Offensive Technologies

Course manual 2024/2025

Course content

The internet is a paradise for cybercriminals. In many cases attacker can break into poorly configured systems without being even noticed. Bugs, viruses, worms, denial-of-service, and theft can cause major havoc. This course looks at various attacks vectors and exploits, as well as at resources that the system and network administrator has available to detect, understand and resolve security incidents. The course includes studying threats by performing cyber attacks on lab environments. After analyzing the causes of a successful break-in, solutions will be discussed, both on a design and implementation level.

Study materials

Other

• Lecture notes, online material, research papers and book chapters

Objectives

• The student can select the right exploitation tools for an IT system.
• The student can analyze the cryptographic protocols of modern IT systems.
• The student can evaluate the security of IT systems, software, hardware or network protocols against attackers.
• The student can reflect on existing security findings in IT systems.
• The student can present an existing exploit to security students and researchers.
• The student can recognize the ethical & legal implications of security exploits.
• The student can collaborate to deploy a known security exploit.

Teaching methods

• Lecture
• Computer lab session/practical training
• Presentation/symposium
• Supervision/feedback meeting

The lectures offer the basic theory about software, network, hardware and other exploits.
The lab sessions follow up with specific assignments that train the students in deploying and protecting against such exploits.
The course project allows the students to delve deeper into a specific security topic.
The presentations train the students on how to convey information to a cybersecurity audience.

Learning activities

Attendance

Requirements of the programme concerning attendance (TER-B):

1. All parts and activities of the curriculum are obligatory (presence and participation). This includes lectures, seminars, practical work, colloquia and site visits.
2. Exemptions for activities have to be granted in advance by the examiner.
3. If no exemption has been granted and the conditions as stated in paragraph 1 were not met, the component has to be taken again.

Additional requirements for this course:

The course has the standard SNE attendance requirements i.e. obligatory attendance to Lectures and Lab Sessions.

Assessment

Inspection of assessed work

Contact the course coordinator to make an appointment for inspection.

Assignments

The students have to carry out the lab assignments with the assistance of the TAs (pass/fail)
The students have to carry out a group project on any Offensive Technology of their choice (2/3 of final grade)The students have The studets to carry out a group presentation about their project (1/3 of final grade)

Fraud and plagiarism

The 'Regulations governing fraud and plagiarism for UvA students' applies to this course. This will be monitored carefully. Upon suspicion of fraud or plagiarism the Examinations Board of the programme will be informed. For the 'Regulations governing fraud and plagiarism for UvA students' see: www.student.uva.nl

Course structure

Additional information

Recommended prior knowledge: C programming, TCP/IP, advanced Linux and Windows skills, basic elements of cryptography and cryptographic protocols

Contact information

Coordinator

• dr. Kostas Papagiannopoulos

Teaching assistants: Linus Mainka (l.mainka@uva.nl), Giorgio Campissano (giorgio.campisano@student.uva.nl), Mattia Monari (ma.monari@student.uva.nl)