Network Security, Autumn 2015

Basic Course Information
Course Code 263-4640-00L
Language English
Instructors Prof. Dr. Adrian Perrig [AP]
Dr. Thomas Dübendorfer [TD] (Email)
Dr. Stefan Frei [SF]
Teaching Assistants Daniele Asoni [DA]
Sam Hitz [SH]
Steve Matsumoto [SM]
Lectures Tuesday 10:15-11:55, ETF C1
Guest Talks and Exercise Sessions Tuesday 9:15-10:00, ETF C1
Lab Use your laptop and log into
Solve the challenges of our NetSec event online at any time you want.
Teams of five students will create one new challenge per team.
Office Hours Monday 13:00-15:00, CAB F 86.2 (from Oct 5th)
Grading You must pass the exam to get credit points
Course Website
Course Slides/Readers (SVN) Use your n.ethz account to access the slides and readers in the SVN:
Course News
19.9.2015 Lecture video recordings:
15.9.2015 Students must sign and submit the legal use declaration for this course no later than 22.9.2015.
German: PDF Word
English: PDF Word
Date Guest or Exercise Lecture Lab
Week 1, 15.09.2015 Dr. David Barrera, ETH Zurich: Computer Networks Refresher
Slides: PDF
Introduction, Insecurity, and Risk [SF]; Hacking Lab Introduction [SM]
Slides: Introduction, Hacking Lab
Get Hacking-Lab account, join event and set up access
Week 2, 22.09.2015 E1: Insecurity and Basics [SH] Identity and Authentication [TD] Do one step-by-step example
Week 3, 29.09.2015 Emilia Kasper, Google: "TLS Certificate Security" Firewalls, IDS, and NAT traversal [AP] No new challenges
Week 4, 6.10.2015 Maxim Raya, Credit Suisse: "Network Security at Credit Suisse" DNS Security [SF] No new challenges
Week 5, 13.10.2015 Christof Jungo, Head Security Architecture at Swisscom: "Trusted Computing at Swisscom" Secure Channels: Principles, VPN, SSH [TD]
Availability and DoS [TD]
No new challenges
Week 6, 20.10.2015 Vincent Lenders, Armasuisse: "Next-generation Air Traffic Control: Overview and Security Issues" Session State; SQL Injection [SF] nmap, Wireshark, and DNS
Week 7, 27.10.2015 Raphael M. Reischuk, Network Security Group: "SCION" TLS Part 1 [AP] Session state and SQL injection
Week 8, 3.11.2015 E2: DNS [DA] TLS Part 2 [AP] No new challenges
Week 9, 10.11.2015 Ivano Somaini, Compass Security AG: "Social Engineering" Cross-Site Scripting (XSS) [TD] 2300: XSS Wargame Guestbook
2301: Second Order Injection
2662: XSS Shell
Week 10, 17.11.2015 E3: Application Security [DA] Malware [TD] 2652: Web 2.0 Worm Development
2663: JavaScript Malware Analysis
5028: Conficker Attack
5104: Virus Total
Week 11, 24.11.2015 Serge Droz, SWITCH: "Switch CERT" Malware Development and Demo; Botnets [SF] No new challenges
Week 12, 1.12.2015 E4: XSS, Malware/Bots [SH] Email Spam [TD] No new challenges
Week 13, 8.12.2015 Candid Wuest, Principal Threat Researcher, Symantec: "Malware Analysis and Prevention" Security Ecosystem; Evasion Modelling, Detection Failures, and Endpoint Security [SF] TBD
Week 14, 15.12.2015 David McLaughlin, ETH Zurich: "Spam Fighting at ETH" Case Study: Security Online Ticket Shop [TD]
Full Disclosure Debate, Wrap-Up [AP]
TBD (some challenges to help you prepare for the exam)
To contact the instructors or teaching assistants for this course, please send an email to