AbstractThis is an applied course on information security. The course focuses on in-depth penetration testing techniques, elements of cryptanalysis and digital forensics, ethical aspects of security and responsible disclosure.
In this course you will gain the skills necessary to become a security analyst/penetration tester. You will have already taken an introductory course on information security, and this course will give you an opportunity to learn more advanced tools for software analysis and exploitation, learn about the ethics of hacking and the responsible disclosure process.
The course will cover the following topics:
- Ethics of hacking and responsible disclosure
- Advanced exploitation tools (reconnaissance and payload generation)
- Elements of cryptanalysis
- Digital forensics
Before the course you must:
- Be familiar with security principles and risk analysis,
- Be familiar with network security, web and binary penetration testing
- Know basics of security protocols and cryptography
- Know basic algorithms and data structures
- Be familiar with operating systems and architectures, databases and compilers
- Have implemented at least two medium-size programming projects
Intended learning outcomes
After the course, the student should be able to:
- Apply the principle of responsible disclosure
- Discuss ethical issues in computer security
- Apply cryptanalysis to break vulnerable encryption schemes
- Apply semi-automated exploitation tools for web/database/binary vulnerabilities
- Conduct digital forensics analysis
This course follows the project-based learning approach. Teaching consists of:
- Exercise sessions
- Experimental lab work
- Project work
The first part of the course consists of lectures and exercises that cover the main theoretical aspects of the ILOs.The second part of the course consists of a project, in which you choose a target to analyse using the techniques and methodologies learned throughout the course. In the final deliverable you must present your discoveries in at least one of the technical aspects discussed in class (cryptanalysis, binary exploitation, forensics) and demonstrate that you conducted your project according to the principles of responsible disclosure, discussing the ethics of your project work.
There are two mandatory
activities in the course, in which you are asked to conduct
cryptanalysis for a known vulnerable cipher, and to work with a framework for doing automated exploitation.
The reason for having the mandatory activities is two-fold: to prepare the students to tackle the project in a more structured way, and to cover ILOs that may not be tested by the exam form. The second attempt is in the same form as the first attempt.
The student will receive the grade NA (not approved) at the ordinary exam, if the mandatory activities are not approved and the student will use an exam attempt.
The course literature is published in the course page in LearnIT.
Student Activity BudgetEstimated distribution of learning activities for the typical student
- Preparation for lectures and exercises: 10%
- Lectures: 15%
- Exercises: 15%
- Assignments: 20%
- Project work, supervision included: 35%
- Exam with preparation: 5%
Ordinary examExam type:
D: Submission of written work with following oral, External (7-point scale)
D1G: Submission for groups with following oral exam based on the submission. Shared responsibility for the report.
to be decided
- to be decided
Mixed exam 1 : Individual and joint student presentation followed by an individual and a group dialogue. The students make a joint presentation followed by a group dialogue. Subsequently the students are having individual examination with presentation and / or dialogue with the supervisor and external examiner while the rest of the group is outside the room.
Time and dateOrdinary Exam - submission Tue, 24 May 2022, 08:00 - 14:00
Ordinary Exam Wed, 22 Jun 2022, 12:00 - 17:00
Reexam - submission Wed, 27 Jul 2022, 08:00 - 14:00
Reexam Fri, 19 Aug 2022, 09:00 - 13:00