Official course description:

Full info last published 24/11-20
Course info
Language:
English
ECTS points:
7.5
Course code:
KSETHAC1KU
Participants max:
30
Offered to guest students:
no
Offered to exchange students:
yes
Offered as a single subject:
no
Programme
Level:
MSc. Master
Programme:
MSc in Computer Science
Staff
Course manager
Associate Professor
Teacher
Full Professor
Teacher
Postdoc
Course semester
Semester
Forår 2021
Start
1 February 2021
End
14 May 2021
Exam
Exam type
ordinær
Internal/External
ekstern censur
Grade Scale
7-trinsskala
Exam Language
GB
Abstract
This is an applied course on information security. The course focuses on in-depth penetration testing techniques, elements of cryptanalysis and digital forensics, ethical aspects of security and responsible disclosure.
Description

In this course you will gain the skills necessary to become a security analyst/penetration tester. You will have already taken an introductory course on information security, and this course will give you an opportunity to learn more advanced tools for software analysis and exploitation, learn about the ethics of hacking and the responsible disclosure process.

The course will cover the following topics:

  1. Ethics of hacking and responsible disclosure
  2. Advanced exploitation tools (reconnaissance and payload generation)
  3. Elements of cryptanalysis
  4. Digital forensics
Formal prerequisites

Before the course you must:

  1. Be familiar with security principles and risk analysis,
  2. Be familiar with network security, web and binary penetration testing
  3. Know basics of security protocols and cryptography
  4. Know basic algorithms and data structures
  5. Be familiar with operating systems and architectures, databases and compilers
  6. Have implemented at least two medium-size programming projects


Intended learning outcomes

After the course, the student should be able to:

  • Apply the principle of responsible disclosure
  • Discuss ethical issues in computer security
  • Apply cryptanalysis to break vulnerable encryption schemes
  • Apply semi-automated exploitation tools for web/database/binary vulnerabilities
  • Conduct digital forensics analysis
Learning activities

This course follows the project-based learning approach. Teaching consists of:

  1. Lectures
  2. Exercise sessions
  3. Experimental lab work
  4. Project work

The first part of the course consists of lectures and exercises that cover the main theoretical aspects of the ILOs. 

The second part of the course consists of a project, in which you choose a target to analyse using the techniques and methodologies learned throughout the course. In the final deliverable you must present your discoveries in at least one of the technical aspects discussed in class (cryptanalysis, binary exploitation, forensics) and demonstrate that you  conducted your project according to the principles of responsible disclosure, discussing the ethics of your project work.

Mandatory activities

There are two mandatory activities in the course, in which you are asked to conduct cryptanalysis for a known vulnerable cipher, and to work with a framework for doing automated exploitation (e.g. metasploit, SQLmap, pwntools).

The reason for having the mandatory activities is two-fold: to prepare the students to tackle the project in a more structured way, and to cover ILOs that may not be tested by the exam form. The second attempt is in the same form as the first attempt.



The student will receive the grade NA (not approved) at the ordinary exam, if the mandatory activities are not approved and the student will use an exam attempt.

Course literature

The course literature is published in the course page in LearnIT.

Student Activity Budget
Estimated distribution of learning activities for the typical student
  • Preparation for lectures and exercises: 10%
  • Lectures: 15%
  • Exercises: 15%
  • Assignments: 20%
  • Project work, supervision included: 35%
  • Exam with preparation: 5%
Ordinary exam
Exam type:
D: Submission of written work with following oral, External (7-point scale)
Exam variation:
D1G: Submission for groups with following oral exam based on the submission. Shared responsibility for the report.
Exam submission description:
to be decided
Group submission:
Group
  • to be decided
Exam duration per student for the oral exam:
20 minutes
Group exam form:
Mixed exam 1 : Individual and joint student presentation followed by an individual and a group dialogue. The students make a joint presentation followed by a group dialogue. Subsequently the students are having individual examination with presentation and / or dialogue with the supervisor and external examiner while the rest of the group is outside the room.

Time and date