Lecture
Lecture Challenges (VO)
During the lecture, we will present small “Lecture Challenges” as a bonus. These challenges are optional, but solving them results in bonus points for the lecture exam.
The aim of the challenges is to dig deeper into a certain topic of the respective lecture. Thus, it is advisable to try to complete the challenge soon after the lecture.
Exam defenselets (VO)
Exam defenselets are small challenges that can be used to cross out one entire exam part and get the points from the defenselets instead (25%=10 points of your exam).
The defenselets can be solved during the semester and handed in your provided git repository, but must already be available on the examination date.
We will send the points achieved to all enrolled students on the evening before the exam.
If you have solved the exam defenselets before the exam and pushed them to your repository, just tick that you solved them during the exam and you will get the points instead of one entire exam part.
You must explicitly mark the exam part you wish to cancel.
There are 13 defenselets, each of which is worth 0.6 points.
In total, you can get (at most) 10 points which equal 25% of your exam.
You are encouraged to work in groups and discuss the defenselets.
However, be aware that you should be able to understand the defenselets.
The upstream repository can be found here:
https://extgit.iaik.tugraz.at/sase/lecture/lecture-challenges-upstream
The exam defenselets are the same as the hacklets 1 and 2.
Docker image:
We use Docker to run the challenges and test your exploits.
The image is based on Ubuntu and contains tools you might need when working on the challenges.
The Docker image can be used via the ./docker.sh script, which is included in the upstream repository.
- Use
./docker.sh updateto pull the latest image (do this when you are using the script for the first time). - Use
./docker.sh runto get a root shell inside the container. - Use
./docker.sh runto automatically execute the challenge and test your exploit (e.g../docker run router).
Inside the container the directory /tmp/app is volatile.
This means that any changes you make there will not persist once you exit the container (they will be lost).
The directory /app is mounted and any changes you make there will persist.
When using ./docker run the script will execute the execute_permissions.sh script of the corresponding challenge inside the Docker container.
This will then run your exploit with appropriate permissions.
Rules
- Challenges have to be solved on your own
- All challenges have to be submitted to our test system
- The bonus points are only valid for the first two exam dates
- To get the bonus points, you have to write your username on the exam sheet
- You cannot get positive with bonus points, i.e., bonus points only count if you are already positive
Lecture Exam
Exams are done in writing. The dates for the exams will be set in TUGOnline; please register there.
Exams consist of both theoretic questions and practical questions. Theoretic questions are basically the theoretic parts of the slides and possibly additional content presented in the lecture which are not part of the slides. Practical questions are, in principle, similar to the tasks given in the lecture challenges as well as in the practicals. However, the complexity of the questions is scaled to make them adequate for the time available during an exam.
All questions of the exam are in English. Answers can be given either in English or in German, at the student’s discretion.
No lecture notes, or any other materials are allowed during an exam. All materials required to solve the practical questions are provided at the exam. E.g., the provided materials include an ASCII table, a C function reference for required functions, and a table containing the required syscall parameters.
Sample Exams
We also provide old exams to help you prepare for the exam: