Important Dates
- T1: November 15th, 16.30
- T2 (and T1): January 13th, 10.00, in ANF.IV, ANF.V, ANF.5.2.22, 5.1.46
- ES and PS: January 29th, 10.00, in ANF. IV, ANF. V
- EE and PE: TBD
Most laboratory guides will require a specific Virtual Machine available here. The file is compressed.
The username and password are sio
. It runs best in VirtualBox added as a disk, and with 2GB of RAM.
Planning
According to the UA academic schedule, classes will be lectured from September 16th, until December 20th. The subject is structured as 2 hours of theoretical lectures, 2 hours of practical laboratories, and 1 hour of tutoring hours (optional).
Theoretical classes will present key concepts related to the application of security to modern information systems, and organizations. The practical classes will be focused in the exploration of security mechanisms, and in the exploration and analysis of common security attacks.
The topics lectured in each class should be as follows. Changes may happen, so please check it frequently.
Rules
Faculty and Lectures
The theoretical classes will be lectured by professors João Paulo Barraca, André Zúquete. The practical classes will be lectured by Paulo Bartolomeu, Vitor Cunha, Alfredo Matos, Pedro Escaleira and Catarina Silva. Teaching staff will be available especially during the allocated tutoring slots. Official course information will be available on this page, or through the Elearning platform.
Classes will be lectured in the Portuguese language, unless there is a foreign student attending. In this case English will be used. All lecture notes will be made available in English. Laboratory guides will be provided in English.
Prospecting students should be aware that this subject require some basic knowledge of several topics in the areas of networking, programmimg and operating systems, such as: the Python/C/Java languages, Linux, and Linux console usage (mostly Debian/Ubuntu), and virtual machines.
Attendance
Students can choose to attend the theoretical classes, and is highly recommended they do so every week as it correlates with a good outcome. Attendance to practical classes is mandatory and faults will be recorded.
According to the University rules, students must be present at (at least) 70% of the practical classes. For this edition that results in a maximum of 4 (Monday classes) or 3 (Thursday classes) unjustified faults. If a student exceeds the number of faults allowed, he will automatically fail the subject and won’t be allowed at any other evaluation during the current academic year.
Grading
Grading will be composed by two components. Both are mandatory and have a minimum threshold.
-
Theoretical Component: Relates to the contents lectured during all classes, mostly focusing on the theoretical lectures.
-
1 (One) exam (E1), composed by 2 (two) parts (T1 and T2), covering all contents lectured, and contributing with 10 points to the component.
- An opportunity will be given to perform the first part (T1) in mid November.
- If T1 is returned, it will be considered for grading, otherwise an equivalent test can be done in the Exam season.
- The second part (T2) will be available in the Exam season.
-
Dates:
- T1: November 15th or in the exam Season, including questions that address all contents until Management of Asymmetric Keys (including).
- T2: During the exam season, addressing all contents since Authentication Protocols and Methods (including).
-
Final Theoretical Grade: (T1 + T2)
-
Minimum points of this component: 3.5 pts (0-10)
- i.e. $ T1 + T2 >= 3.5$
-
-
Practical Component:
- Development of practical project by a group of X students. Exceptionally, less students may be allowed after explicit authorization by the professors.
- assignments may be awarded a maximum bonus +10% due to the addition of additional innovations. Additional innovations is a bonus and can be discussed with the professores before returning the project.
- In the practical projects, each student will have a pool of 96 hours to allocate as required in their deliveries. This pool can be used to return assignments after the deadline without any penalty. After the pool is exausted, a standard penalty of 0.1 points per hour applies up to 2 days. After 2 days (96h+48h), the assignment will not be accepted.
- Projects will need to be presented and defended.
- Minimum points of this component: 3.5
- i.e. $practical >= 3.5$
- Development of practical project by a group of X students. Exceptionally, less students may be allowed after explicit authorization by the professors.
The following table summarizes the points of each component:
Component | Item | Points |
---|---|---|
P | Project - Delivery 1 | 3 |
P | Project - Delivery 2 | 3 |
P | Project - Delivery 3 | 4 |
T | T1 | 5 |
T | T2 | 5 |
Supplementary season
The supplementary season takes place from January 26th until February 8th. It is available for all students that failed to obtain at least 9.50 points during the normal season, or 3.5 and one of the components. The remaining students may also access this season, but the University requires an additional administrative process. Grading will be composed by two components, each contributing with 10 points to the final grade.
Rules for this season will be updated at a later time
Special season
The special season usually takes place in September and is available to students in specific cases. Accessing this season will require an additional administrative process.
Grading will be composed by two components, each contributing with 10 points to the final grade. It follows the same rules used in the Supplementary season.
Rules for this season will be updated at a later time
Additional Content
Software
- AirCrackNG: A complete suite of tools to assess WiFi network security.
- Bettercap: The Swiss Army knife for WiFi, Bluetooth Low Energy, wireless HID hijacking and Ethernet networks reconnaissance and MITM attacks.
- Wireshark: The most popular packet sniffer application.
- WebGoat: A deliberately insecure web application maintained by OWASP designed to teach web application security lessons.
- Kali Linux: A popular Penetration Testing Distribution.
- John the Ripper: A password Cracker.
- Hashcat: Advanced Password Recovery tool, especially tailored at OpenCL.
- nmap: Probably the most famous port scanner and recognaissance tool.
- Pwnagotchi: Deep Reinforcement Learning for Wifi Pwning.
Websites
- TryHackMe: Beginner friendly website for cybersecurity training.
- GameOfHacks: Identify common programming errors that lead to security issues.
- Let’s Encrypt: A free, automated and open Certification Authority.
- Bruce Schneier Blog: A very interesting blog dedicate to security and cryptography.
- SANS Technology Institute: Best Security Books
- Reddit NetSec and NetSecStudents
- Reddit NetSec Books Galore
- Hacking Secret Ciphers With Python
- CVE Details
- PicoCTF: Beginner friendly challenges for your curiosity