Knowledge and Understanding: Knowledge and understanding of the fundamental issues inherent in software-based systems and components that operate in adversarial environments, where an entity (an "attacker") actively operates to violate cybersecurity properties and requirements. Applying knowledge and understanding: Assess the main cyber attacks feasible in a given application and architectural scenario and the corresponding mitigation mechanisms available. Assess the main risks associated with cyber vulnerabilities in a given application and architectural scenario and the corresponding prevention and mitigation mechanisms available. Ability to select, configure, and use technical tools to demonstrate specific attack scenarios based on a clear specification of the corresponding technical and operational requirements. Autonomy of judiciary Ability to apply the acquired knowledge to assess the strengths and weaknesses of specific defense mechanisms and procedures, along with the ability to identify their operational requirements and technical limitations. Learning Skills: Ability to identify and describe the key steps in a specific attack procedure, clearly separating the technical details of the specific scenario from the underlying general issues. Communication skills: Ability to describe and discuss technical scenarios using a clear line of reasoning and terminology that is both precise and accurate.

Basic knowledge of Computer Programming, Operating Systems and Computer Networks.

Hacking Lab based on metasploitable3.
Access control.
MITRE ATT&CK. Main tactics and main techniques.
Malware detection.
Password-based attacks.
NTLM and Kerberos.
Attacks in Windows environments.
Multifactor Autentication.
Memory safety vulnerabilities.
IDOR vulnerabilities.
Vulnerabilities: impact and prevalence.
Automated attacks and Defensive strategies.
Role of incentives and Societal problems.
Adversarial environments.

None. All the topics are covered by slides provided by the teacher.

A curated set of references is available on the course website. References provide real-world examples, in-depth analyses, technical manuals and the like.

https://bartolialberto.github.io/CybersecurityCourse/

Hacking Lab based on metasploitable3.
Access control - Process address space. Virtual memory vs physical memory. CPU privilege level. System calls. Process isolation. Accounts, resources, resource access. Access control model. ACL. High privilege account. Understanding association between account and processes. Linux suid. Principle of Least Privilege. Administration with double accounts. Cybersecurity and economics. Understanding access control. O.S. Access Control Essentials (Linux, Windows). Access control in smartphones. Authentication and Authorization in large organizations. Single Sign On (SSO). LDAP SSO. Attack motivations. Target categorizations
MITRE ATT&CK. Initial Access. Malware taxonomies. Infection steps. Payload generators. Reverse shells. Web shells. DLL abuse. Main Impact techniques. Ransomware. Botnets. Command and Control in botnets. DGA.
Malware detection (classification requirements) Detection scenarios: EDR, analysis platform, incident response, forensics. Threat intelligence. Introduction to EDR. Advanced Initial Access: Trusted Relationships, Supply Chain Compromise. Threat models.
Password-based attacks. Basic techniques for obtaining cleartext passwords. Brute forcing passwords online: guessing, stuffing, spraying. Detection and defense. Secure password storage. Hashing and Salting. Brute forcing passwords offline. Lookup table attacks and salting.
Introduction to Windows Active Directory. NTLM protocol. NTLM Attacks: Pass the Hash, guessing, Relay. Forced authentication and coerced authentication. NTLM with signing and sealing. Kerberos. Simplified message flow and Service Tickets. Signing and Sealing. Network attacks. Ticket Granting Service and full message flow.
Windows Logons and Credentials. Password cracking with network sniffing. Password cracking with TGT abuse (Kerberoasting, AS-REP roasting). Lateral movement. Alternate authentication material: LSASS memory. Pass the ticket and Overpass the hash. Common paths to full compromise. Examples of AD Attack paths. Bloodhound. Certified pre-owned
Multifactor Autentication. Threat models. Real-time phishing. OTP SMS and Authenticator App. Solved and unsolved threat models. Security keys. Push notifications. Trusted devices, passwordless login, passkeys. Loss of second factor.
Memory management. Introduction to memory safety vulnerabilities. Memory safety bugs. Stack smashing. Exploitation by overwrite. Vulnerability prevention strategies. Vulnerability mitigation strategies: non-executable pages, Address Space Layout Randomization, Stack Canary, Pointer Authentication.
IDOR vulnerabilities. Examples. IDOR vulnerability prevention. Introduction to web security testing: BURP. Example of IDOR in OWASP Juice Shop. Detailed analysis of two vulnerabilities (CVE-2024-3400 and Heartbleed).
Vulnerabilities: impact and prevalence. Local vs Remote Injection. CWE (Common Weakness Enumeration), CVE (Common Vulnerabilities Enumeration). CVSS Base Score. Issues in quantifying security of a software. Vulnerability lifecycle. Issues in patch development. EOL software. Responsible disclosure. Zero day vulnerabilities. Patch management. Predicting exploited vulnerabilities. Vulnerability management in organizations. Asset management Threat assessment. Environmental Assessment. Software dependencies
Automated attacks. Expected gain of automated attacks vs human-operated attacks. Attack categorization: opportunistic attacks, APT. Defensive strategies. Common security misconfigurations. Defense frameworks. MITRE D3FEND. SIEM and SOC: Practical issues
Role of incentives. Societal problems. Adversarial environments. Functional testing and cybersecurity testing. Software development life cycle and "shift left"

Lectures based on slides prepared by the teacher on each single topic.
Frequent reference to real examples of cybersecurity issues, collected and categorized on the course website
https://bartolialberto.github.io/CybersecurityCourse/

The exam consists of the following parts: 1. Delivery of a report. Textual description of the activities that will be executed in the demo. 2. Execution of a demo. Live execution of some attack or defense scenario on a platform and on a topic chosen and prepared by the student. 3. Written exam (8-10 open questions, closed book). 4. Oral exam unlikely, but possible, depending on the need for clarification and/or in-depth discussion of written exam answers. Exams will be graded based on how closely answers adhere to the learning skills and, in particular, to the communication skills declared in the course syllabus as objectives of this course. Clarity and precision are of crucial importance. After delivery of the Report and execution of the Demo a grade increase in the range [0,3] will be communicated to the student. This increase will be added to the grade of the written part. The grade increase will be determined based on a combination of: clarity of the report; technical difficulty of the demo; autonomous contribution of the student. Full specifications for the required report and demo are available on the course website, along with a sample of reports and demos delivered by past students. Report and demo must be prepared in accordance to the following policy: In any type of content produced by the student for admission to or participation in an exam (projects, reports, exercises, tests), the use of Large Language Model tools (such as ChatGPT and the like) must be explicitly declared. This requirement must be met even in the case of partial use. Regardless of the method of assessment, the teacher reserves the right to further investigate the student's actual contribution with an oral exam for any type of content produced.

This course delves into topics closely related to one or more objectives of the 2030 Agenda for the Sustainable Development of United Nations.