Subject lectured to the 1st year of the Masters in Cybersecurity, providing a view over the issue of vulnerability management, it’s assessment, impact, and then exploration.
This edition will be lectured by professor João Paulo Barraca (email: jpbarraca@ua.pt). Teaching staff will be available by email and Discord, especially during the allocated tutoring slots. The use of the Discord platform for direct communication is highly recommended. Official course information will be available in this page, while grades will be available through Elearning.
Classes will be lectured in the Portuguese language, unless there is a foreign student attending. In this case English will be used. All lecture notes and laboratory guides will be made available in English. Examinations will be made available in both English and Portuguese.
Prospecting students should be aware that this subject some knowledge and comprehension of several topics in the areas of networking, software and operating systems, such as: the Python/C/PHP, Linux console usage (mostly Debian), virtual machines, sockets, HTTP and HTML technologies, and AMD64 assembly. Although lacking specific knowledge is not critical, the contents will expect you to have some base knowledge on those topics.
Important Dates
-
T1: November 22, 13h
-
T1+T2: January TBD
-
ES and PS: TBD
-
EE and PE: TBD
-
Assignment 1 - October 4th
-
Assignment 2 - December 20th
-
Assignment 3 - December 06th
-
Assignment 4 - December 20th
Planning
According to the UA academic schedule, classes will be lectured from September 19rd, until December 20th. The subject is composed by a 3 hours of theoretical lectures, and 1 hour of tutoring, making a total of 4 hours per week of contact hours. It is expected that students spend an additional 2-3 hours per week exploring the concepts presented during the lectures, preparing projects and assignments. It is also expected them to make use of the tutoring times if they have questions or require some assistance. Theoretical classes will present key aspects related with vulnerability management, vulnerability assessment, relevant vulnerabilities in current service architectures (mostly web or REST based), lower level aspects related with stacks, heaps and other vulnerabilities, and then mobile applications.
The topics lectured in each class should be as presented in the following table. Changes may happen, so please check it frequently.
| # | Date | Topic |
|---|---|---|
| 1 | Sep 19 | Vulnerabilities |
| 2 | Sep 26 | Information Leakage |
| 3 | Oct 04 | Vulnerability Assessment |
| 4 | Oct 11 | Injection Vulnerabilities: SQLi |
| 5 | Oct 18 | Injection Vulnerabilities: OS Injection |
| 6 | Oct 25 | Broken Authentication |
| X | Nov 01 | No Classes |
| 7 | Nov 08 | XSS - Cross Site Scripting |
| 8 | Nov 15 | Theoretical Test T1, XSS - Cross Site Scripting |
| 9 | Nov 22 | Stack Overflow attacks |
| 10 | Nov 29 | ROP and String format attacks) |
| 11 | Dec 06 | Heap based attacks |
| 12 | Dec 13 | Concurrency |
| 13 | Dec 20 | Project wrapping up |
Software
- Bettercap: The Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.
- Wireshark: The most popular packet sniffer application.
- WebGoat: A deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
- Kali Linux: A popular Penetration Testing Distribution.
- John the Ripper: A password Cracker.
- Hashcat: Advanced Password Recovery tool, especially tailored at OpenCL.
- nmap: Probably the most famous port scanner and reconnaissance tool.
- Burp Suite: Vulnerability assessment tool
- OWASP ZAP: OWASP Zed Attack Proxy is a vulnerability assessment tool, similar to Burp, but open source.
- GDB: GDB: The GBU Project Debugger
Websites
- Try Hack Me: Platform with several relevant resources
- CTFTime: CTF Competitions and Events
- PicoCTF: A (simple) CTF from CMU
- OWASP Top Ten: OWASP Top Ten vulnerabilities
- GameOfHacks: Identify common programming errors that lead to security issues.
- Bruce Schneier Blog: A very interesting blog dedicate to security and cryptography.
- Reddit NetSec
- NetSecStudents
- CVE Details
- Hack The Box
Books
Most books are available through the O’Reilly library, which is available to all students using their University credentials.
- Security in Computing, Fourth Edition
- Security Engineering, Third Edition
- Certified Ethical Hacker (CEH) Preparation Guide
- Hands-On Bug Hunting for Penetration Testers
- The Complete Ethical Hacking Course
- Violent Python
- Web Security - Common Vulnerabilities and Their Mitigation
- The Hacker Playbook 2: Practical Guide To Penetration Testing
- Reddit NetSec Books Galore