PristupačnostOffensive Security
Data is displayed for academic year: 2023./2024.
Course Description
This course is about attacks in cyber space which is useful skill for two reasons. The first one is that knowing how attackers behave in cyber space one can better prepare defenses. The second reason is that performing attacks it is possible to check defences of an organization, which is usually done via activities known as penetration tests and red teaming. This course will teach students for operational, tactical and technical planning of attacks and their execution. This also include gathering information necessary for successful execution of attacks. Students will be also made aware of ethical and legal issues that arise from offensive security.
Study Programmes
University graduate
[FER3-HR] Audio Technologies and Electroacoustics - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Communication and Space Technologies - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Computational Modelling in Engineering - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Computer Engineering - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Computer Science - profile
Elective Courses
(3. semester)
Elective Courses of the Profile
(3. semester)
[FER3-HR] Control Systems and Robotics - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Data Science - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Electrical Power Engineering - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Electric Machines, Drives and Automation - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Electronic and Computer Engineering - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Electronics - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Information and Communication Engineering - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Network Science - profile
Elective Courses
(1. semester)
(3. semester)
Elective Courses of the Profile
(1. semester)
(3. semester)
[FER3-HR] Software Engineering and Information Systems - profile
Elective Courses
(1. semester)
(3. semester)
Learning Outcomes
- analyze target of the attack
- plan attack on information system
- assess security of information system by executing attack
- describe ethical and legal issues connected with attack activity
Forms of Teaching
Lectures
Seminars and workshops
Independent assignments
Laboratory
Seminars and workshops
Independent assignments
Laboratory
Week by Week Schedule
- Introduction, motivation, purpose and goals of the course, testing and scoring.
- Myths and misconceptions about attackers and attacks.
- MITRE ATT&CK and other models of attacker behavior.
- Advanced persistant threats, modes of operation and motivations.
- Planning, preparing and execution of offensive operations in cyberspace.
- Penetration testing methodology, penetration tests vs. red teams.
- Midterm exam
- Examples of input validation and data sanitization errors (Buffer overflow, integer errors, SQL injection, XSS), Race conditions, Mechanisms for detecting and mitigating input and data sanitization errors
- Static analysis and dynamic analysis
- Examples of malware (e.g., viruses, worms, spyware, botnets, Trojan horses or rootkits), Denial of Service (DoS) and Distributed Denial of Service (DDoS), Reverse engineering
- Exploits, exploit development
- Malware/unwanted communication such as covert channels and steganography, Exfiltration
- Red teaming
- Final exam
Literature
(.), Hacking Exposed 7: Network Security Secrets and Solutions,
(.), Gray Hat Hacking: The Ethical Hacker's Handbook,
(.), The Hacker Playbook 2: Practical Guide To Penetration Testing,
(.), Threat Modeling: Designing for Security,
For students
General
ID 222563
Winter semester
5 ECTS
L0 English Level
L1 e-Learning
30 Lectures
10 Seminar
0 Exercises
15 Laboratory exercises
0 Project laboratory
0 Physical education excercises
Grading System
Excellent
Very Good
Good
Sufficient