Written exam (in case of a small number of participants: oral tests)

To secure networks or applications, an administrator or developer needs knowledge about existing vulnerabilities. These can be efficiently uncovered through simulated hacker attacks, so-called penetration tests. In addition to theoretical basics about the planning and execution of penetration tests, this lecture provides in-depth practical knowledge of modern attack tools, current vulnerabilities and the methodology to exploit them. The spectrum ranges from footprinting to the actual attack to the placement of backdoors in a compromised system. Lecture and exercises will take place as a closely interlinked block course. Topics are: Penetration testing design options, testing modules, estimating testing effort, assessing results and documentation, tracking vulnerabilities, ethical and legal issues, penetration testing standards, footprinting, portscanning, enumeration, sniffing, attacks against encryption, common configurational vulnerabilities, methodical security analysis of web applications and typical web application vulnerabilities, dealing with metasploit, attacks against Windows networks, privilege escalation, backdoors, online and offline attacks against passwords, vulnerability analysis, exploitation of buffer overflow vulnerabilities.

Students significantly deepen their understanding of IT systems and are enabled to recognise and remedy security vulnerabilities. They have the ability to apply the knowledge in new, unfamiliar contexts and to acquire new knowledge independently. In addition, they learn to adequately include ethical aspects.

-