COMPUTER SECURITY AND LABORATORY

Module LABORATORY

1. Knowledge and understanding. Students will get to grips with "frontier" security issues such as non-repudiation, penetration testing and formal analysis.
2. Applying knowledge and understanding. Students will complete their fundamental security knowledge with the practical applications of the tools for penetration testing and formal analysis.
3. Making judgements. Students will become expert players of the "security game", and in particular of the tools to play actively and successfully in a Capture The Flag in the style brought forward by Professor Giovanni Vigna and his team.
4. Communication skills. Students will familiarise with advanced cyber security terms, building their capacity to conjugate penetration testing and formal analysis towards the deployment of secure systems.
5. Learning skills. Students will get the critical attitude and competences to tackle and solve advanced security problems are they arise in various forms.

The course is delivered through lectures and practical activities. The lectures introduce the theoretical concepts, while the practical activities allow their application through exercises and case studies.

If the course is taught in hybrid or online mode, the necessary adjustments may be introduced with respect to what was previously stated, in order to comply with the programme outlined in the syllabus.

The Computer Security Lab is designed to provide students with practical skills in vulnerability analysis and the use of advanced cybersecurity tools. The module begins by exploring vulnerability and weakness databases, such as CVE (Common Vulnerabilities and Exposures), NVD (National Vulnerability Database), MSB (Microsoft Security Bulletins), and CWE (Common Weakness Enumeration), which provide information on known vulnerabilities and common weaknesses in computer systems.

Next, the lab introduces the use of the Metasploit Framework, one of the most widely used platforms for penetration testing. Students set up their own virtual testing lab, using and configuring vulnerable virtual machines to learn how to manage the basics of Metasploit, such as executing exploits, payloads, and attacks against these systems. The different types of shells that are used in this context are then explained, with particular focus on Meterpreter, a shell that offers many remote control and post-exploitation capabilities.

The course also covers specific operational modes of Meterpreter, such as the stageless mode, which allows exploits to be executed without intermediate stages, and silent shells, which are used to maintain stealthy access to compromised systems. Meterpreter migration to other processes, a technique that helps avoid detection and maintain control over a system even after the original process has been terminated, is also examined.

Finally, the lab focuses on post-exploitation techniques with Metasploit, covering activities that can be performed after gaining access to a system, such as credential theft, gathering of sensitive data, and privilege escalation.

• Lecture notes given by the lecturer on the Teams channel dedicated to the course
  
• William Stallings: Sicurezza delle reti. Applicazioni e standard
• Bruce Schneier: Sicurezza digitale. Miti da sfatare, strategie da adottare

1. Optional mid-term tests, with lab activities aiming to solve real-world problems.
2. Implementation project.
3. Oral examination.

Examinations may take place remotely, if required by the circumstances.

The implementation project has an integrative value with respect to the oral exam and contributes inseparably to the determination of the final grade. It does not represent an opportunity to increase the score, but rather a necessary component for the overall assessment of the student’s preparation.

For the assignment of grades for individual assessments, the following criteria are typically followed:

- Fail: The student has not acquired the basic concepts and is unable to answer questions or complete the exercises.

- 18-23: The student demonstrates a minimal mastery of the fundamental concepts; their ability to present and connect content is modest, and they can solve simple exercises.

- 24-27: The student shows a good grasp of the course content; their ability to present and connect the content is good, and they solve exercises with few errors.

- 28-30 with honors: The student has acquired all course content and can present them comprehensively with a critical perspective; they solve exercises completely and without errors.

Students with disabilities and/or learning disorders (DSA) must contact the lecturer, the CInAP representative at DMI (prof. Patrizia Daniele) and the CInAP itself well in advance of the exam date, to inform them of their intention to take the exam with the appropriate compensatory measures.

• Mid-term test: exploit a vulnerability using Metasploit, within a testing environment.
• Implementation project: develop a Metasploit module that exploits a known CVE for which there is no public exploit available.
• Oral examination: describe how the Meterpreter migration from one process to another happens, and what are the advantages of executing this operation.

Please note that the questions in the above list are indicative, and the questions asked during the exam may substantially differ from the aforementioned ones.