Summerschool Aachen 2005/Challenges

Open Challenges

• formatstringbug and race condition challanges (more challanges on the way)
• extend p0f to fingerrprint ScaPy (default) packets
• find a way to fingerprint
  • http://www.honeyd.org/
  • http://nepenthes.sourceforge.net/
  • http://www.mwcollect.org/
• Build an HTTP-Infrastructure Fingerprinting Tool
• Scan our strange network, fingerprint the stuff in there, modify existing fingerprinting tools to do so
• Find out how httprint works
• Build a minimal DHCP Server on ScaPy
• Build an Fingerprinting Tool for
  • dhcp
  • rsync
  • ssh
• Look into timing/fingerprinting SSH
  • (avoidance)
• Write a chapter for /TheBook

Challenges in Progress

• Daniel & Yves - glibc 2.3.5 look at how to exploit heap-based overflows (avoiding the checks)
• Typo & Ilja - 0wn putty
  • Update: We found some exploitable bugs. --Typo 18:10, 20 Sep 2005 (CEST)
• Max feat. Christian: /SSL fingerprinting
• Chris - Fake driver to replace Apple's IOI2CMotionSensor for further reverse engineering of the motion sensor driver
• Lorenzo
  • Pick Ilja's challenges up (didn't look at labsession.pdf yet; it should contain more challenges)
  • Just started a glibc function fuzzer (even if I guess it will take long time, tho :-)
  • "Genetic exploit" [to try] to fight against real address space layout randomization. Is it feasible/worth working on? I don't know yet :-) (I'm just starting to think about it; lot of hypotheses and scenario. main issues: fitness function, little knowledge about genetic algorithms :-\)
• Emin
  • A Bluetooth-device scanner based on ScaPy

Finished Challanges

• Max: Exif_Thumb finish last years project - done see [1] [2]
• Max: RSS fuzzer - done see http://blogs.23.nu/disLEXia/stories/9928/
• Christian feat. Max - verBOTen - a bot that mirrors only that stuff that is protected by robots.txt see also [3]