University of Hamburg - to research, to teach, to educate and form, to homepage
Hub for Crossdisciplinary Learning
Hub for Crossdisciplinary Learning

Photo: UHH/von Wieding

Hub for Crossdisciplinary Learning

Cinsects: Collaborative Analysis of Savety Problems and Elimination of loopholes in Software- and Server Systems

The Cinsects are a student working group in computer science, which deals with IT-safety problems regularly. In order to manifest the knowledge of real safety problems in IT, we participate in or host international IT-safety contests so called “IT Security CTFs” several times a year.

The key question is how loopholes can be found in the most effective and efficient way. With the passing of time, diverse context specific methods have been developed which reach that goal in different ways. The toolbox of the IT Security Researchers is divers from automatic loophole scans to the automatic trial of input (“Fuzzing”) to the manual tool-based analysis of programs.

What is missing in the toolbox of the IT Security Researchers?

In the current project, the Cinsects focus on the collaborative analysis of loopholes in so called “Binaries”, that is already compiled programs and on the location of safety problems in websites. Current tools are aimed at the solitary use of a single person. Our goal is to evaluate how this process can be made more collaborative and possibly enlarge the tools.

In order to do this, we analyze the aproach of teams participating in IT safety competitions and which have partly perennial experience in analyzing applications.

What is a CTF?

Capture the Flag is a competition in the field of computer safety in which "Flags" are hidden in an intentionally unsecure program o in a Website. Participants have to use the loop holes in the application in order to reach the flags. Points will be distributed in accordance with the level of difficulty for finding the flags. CTF Challenges can be divided into different categories. Popular categories are Web Security, Binary Exploitation, Digital Forensic and Kryptography inter alia. CTF competitions are often held online and teams from all over the world can participate.

I would like to know more about IT safety, how can I contact you?

The Cinsetcs are always open to new members. You can contact us via the linked communication channels on cinsects.de. We meet at least once a week at the Informatikum of the University of Hamburg in Stellingen. You are coming from a different discipline or do not know much about computer science? That is not a problem! We are often contacted by students who start from scratch. We have resources up our sleeves which will bring you up to date and we also like to talk about IT problems on a societal level.

A lab at the  "Informatikum" and the home of Cinsects

Research group

Florian Nehmer (Student M.Sc. Informatik)

Maya Herrscher (Studentin M.Sc. Informatik)

Fabian Fröhlich (Student M.Sc. Informatik)