Course content

The course covers the main techniques used by computer hackers and penetration testers in order to better defend against intrusions and security violations in live systems, including low-level kernel and hardware topics, techniques for web applications, exploit techniques, rootkits and some audit techniques used in digital forensics.

Learning outcome

A. Knowledge: Students will learn the underlying principles and techniques associated with the cybersecurity practice known as penetration testing or ethical hacking. They will become familiar with the entire penetration testing process including planning, reconnaissance, scanning, exploitation, post-exploitation and result reporting. B. Skills: For every offensive penetration technique the students will learn the corresponding remedial technique. By this, the students will develop a practical understanding of the current cybersecurity issues and the ways how the errors made by users, administrators, or programmers can lead to exploitable insecurities.

Learning methods and activities

Lectures, seminars, invited lectures, student presentations and laboratory exercises.

Specific conditions

Recommended previous knowledge

TTM4135 Applied Cryptography and Network Security and TTM4137 Wireless Network Security or equivalent. Basic knowledge of computer networks, low-level computer organization, experience using Unix-like operating systems, programming languages such as C, Python or x86 assembler, and familiarity with basic web technologies such as Javascript, PHP and SQL.

Course materials

The main course material will be given in form of slides, manuals, and video presentations. That material will cover a broad range of topics from a) Python programming and using its modules for cryptography, steganography, image manipulation, packet manipulation, packet-sniffing and using some Python IDEs; b) Some hacking tools in Kali Linux; c) Capture The Flag (CTF) sources, tutorials, and writeups; d) Command-line tools for finding web and SQL vulnerabilities and exploits; e) Materials for Darkly, 42 - Web Security Project, f) Web Security Dojo; g) Cross-site Scripting (XSS) attacks; h) Tutorials for OWASP tools: WebGoat, WebWolf, and ZAP; i) Tutorials how to attack physically accessible machines; j) Keyloggers.

Useful but not mandatory course material:  1. "Black Hat Python: Python Programming for Hackers and Pentesters", First Edition, by Justin Seitz, December 14, 2014, 2. "Gray Hat Hacking The Ethical Hacker's Handbook", Fourth Edition, by Daniel Regalado et al., McGraw-Hill Education, January 5, 2015, 3. "The Hacker Playbook: Practical Guide To Penetration Testing", by Peter Kim, January 1, 2014

Credit reductions