Checking date: 16/05/2025 17:20:07


Course: 2025/2026

Cyber attack techniques
(12389)
Master in Cybersecurity (Plan: 325 - Estudio: 288)
EPI


Coordinating teacher: ALMENARES MENDOZA, FLORINA

Department assigned to the subject: Telematic Engineering Department

Type: Compulsory
ECTS Credits: 6.0 ECTS

Course:
Semester:




Requirements (Subjects that are assumed to be known)
This subject requires knowledge and skills gained in previous studies or in professional activities. Students should work comfortable in Unix environments and have programming knowledge of some interpreted language such as Python, Ruby or shell scripting. They also need knowledge on communication networks, knowing the TCP/IP stack is basic to this subject. Knowledge of some Linux and Windows network administrative tools is also needed.
Objectives
This mandatory course aims to have students learn and practice the techniques used to carry out an ethical hacking process. Specifically, the objectives to be achieved are the following: - Understand the penetration testing lifecycle: reconnaissance, exploitation, concealment, and persistence. - Develop practical skills to identify, exploit, and mitigate vulnerabilities in systems and applications. - Know in depth the techniques and methodologies used by attackers to compromise systems and networks. - Design and execute penetration tests and Red Team exercises to evaluate system security. - Understand and apply open-source methods, techniques, and tools for cyberattack investigation to a specific facility. - Learn techniques for attack concealment and system persistence. - Understand current trends in cyberattack techniques and the lessons learned in real-world cases. - Explain at least one way to penetrate a system whose vulnerabilities have been detected, justifying the vulnerabilities found and the detailed procedure to be followed for the intrusion through reasoned reports. - Explain other attack techniques on a system that is not susceptible to direct intrusion.
Learning Outcomes
Description of contents: programme
1. Introduction to cyber attacks techniques 1.1. Concepts and definitions 1.2. Types of cyber attacks 1.3. Phases of a intrusion 2. Acquiring information on the target and vulnerability analysis 2.1. Techniques of intelligence. Open sources 2.2. Network and port scanning 2.3. Identification and vulnerability analysis 3. Explotation 3.1. Exploiting software and authentication systems 3.2. Resource consumption/exhaustion and Denial of Service 3.3. Social Engineering, malware and evasion techniques 4. Persistence 4.1. Evidence hiding 4.2. Privilege scaling 4.3. Preparing alternative access channels 4.4. Presence hiding
Learning activities and methodology
LEARNING ACTIVITIES Theoretical lectures Practical lectures Laboratory practices Tutoring sessions Teamwork Individual work by the student TEACHING METHODOLOGIES - Class lectures in which the main concepts of the subject are developed and the literature is provided to supplement student learning. - Critical reading recommended by the subject teacher texts: * Newspaper articles, reports, manuals, and / or scholarly articles, for subsequent class discussion to expand and consolidate the knowledge of the subject. - Resolution of laboratory practices and problems posed by the teacher individually or in group.
Assessment System
  • % end-of-term-examination/test 0
  • % of continuous assessment (assigments, laboratory, practicals...) 100

Calendar of Continuous assessment


Basic Bibliography
  • Broad, James, CISSP y Bindner, Andrew. Hacking with Kali: practical penetration testing techniques. Syngress (Elsevier). 2014
  • Peter Kim . The Hacker Playbook: Practical Guide To Penetration Testing. CreateSpace Independent Publishing Platform. 2014
Recursos electrónicosElectronic Resources *
Additional Bibliography
  • Johnny Long. Google Hacking for Penetration Testers. Syngress. 2011
  • Sparc Flow. HOW TO HACK LIKE A GHOST: Breaching the Cloud. No Starch Press, Inc. www.nostarch.com. 2021
(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN


The course syllabus may change due academic events or other reasons.