Offensive Security

Course Description

This course is about attacks in cyber space which is useful skill for two reasons. The first one is that knowing how attackers behave in cyber space one can better prepare defenses. The second reason is that performing attacks it is possible to check defences of an organization, which is usually done via activities known as penetration tests and red teaming. This course will teach students for operational, tactical and technical planning of attacks and their execution. This also include gathering information necessary for successful execution of attacks. Students will be also made aware of ethical and legal issues that arise from offensive security.

Learning Outcomes

  1. analyze target of the attack
  2. plan attack on information system
  3. assess security of information system by executing attack
  4. describe ethical and legal issues connected with attack activity

Forms of Teaching

Lectures

Seminars and workshops

Independent assignments

Laboratory

Week by Week Schedule

  1. Introduction, motivation, purpose and goals of the course, testing and scoring.
  2. Myths and misconceptions about attackers and attacks.
  3. MITRE ATT&CK and other models of attacker behavior.
  4. Advanced persistant threats, modes of operation and motivations.
  5. Planning, preparing and execution of offensive operations in cyberspace.
  6. Penetration testing methodology, penetration tests vs. red teams.
  7. Midterm exam
  8. Examples of input validation and data sanitization errors (Buffer overflow, integer errors, SQL injection, XSS), Race conditions, Mechanisms for detecting and mitigating input and data sanitization errors
  9. Static analysis and dynamic analysis
  10. Examples of malware (e.g., viruses, worms, spyware, botnets, Trojan horses or rootkits), Denial of Service (DoS) and Distributed Denial of Service (DDoS), Reverse engineering
  11. Exploits, exploit development
  12. Malware/unwanted communication such as covert channels and steganography, Exfiltration
  13. Red teaming
  14. Final exam

Study Programmes

University graduate
[FER3-HR] Audio Technologies and Electroacoustics - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Communication and Space Technologies - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Computational Modelling in Engineering - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Computer Engineering - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Computer Science - profile
Elective Courses (3. semester)
Elective Courses of the Profile (3. semester)
[FER3-HR] Control Systems and Robotics - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Data Science - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Electrical Power Engineering - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Electric Machines, Drives and Automation - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Electronic and Computer Engineering - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Electronics - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Information and Communication Engineering - profile
Elective Courses (1. semester) (3. semester)
[FER3-HR] Network Science - profile
Elective Courses (1. semester) (3. semester)
Elective Courses of the Profile (1. semester) (3. semester)
[FER3-HR] Software Engineering and Information Systems - profile
Elective Courses (1. semester) (3. semester)

Literature

(.), Hacking Exposed 7: Network Security Secrets and Solutions,
(.), Gray Hat Hacking: The Ethical Hacker's Handbook,
(.), The Hacker Playbook 2: Practical Guide To Penetration Testing,
(.), Threat Modeling: Designing for Security,

Laboratory exercises

For students

General

ID 222563
  Winter semester
5 ECTS
L0 English Level
L1 e-Learning
30 Lectures
10 Seminar
0 Exercises
15 Laboratory exercises
0 Project laboratory

Grading System

Excellent
Very Good
Good
Sufficient