Bruno Martin

Professor, Université Côte d'Azur

• Bruno Martin
• Committees
• Publications

Advanced Security

Teaching team

Bruno Martin, Florian Ecard

Abstract

This is a series of 8 lectures split into 3 main parts. Lectures start october 5, 2021 at 9h15, room 362, Lucioles building.

We first start with an introduction to cybersecurity to have a better understanding of the issues, the regulations, the players and the professions. The different technical aspects of the security will be presented (security services and mechanisms, secret key cryptography, public key, hashing, certificates). We’ll see how to combine those services to build security protocols that enforce the security over the Internet (web and mail). Some issues on privacy and the new regulations introduced by the GDPR will be discussed. In the lectures, we will try to take the role of a CSO as well as the role of a hacker to identify the risks and prepare the defenses.

In the second part, F. Ecard, a security professional, will present attack techniques against web applications that will be put in practice with some labs.

Finally, the master students will discover some tools for auditing that will illustrate some of the concepts (OSINT, Pentesting, privacy, MIM, passwords strengths and weaknesses,…). The students will present their work during the last lecture. 2021 themas are: SAD DNS, hashcat, Metasploit, Pi-hole, OSINT.

Objectives

At the end of the lectures, the students will have a better understanding of the issues of cybersecurity. They will be able to discuss the threats and risks and help to set a security policy.

Contents

• 5/10 The context. The lab can be accessed through the url given by the binary file, that was encrypted by DES thanks to the enc command from openssl with a password whose value ranges between 400 and 500. It can also be found in the source of this page…
• 12/10 Security mechanisms and the lab
• 19/10 Security services and the lab Please install GPG
• 26/10 Privacy and the lab.
• 2/11 Web apps ethical hacking
• 9/11 Web apps ethical hacking and lab
• 16/11 Web apps ethical hacking and lab
• 23/11 Student’s presentations (30mn talk + 10mn questions):
  • Alessandro: Pi-hole
  • Davide F: SAD DNS
  • Davide P: Metasploit
  • Meryem: OSINT

Marking (the mean between)

• continuous check (labs) 40%
• final presentation 60% (includes the presentation, a small report –at least the slides–, and a demo –can also be a video–)

References

1. B. Martin. Codage, cryptologie et applications. Presses Polytechniques et Universitaires Romandes, 2004.
2. M. Vardi, Cyber Insecurity and Cyber Libertarianism
3. Site CyberEdu
4. Site de la distribution d’audit kali linux

Electronic resources

1. training with overthewire
2. For the most advanced
3. OSINT resources
4. Weak machines
5. Test your skills
6. October Cybersecurity month
7. Octobre Mois de la cybersécurité en Europe
8. Bulletin d’alerte de la gendarmerie
9. Autodiagnostic
10. Gestion des mdp (CNIL)

© 2009-2024 Bruno Martin | Generated by webgen