CyberChallenge.IT Cybersecurity training

The UniPD Node of the CINI Cybersecurity National Lab and the SPRITZ Security and Privacy Research Group are organizing the CyberChallenge.IT 2022 at the University of Padua! This is a program aimed at training in cybersecurity the best Italian students that are between 16 and 24 years old. CyberChallenge.IT is a program sponsored by the CINI Cybersecurity National Lab in collaboration with the National Cybersecurity Research Committee.
If you are young, have good programming knowledge, and want to further improve your skills, check out the official website of the event for more details: CyberChallenge.IT

Local Organizers

• Mauro Conti, Head of the Spritz Group and local coordinator of the CyberChallenge event, UniPD
• Eleonora Losiouk, Assistant Professor in the Spritz Group and coach of the local team, UniPD
• Alessandro Brighente, Assistant Professor in the Spritz Group and coach of the local team, UniPD
• Bogdan Bejan, High School student
• Matteo Bazzan, BSc student, Computer Science, UniPD
• Leonardo Bilato, BSc student, Computer Science, UniPD
• Riccardo Bonavigo, BSc student, Computer Science, UniPD
• Mirco Borella, BSc student, Computer Science, UniPD
• Samuele Esposito, BSc student, Computer Science, UniPD
• Dante Geretto, BSc student, Computer Engineering, UniPD
• Gioele Scandaletti, BSc student, Computer Science, UniPD
• Alessandro Mizzaro, BSc student, Computer Science, University of Trento
• Stefano Zanovello, BSc student, Computer Science, UniPD
• Leonardo Costa, MSc student, Cybsersecurity, UniPD
• Francesco Felet, MSc student, Cybersecurity, UniPD
• Augusto Zanellato, MSc student, Cybsersecurity, UniPD

Lectures program

26/02/2024	Intro: General introduction to CyberChallenge.IT & CTFs (Mirco Borella)	16.00-19.00 in LabP55, Complesso Paolotti
29/02/2024	Network: Network and Docker basics (Dante Geretto)	16.00-19.00 in LabP55, Complesso Paolotti
04/03/2024	Network: Network Security and Traffic Analysis using Wireshark (Bogdan Bejan)	16.00-19.00 in LabP55, Complesso Paolotti
07/03/2024	Network: Attack & Defense: A network security case study (Augusto Zanellato)	16.00-19.00 in 1BC45, Torre Archimede
11/03/2024	Crypto: Introduction to Symmetric key cryptography Encodings, substitution ciphers, xor and Vernam cipher (OTP), perfect secrecy, attacks on key reuse (Leonardo Bilato)	16.00-19.00 in LabP55, Complesso Paolotti
14/03/2024	Crypto: Block ciphers, Definition, interpretation as a substitution cipher, modes of operation, attacks (on modes of operation and Meet In The Middle on DES) (Leonardo Bilato)	16.00-19.00 in LabP55, Complesso Paolotti
18/03/2024	Crypto: Stream ciphers, (conclusion of lec 2: padding oracle attack on CBC), stream ciphers definition, examples and importance of the nonce (Leonardo Bilato)	16.00-19.00 in LabP55, Complesso Paolotti
21/03/2024	Crypto: Public key cryptography: Key exchange, Basics of Number Theory: GCD, XGCD, modular arithmetic, CRT. Diffie-Hellman key exchange, Man In The Middle [maybe a bit of algebra and Pohlig-Hellman attack on DLOGs] (Gioele Scandaletti)	16.00-19.00 in LabP55, Complesso Paolotti
25/03/2024	Crypto: RSA, Definition, proof of correctness (and another bit of algebra), RSA-CRT, attacks on textbook RSA (Gioele Scandaletti)	16.00-19.00 in LabP55, Complesso Paolotti
28/03/2024	Crypto: Hashes and MACs, (conclusion of lec 5: more attacks on textbook RSA), hash functions and cryptographic hash functions, Merkle-Dämgard construction (length extension attack) vs sponge construction, Message Authentication Codes (Gioele Scandaletti, Riccardo Bonavigo)	16.00-19.00 in LabP55, Complesso Paolotti
04/04/2024	Crypto: Digital signatures, DSA, RSA, attacks (Riccardo Bonavigo)	16.00-19.00 in LabP55, Complesso Paolotti
08/04/2024	Crypto: Random Number Generators, Cryptographically secure PRNGs, examples of crypto secure and non-crypto secure PRNGS, attacks on non cryptographically suitable PRNGs (Riccardo Bonavigo)	16.00-19.00 in LabP55, Complesso Paolotti
10/04/2024	Advanced Crypto: Lattices for cryptanalisys, Recap of linear algebra, lattice definition, hard problems on lattices, lattice reduction algorithms (LLL, BKZ, flatter) and an example of usage in CTFs [optional, not CC relevant, in a random day] (Francesco Felet)	16.00-19.00 in 1BC50, Torre Archimede
11/04/2024	Web: HTTP Protocol and Web-Security Overview + Server-Side Request Forgery (Matteo Bazzan)	16.00-19.00 in LabP55, Complesso Paolotti
15/04/2024	Web: File Disclosure + Logic Vulnerabilities (Matteo Bazzan)	16.00-19.00 in LabP55, Complesso Paolotti
17/04/2024	Web: Code and Commands Injection (Leonardo Costa)	16.00-19.00 in 2AB40, Torre Archimede
18/04/2024	Web: SQL Injection (Leonardo Costa)	16.00-19.00 in LabP55, Complesso Paolotti
22/04/2024	Web: Cross Site Scripting (XSS) (Alessandro Mizzaro)	16.00-19.00 in LabP55, Complesso Paolotti
24/04/2024	Web: XSS + XXE (Alessandro Mizzaro)	16.00-19.00 in 1BC50, Torre Archimede
29/04/2024	Software: Introduction: assembly, executable formats (Samuele Esposito)	16.00-19.00 in LabP55, Complesso Paolotti
02/05/2024	Software: Reverse engineering and main tools (Samuele Esposito)	16.00-19.00 in LabP55, Complesso Paolotti
06/05/2024	Software: Debugging, buffer overflow (Samuele Esposito)	16.00-19.00 in LabP55, Complesso Paolotti
09/05/2024	Software: Calling convention, advanced buffer overflow (Stefano Zanovello)	16.00-19.00 in LabP55, Complesso Paolotti
13/05/2024	Software: Shellcode injection (Stefano Zanovello)	16.00-19.00 in LabP55, Complesso Paolotti
16/05/2024	Software: Format string vulnerabilities (Stefano Zanovello)	16.00-19.00 in LabP55, Complesso Paolotti
20/05/2024	Software: Dynamic linking, return-to-libc (Augusto Zanellato)	16.00-19.00 in LabP55, Complesso Paolotti
23/05/2024	Software: Return Oriented Programming (Augusto Zanellato)	16.00-19.00 in LabP55, Complesso Paolotti
27/05/2024	A/D Preparation (Augusto Zanellato)	16.00-19.00 in LabP55, Complesso Paolotti
29/05/2024	Gara locale

CyberChallenge 2018: the UniPD team got the first national prize!

On the news: Il Bo Live UniPD