Offensive Security

Course Description

This course is about attacks in cyber space which is useful skill for two reasons. The first one is that knowing how attackers behave in cyber space one can better prepare defenses. The second reason is that performing attacks it is possible to check defences of an organization, which is usually done via activities known as penetration tests and red teaming. This course will teach students for operational, tactical and technical planning of attacks and their execution. This also include gathering information necessary for successful execution of attacks. Students will be also made aware of ethical and legal issues that arise from offensive security.

Learning Outcomes

  1. analyze target of the attack
  2. plan attack on information system
  3. assess security of information system by executing attack
  4. describe ethical and legal issues connected with attack activity

Forms of Teaching

Lectures

Seminars and workshops

Independent assignments

Laboratory

Week by Week Schedule

  1. Attacker goals, capabilities, and motivations (e.g., underground economy, digital espionage, cyberwarfare, insider threats, hacktivism, advanced persistent threats)
  2. Advanced persistant threats
  3. Defense in depth (e.g., defensive programming, layered defense)
  4. Prevention, detection, and deterrence
  5. Techniques and tools for vulnerability scaning; Intrusion detection systems; Host-based, network-based approaches, and hybrid approaches
  6. Social engineering (e.g., phishing), Passwords and password cracking
  7. Reconnaissance, Gaining, maintaining access and covering tracks
  8. Midterm exam
  9. Examples of input validation and data sanitization errors (Buffer overflow, integer errors, SQL injection, XSS), Race conditions, Mechanisms for detecting and mitigating input and data sanitization errors
  10. Static analysis and dynamic analysis
  11. Examples of malware (e.g., viruses, worms, spyware, botnets, Trojan horses or rootkits), Denial of Service (DoS) and Distributed Denial of Service (DDoS), Reverse engineering
  12. Exploits, exploit development
  13. Malware/unwanted communication such as covert channels and steganography, Exfiltration
  14. Red teaming
  15. Final exam

Study Programmes

University graduate
Audio Technologies and Electroacoustics (profile)
Free Elective Courses (1. semester)
Communication and Space Technologies (profile)
Free Elective Courses (1. semester)
Computational Modelling in Engineering (profile)
Free Elective Courses (1. semester)
Computer Engineering (profile)
Free Elective Courses (1. semester)
Control Systems and Robotics (profile)
Free Elective Courses (1. semester)
Data Science (profile)
Free Elective Courses (1. semester)
Electrical Power Engineering (profile)
Free Elective Courses (1. semester)
Electric Machines, Drives and Automation (profile)
Free Elective Courses (1. semester)
Electronic and Computer Engineering (profile)
Free Elective Courses (1. semester)
Electronics (profile)
Free Elective Courses (1. semester)
Information and Communication Engineering (profile)
Free Elective Courses (1. semester)
Network Science (profile)
Elective Courses of the Profile (1. semester)
Software Engineering and Information Systems (profile)
Free Elective Courses (1. semester)

Literature

(.), Hacking Exposed 7: Network Security Secrets and Solutions,
(.), Gray Hat Hacking: The Ethical Hacker's Handbook,
(.), The Hacker Playbook 2: Practical Guide To Penetration Testing,
(.), Threat Modeling: Designing for Security,

Laboratory exercises

For students

General

ID 222563
  Winter semester
5 ECTS
L0 English Level
L1 e-Learning
30 Lectures
10 Seminar
15 Laboratory exercises

Grading System

Excellent
Very Good
Good
Acceptable