course: Master Prac­tical Cour­se Vulnerability Assessment

teaching methods:
practical course
e-learning, Moodle, computer based presentation
responsible person:
Prof. Dr. Thorsten Holz
Prof. Dr. Thorsten Holz (ETIT), Dr. Ali Abbasi (ETIT), M. Sc. Tobias Scharnowski (ETIT)
see examination rules
offered in:
summer term

dates in summer term

  • kick-off meeting: Wednesday the 14.04.2021 from 14:15


Die Angaben zu den Prüfungsmodalitäten (im WiSe 2020/2021 | SoSe 2021) erfolgen vorbehaltlich der aktuellen Situation. Notwendige Änderungen aufgrund universitärer Vorgaben werden zeitnah bekanntgegeben.
Form of exam:lab
Registration for exam:Directly with the lecturer
continual assessment


The students obtain a profound understanding of the functionality of modern, attack techniques and defense mechanisms. They know different techniques from both areas and can apply both of them. More specifically, the participants are proficient in corresponding reverse engineering techniques and can analyze complex software vulnerabilities on their own. The students can design and implement analysis tools on their own and learn how to perform research in the area of software security.


The practical course deepens the topics covered in the lecture "OS security". The participants work in groups of typically two students and analyze and implement a total of seven examples of real-world software vulnerabilities with an increasing level of difficulty. For each exercise, the vulnerabilities are discussed during a mandatory meeting and corresponding analysis and exploiting techniques are presented. We expect that students perform their own research and investigation to solve the exercise.

Among other aspects, the following topics will be covered:

  • Different vulnerability classes
  • Software vulnerabilities on both ARM and Intel
  • Strengths and weaknesses of defenses such as DEP and ASLR
  • Reverse engineering of binary executables



recommended knowledge

Basic knowledge in reverse engineering are recommended, for example by successful completion of the course "program analysis" and experience with x86 assembly language. Experience in systems programming under Windows (assembler / C) is helpful.


There is a mandatory meeting every two week during which we present the new exercises and every other week we offer an optional meeting to answer questions. All materials for the course are available via Moodle, please register for the course online.

At most 20 students can participate in the practical course. More information on the planned schedule and the formal requirements are discussed in a preliminary meeting that takes place in the first week of the semester.

In the summer semester 2021, the preliminary meeting will take place online. All information about the planned schedule will be distributed via Moodle, please enroll in the Moodle course.