du lærer ganske overordnet hvordan computernetværk fungerer. Herefter går vi over til hvordan scanning kan bruges til at identificere enheder på netværket, og lære om hvilke operativsystemer og services der kører – og hvordan scanning kan bruges til at finde sårbarheder. Til sidst kigger vi på grundlæggende opsamling og analyse af netværkstrafik med Wireshark.

Denne session handler om grundlæggende web-sikkerhed, hvor vi bl.a. kommer ind SQL Injections, Cross-site scripting, Cookies og Cross-Site Request Forgery. Der er fokus på at forstå principper bag sårbarhederne, men vi kigger også en hel del på værktøjer til at finde og udnytte dem – inklusive generelle værktøjer indenfor web-sikkerhed som bl.a. burp og dirbuster, som er brugbare i mange forskellige opgaver. Den sidste halvdel af tiden er afsat til at løse opgaver, med mulighed for at få hjælp (og der vil være opgaver på flere niveauer).

Exploitation is the art of making programs behave in unexpected and unintended ways, turning them to the attacker’s advantage. In this session we explore how programs are represented in the computer’s memory so that we can inject computer instructions into the memory. We also look at other simple representations of computer programs – like program graphs, assembly and intermediate representations – that can help us understand and reason about them in order to mount the attacks. The session will be a combination of English and Danish due to the teachers.

In this session you will learn the basic techniques that can help you build the attacks. You will learn about buffer overflows and how they can be used to inject code. You will learn about typical countermeasures such as ASLR and stack canaries, and techniques that make your attacks more resilient to these countermeasures. The session will be a combination of English and Danish due to the teachers.

In this session you will learn the basic techniques that can help you build the attacks. You will learn about buffer overflows and how they can be used to inject code. You will learn about typical countermeasures such as ASLR and stack canaries, and techniques that make your attacks more resilient to these countermeasures. The session will be a combination of English and Danish due to the teachers.

Flipped classroom: this session will provide a general overview of cryptology and introduce fundamental algorithms and technical prerequisites.

Flipped classroom: this session will provide a deeper study of cryptographic algorithms, modes and protocols, with a focus on what makes them work and where they are typically broken. This includes an overview of techniques for generating and managing cryptographic keys, as well as introduction to random number generators and bias in their output.

Flipped classroom: this session will provide a deeper study of cryptographic algorithms, modes and protocols, with a focus on what makes them work and where they are typically broken. This includes an overview of techniques for generating and managing cryptographic keys, as well as introduction to random number generators and bias in their output.

This is the advanced cryptology training session of Der Danske Cybermesterskaber, targeting specifically participants of the Nationals. In this session, you will learn more sophisticated techniques to solve common crypto related CTF problems.

Cyber forensics handler om at indsamle, analysere og præsentere digital data, f.eks. netværkstraffik, memory dumps og filer med skjult information. Vi vil i første halvdel af workshoppen fokusere på “steganografi” – at skjule data i andet data – og selv afprøve tools til at finde og extracte information. I anden halvdel skal vi se på digital hukommelse, og du får mulighed for selv at analysere et memory dump fra en computer, der har været udsat for et hackerangreb.

En penetration test udføres med tilladelse fra ejerne af systemerne, og har til formål at afdække ricisi og sårbarheder i det undersøgte system. I denne workshop vil vi diskutere penetration test: klassifikation, planlægning, udførsel og dens etiske og juridiske aspekter. Vi vil også behandle de mest alvorlige sikkerhedsproblemer i webbaserede applikationer idag, og prøve selv at finde en række sårbarheder. Vi har altså fokus på at træne dine evner indenfor penetration test!

The Domain Name System (DNS) is one of the most fundamental protocols in the network infrastructure and it is frequently abused for malicious purposes. In this training session, we will explore the major exploitation of DNS protocol and infrastructure and we explore tools and scripts to implement such exploitations.

Software (formal) Verification is the process of proving or disproving the correctness of a program or design with respect to a certain specification or property, using formal methods of mathematics.
One of the main methods is model checking, which is based on the creation of a mathematical model of the system and its automatic exploration.
This course will provide an introduction of software verification using model checking and industry-level tools such as TLA+.

The theme of this training session is Distributed Denial of Service (DDoS) attacks. First, the topic is introduced by outlining the typical motivations for and consequences of launching a DDoS attack, the structure of a DDoS service, the relevant legislation, the current academic research, commercial defense offerings, and the feature set of smaller (D)DoS attack tools. Then, a more in-depth presentation of the main types of DDoS attack are presented, as well as a more in-depth overview on how to choose the most suitable defensive techniques. Finally, the real-life defensive system deployed by Telenor is demonstrated, and the effect of an actual attack (and defense) on a game of Counterstrike is shown.