Introduction

Digital security is an exciting field to be involved in. A constantly evolving battle is waged between defenders, who build and deploy solutions, and attackers, who figure out and apply ways of subverting those controls to “break in”. This module aims to give an overview of the field of security, with an emphasis on understanding many ways that systems can be attacked. Offensive security techniques are important for developing an understanding of security problems and designing secure systems, and critical for undertaking various forms of security testing, many of which large organisations are required to complete.

Yes, you will learn how to hack all kinds of systems, and the steps attackers take to compromise systems. Yes, you will learn how to scan networks for vulnerabilities, create Trojan horses, exploit local and remote vulnerabilities, and even how to pick locks! Yes, this module will be a lot of fun. This module is designed to inspire and challenge you. It will require substantial effort on your part, but will be rewarding. There is nothing quite like the satisfaction felt after hours of testing a system for flaws, discovering a vulnerability, and obtaining your first root shell.

This module will hopefully inspire a love of the field of computer security, and give you insight into the way security systems work, the attacks they defend against, and ways the security of a system or network can be assessed.

During the semester you should refer to both MyBeckett and Hacktivity for all module related information.

59 yellow

Summary

This module develops your critical awareness of cyber security through the perspective of offensive security. You will develop an understanding of the motives and methods of hackers, and the steps a hacker undertakes, and will learn to apply these same techniques to perform ethical hacking and penetration testing, to test the security of systems. You will also critically explore ethics and privacy in the context of cyber security. The module will provide the knowledge and theoretical underpinnings in preparation for future employment opportunities.

These practical labs will develop your understanding of ethical hacking and penetration testing, with a focus on Linux, security tools, malware, ethical hacking, and vulnerability analysis. The "Introduction to Linux and Security" lab provides a foundation in Linux command-line operations and security concepts. The "Malware and an Introduction to Metasploit and Payloads" lab delves into the world of malware, exploring types and using the Metasploit framework. "Vulnerabilities, Exploits, and Remote Access Payloads" focuses on software vulnerabilities, exploits, and the Metasploit framework. "Information Gathering: Footprinting" and "Information Gathering: Scanning" labs cover techniques for collecting data and scanning networks. "From Scanning to Exploitation" provides hands-on experience in moving from scanning to exploitation, using tools like Nmap and Metasploit. Finally, the "Post-exploitation" lab explores activities post-system access, such as privilege escalation and advanced payloads. The "Vulnerability Analysis" lab introduces tools like Nmap, Nessus, and Nikto for assessing and addressing vulnerabilities in computer systems. Each lab includes lecture slides, readings, and hands-on exercises to enhance your practical skills in cybersecurity.

Learning Outcomes

• LO1: Critically apply malware and attack technologies: including applying ethical hacking techniques to perform a security audit of systems and networks (including vulnerability analysis, scanning, exploitation, and post-exploitation), and to understand the steps taken by malicious attackers
• LO2: Critically comprehend adversarial behaviour, the nature of cyber crime, and attack vectors
• LO3: Critically explore ethics, privacy and online rights, including the ethics and practical steps involved in disclosure of new security vulnerabilities