Offensive Security
Data is displayed for academic year: 2023./2024.
Course Description
This course is about attacks in cyber space which is useful skill for two reasons. The first one is that knowing how attackers behave in cyber space one can better prepare defenses. The second reason is that performing attacks it is possible to check defences of an organization, which is usually done via activities known as penetration tests and red teaming. This course will teach students for operational, tactical and technical planning of attacks and their execution. This also include gathering information necessary for successful execution of attacks. Students will be also made aware of ethical and legal issues that arise from offensive security.
Study Programmes
University graduate
[FER3-HR] Audio Technologies and Electroacoustics - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Communication and Space Technologies - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Computational Modelling in Engineering - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Computer Engineering - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Computer Science - profile
Elective Courses
(3. semester)
Elective Courses of the Profile
(3. semester)
[FER3-HR] Control Systems and Robotics - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Data Science - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Electrical Power Engineering - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Electric Machines, Drives and Automation - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Electronic and Computer Engineering - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Electronics - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Information and Communication Engineering - profile
Elective Courses
(1. semester)
(3. semester)
[FER3-HR] Network Science - profile
Elective Courses
(1. semester)
(3. semester)
Elective Courses of the Profile
(1. semester)
(3. semester)
[FER3-HR] Software Engineering and Information Systems - profile
Elective Courses
(1. semester)
(3. semester)
Learning Outcomes
- explain strategic, operational and tactical activity
- explain penetration testing and differences to real attacks
- plan offensive operations in cyberspace
- discover information about attack target
- plan infrastructure for attack
- describe technical steps for attack execution
- describe ethical and legal issues connected with attack activity
Forms of Teaching
Lectures
Lectures consist of lecturer's presentations and students' presentations.
Seminars and workshopsEach student has to study and present one topic from the offensive security during the lecture. Topics are proposed by the teacher.
Independent assignmentsReading scientific and professional texts.
LaboratoryIn laboratory exercises students get to know methods and tools for executing tactical steps of an attack.
Grading Method
Continuous Assessment | Exam | |||||
---|---|---|---|---|---|---|
Type | Threshold | Percent of Grade | Threshold | Percent of Grade | ||
Laboratory Exercises | 40 % | 15 % | 40 % | 15 % | ||
Class participation | 40 % | 30 % | 40 % | 30 % | ||
Seminar/Project | 40 % | 15 % | 40 % | 15 % | ||
Mid Term Exam: Written | 40 % | 20 % | 40 % | |||
Final Exam: Written | 40 % | 20 % |
Week by Week Schedule
- Introduction, motivation, purpose and goals of the course, testing and scoring. Myths and misconceptions about attackers and attacks.
- Social engineering
- MITRE ATT&CK and models of attacker behavior.
- Penetration testing methodology, penetration tests vs. red teams.
- Planning, preparing and execution of offensive operations in cyberspace.
- Vulnerability search. Exploits, exploit development. Malware development and infrastructure preparation.
- Preparation for and avoidance of protection measures.
- Midterm exam
- Tactical and technical aspects of offensive operations.
- Tactical and technical aspects of offensive operations.
- Tactical and technical aspects of offensive operations.
- Tactical and technical aspects of offensive operations.
- Tactical and technical aspects of offensive operations.
- Tactical and technical aspects of offensive operations.
- Final exam
Literature
Stuart McClure, Joel Scambray, George Kurtz (2012.), Hacking Exposed 7 : Network Security Secrets & Solutions, Seventh Edition, McGraw Hill Professional
Allen Harper, Shon Harris, Jonathan Ness, Chris Eagle, Gideon Lenkey, Terron Williams (2011.), Gray Hat Hacking The Ethical Hackers Handbook, 3rd Edition, McGraw Hill Professional
Peter Kim (2018.), The Hacker Playbook 3, Hacker Playbook
Adam Shostack (2014.), Threat Modeling, John Wiley & Sons
For students
General
ID 222563
Winter semester
5 ECTS
L0 English Level
L1 e-Learning
30 Lectures
10 Seminar
0 Exercises
15 Laboratory exercises
0 Project laboratory
0 Physical education excercises
Grading System
88 Excellent
75 Very Good
63 Good
50 Sufficient