Checking date: 09/06/2021


Course: 2021/2022

Cyber attack techniques
(12389)
Study: Master in cybersecurity (288)
EPI


Coordinating teacher: MARIN LOPEZ, ANDRES

Department assigned to the subject: Department of Telematic Engineering

Type: Compulsory
ECTS Credits: 6.0 ECTS

Course:
Semester:




Requirements (Subjects that are assumed to be known)
This subject requires knowledge and skills gained in previous studies or in professional activities. Students should work comfortable in Unix environments and have programming knowledge of some interpreted language such as Python, Ruby or shell scripting. They also need knowledge on communication networks, knowing the TCP/IP stack is basic to this subject. Knowledge of some Linux and Windows network administrative tools is also needed.
Objectives
This compulsory course strengthens the acquisition of the following basic and general competences: - CB6: Master the knowledge required to propose original designs or developments, often in a research process within the area of cyber security. - CB7: Ability to apply acquired knowledge to solve problems under novel or almost novel situations or within broader (multidisciplinar) contexts related with cyber security. - CB8: Ability to state critical opinions and judgements having incomplete or limited information in the field of cyber security. These judgements must take into account include considerations about social and ethical responsibilities - CB9: Discuss in a public audience about their acquired knowledge, and the conclusions from the work. Students will be able to give their foundational and most convincing reasons to a specialized and non specialized audience in a clear way, without ambiguities. - CB10: Students should have the learning skills required to continue studying in a autonomous or self-directed way. - CG1: Create and refine concise and comprehensively documents, plans and projects in the scope of cyber security. - CG3: Understand and apply methods and techniques to investigate vulnerabilities of a given site. - CG4: Know the relevant technique part of the legal regulation in cyber security and its implications in the design of systems and security tools. This compulsory course strengthens the acquisition of the following specific competences: - CE1: Annalyze and detect anomalies and attack signatures y systems and networks. - CE2: Analyze and detect ocultation techniques in attacks to systems and networks. - CE3: Knowledge of trends in the cyber attacks techniques and about learned experiences in real cases. - CE7: Know and apply the cryptographic and steganographic mechanisms required to protect data stored in a system or data transiting a network.
Skills and learning outcomes
Description of contents: programme
1. Introduction to cyber attacks techniques 1.1. Concepts and definitions 1.2. Types of cyber attacks 1.3. Phases of a intrusion 2. Acquiring information on the target and vulnerability analysis 2.1. Techniques of intelligence. Open sources 2.2. Network and port scanning 2.3. Identification and vulnerability analysis 3. Explotation 3.1. Exploiting software and authentication systems 3.2. Resource consumption/exhaustion and Denial of Service 3.3. Social Engineering, malware and evasion techniques 4. Persistence 4.1. Evidence hiding 4.2. Privilege scaling 4.3. Preparing alternative access channels 4.4. Presence hiding
Learning activities and methodology
LEARNING ACTIVITIES lectures practical classes laboratory tutorials workgroups individual student work TEACHING METHODOLOGIES - Class lectures in which the main concepts of the subject are developed and the literature is provided to supplement student learning. - Critical reading recommended by the subject teacher texts: * Newspaper articles, reports, manuals, and / or scholarly articles, for subsequent class discussion to expand and consolidate the knowledge of the subject. - Resolution of laboratory practices and problems posed by the teacher individually or in group.
Assessment System
  • % end-of-term-examination 0
  • % of continuous assessment (assigments, laboratory, practicals...) 100
Calendar of Continuous assessment
Basic Bibliography
  • Broad, James, CISSP y Bindner, Andrew. Hacking with Kali: practical penetration testing techniques. Syngress (Elsevier). 2014
  • Pat Engebretson, David Kennedy. The basics of hacking and penetration testing: ethical hacking and penetration testing made easy. Syngress (Elsevier). 2013, 2nd ed.
Recursos electrónicosElectronic Resources *
Additional Bibliography
  • Johnny Long. Google Hacking for Penetration Testers. Syngress. 2011
  • Michael Hale Ligh; Steven Adair; Blake Hartstein; Matthew Richard. Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code. John Wiley & Sons. 2010
(*) Access to some electronic resources may be restricted to members of the university community and require validation through Campus Global. If you try to connect from outside of the University you will need to set up a VPN


The course syllabus and the academic weekly planning may change due academic events or other reasons.