This subject requires knowledge and skills gained in previous studies or in professional activities. Students should work comfortable in Unix environments and have programming knowledge of some interpreted language such as Python, Ruby or shell scripting. They also need knowledge on communication networks, knowing the TCP/IP stack is basic to this subject. Knowledge of some Linux and Windows network administrative tools is also needed.

This mandatory course aims to have students learn and practice the techniques used to carry out an ethical hacking process. Specifically, the objectives to be achieved are the following: - Understand the penetration testing lifecycle: reconnaissance, exploitation, concealment, and persistence. - Develop practical skills to identify, exploit, and mitigate vulnerabilities in systems and applications. - Know in depth the techniques and methodologies used by attackers to compromise systems and networks. - Design and execute penetration tests and Red Team exercises to evaluate system security. - Understand and apply open-source methods, techniques, and tools for cyberattack investigation to a specific facility. - Learn techniques for attack concealment and system persistence. - Understand current trends in cyberattack techniques and the lessons learned in real-world cases. - Explain at least one way to penetrate a system whose vulnerabilities have been detected, justifying the vulnerabilities found and the detailed procedure to be followed for the intrusion through reasoned reports. - Explain other attack techniques on a system that is not susceptible to direct intrusion.

1. Introduction to cyber attacks techniques 1.1. Concepts and definitions 1.2. Types of cyber attacks 1.3. Phases of a intrusion 2. Acquiring information on the target and vulnerability analysis 2.1. Techniques of intelligence. Open sources 2.2. Network and port scanning 2.3. Identification and vulnerability analysis 3. Explotation 3.1. Exploiting software and authentication systems 3.2. Resource consumption/exhaustion and Denial of Service 3.3. Social Engineering, malware and evasion techniques 4. Persistence 4.1. Evidence hiding 4.2. Privilege scaling 4.3. Preparing alternative access channels 4.4. Presence hiding

LEARNING ACTIVITIES Theoretical lectures Practical lectures Laboratory practices Tutoring sessions Teamwork Individual work by the student TEACHING METHODOLOGIES - Class lectures in which the main concepts of the subject are developed and the literature is provided to supplement student learning. - Critical reading recommended by the subject teacher texts: * Newspaper articles, reports, manuals, and / or scholarly articles, for subsequent class discussion to expand and consolidate the knowledge of the subject. - Resolution of laboratory practices and problems posed by the teacher individually or in group.