Advanced Security
Teaching team
Bruno Martin, Florian Ecard
Abstract
This is a series of 8 lectures split into 3 main parts. Lectures start october 5, 2021 at 9h15, room 362, Lucioles building.
We first start with an introduction to cybersecurity to have a better understanding of the issues, the regulations, the players and the professions. The different technical aspects of the security will be presented (security services and mechanisms, secret key cryptography, public key, hashing, certificates). We’ll see how to combine those services to build security protocols that enforce the security over the Internet (web and mail). Some issues on privacy and the new regulations introduced by the GDPR will be discussed. In the lectures, we will try to take the role of a CSO as well as the role of a hacker to identify the risks and prepare the defenses.
In the second part, F. Ecard, a security professional, will present attack techniques against web applications that will be put in practice with some labs.
Finally, the master students will discover some tools for auditing that will illustrate some of the concepts (OSINT, Pentesting, privacy, MIM, passwords strengths and weaknesses,…). The students will present their work during the last lecture. 2021 themas are: SAD DNS, hashcat, Metasploit, Pi-hole, OSINT.
Objectives
At the end of the lectures, the students will have a better understanding of the issues of cybersecurity. They will be able to discuss the threats and risks and help to set a security policy.
Contents
- 5/10 The context. The lab can be accessed through the
url given by the binary file, that was encrypted by DES
thanks to the
enc
command fromopenssl
with a password whose value ranges between 400 and 500. It can also be found in the source of this page… - 12/10 Security mechanisms and the lab
- 19/10 Security services and the lab Please install
GPG
- 26/10 Privacy and the lab.
- 2/11 Web apps ethical hacking
- 9/11 Web apps ethical hacking and lab
- 16/11 Web apps ethical hacking and lab
- 23/11 Student’s presentations (30mn talk + 10mn questions):
- Alessandro: Pi-hole
- Davide F: SAD DNS
- Davide P: Metasploit
- Meryem: OSINT
Marking (the mean between)
- continuous check (labs) 40%
- final presentation 60% (includes the presentation, a small report –at least the slides–, and a demo –can also be a video–)
References
- B. Martin. Codage, cryptologie et applications. Presses Polytechniques et Universitaires Romandes, 2004.
- M. Vardi, Cyber Insecurity and Cyber Libertarianism
- Site CyberEdu
- Site de la distribution d’audit kali linux