Education

The necessity of data protection and its main objectives. Ensuring availability, integrity, and confidentiality. Physical, human, and technical threats and defenses against them. Data protection, digital signatures, and cybersecurity laws. The process of encryption, symmetric and asymmetric encryption, DES, 3DES, AES, RSA, digital signatures, hash functions. Public Key Infrastructure (PKI), certification authorities. Identification, authentication, authorization. User authentication. The SSL/TLS protocol.

Examination of file access systems, file permissions, management and configuration of encrypted file systems, user management, passwords and authentication methods, SSH authentication, key generation, network traffic analysis using the Wireshark software package, OpenSSL library.

Basic concepts, attacks, symmetric encryption algorithms, block cipher modes, stream ciphers. Asymmetric algorithms: systems based on discrete logarithms, their practical implementations, attacks. Digital signatures: hash, MAC functions, remote user authentication. Federated identity, Single Sign-On (SSO), internet security protocols: TLS/SSL protocol, secure email: PGP and S/MIME. Wireless network security: mobile device security, Wi-Fi security, anonymous communication.

During the course, we will explore blockchain technology in depth, including its history and key properties. In the following weeks, we will examine the cryptographic background of blockchain, focusing on transactions, consensus mechanisms, and the various application areas of the technology, such as cryptocurrencies and smart contracts. This will be complemented by rich case studies and perspectives on the future of blockchain.

Linux user knowledge required for ethical hacking: BASH scripting, pipes. Basic concepts and associated tools: bind shell, reverse shell, SSH, netcat, socat, msfvenom. Vulnerability search: searchsploit, exploit-DB. Use of automatic and semi-automatic tools: Nessus, LinPEAS, WinPEAS. Hash and password attacks, both online and offline: hashcat, john the ripper, THC hydra, wpscan, Burp Suite. Network monitoring and penetration: Wireshark, aircrack-ng, dirbuster, gobuster.

Cryptographic basic concepts: message, encoding and decoding functions, key. Fundamentals of modern symmetric encryption algorithm design; Feistel networks and DES; substitution and permutation block methods, AES. The necessity of asymmetric encryption and its fundamentals. One-way and trapdoor one-way functions, as well as hash functions. Public-key cryptographic systems based on the discrete logarithm problem: Diffie-Hellman key exchange and ELGamal encryption. Digital signature schemes.

Basic concepts (CIA triad), tools and objectives of cybersecurity, malicious software and attack technologies, access control (DAC, MAC, RBAC, ABAC, CBAC), access control in distributed systems, authentication, user authentication, authentication in distributed systems, traceability, secure operations and incident management, Monitor Analyze Plan Execute-Knowledge (MAPE-K), regulations, standards.

Encryption process, symmetric and asymmetric encryption. Asymmetric algorithms: DLP, DH key exchange, ElGamal encryption. Elliptic curve arithmetic, ECDLP. Digital signatures: DSA, ECDSA. Enterprise security: user authentication, biometric, smartcard-based authentication, access control, DAC, MAC, RBAC, ABAC, database protection, SQLi attacks and defenses, database encryption, security issues in cloud computing, security issues in e-commerce.

The philosophy of secure programming, design principles of secure programming, robust programming, security architecture, automation and testing, buffer overflow, format string vulnerabilities, integer overflow, exception handling, command injection, failure to handle errors correctly, information leakage, race conditions, poor usability, improper updates, execution of code with excessive privileges, and the CWE Top 25 most dangerous software vulnerabilities.

The application of data science and artificial intelligence tools (clustering algorithms, decision trees, deep learning) in the field of information security. Attacks and defenses in cybersecurity. Detection of fake media content, spam, and phishing emails. Malware, network attacks, and intrusion detection. User authentication. Secure web.