E-læring

Målet med disse e-læringsmoduler er at øge kompetencerne blandt IT-studerende og IT-professionelle. Modulerne er primært målrettet folk med IT-baggrund, men netop fordi formatet er modulært, kan de samme moduler bruges af professionelle, som del af efteruddannelse, og som del af ordinære uddannelser – også på tværs af uddannelsesinstitutioner.

Med støtte fra Center for Cybersikkerhed, Industriens Fond og IT-vest gøres en række e-læringsmoduler inden for cybersikkerhed derfor tilgængelige her på siden. Modulerne er blevet udviklet i et bredt samarbejde mellem flere uddannelsesinstitutioner i Danmark.

Cybersecurity Introduction
Course in english

The purpose of this introduction is to provide you with an overview of the field of network security.
The lecture is organized in 7 topics, and each of them are followed by a number of questions for self-assessment (except for the first one). In the end, there is an additional quiz that covers the whole introduction.

Læs mere

Introduction to Phishing
Course in english

This course aims to introduce the fundamental components that adversaries use to construct phishing attacks. In difference to many other cybersecurity incidents, building up an effective defence against phishing is less about firewalls, programming codexes and network set-ups, and more about awareness and user training. Technical countermeasures as DNS blocking and spam filter setups are still an important aspect for security professionals but they cannot stand alone.

Læs mere

Phishing prevention
Course in english

This course examines techniques that can be used by individuals, companies and organisations to effectively combat the ongoing threat from phishing attacks. The course is research-based, in the sense that it is based on state-of-the-art research within selected areas of phishing prevention. The course will give you a pretty good understanding of some the most important phishing prevention methods, and the challenges in using them.

Læs mere

Phishing techniques
Course in english

Throughout this learning module, you’ll be presented with interactive text based learning, short video presentations, pen-casts and quizzes. Furthermore, the module is integrated with the AAU Virtual Cyber Platform (HAAUKINS), through which you will be able to test your newly acquired knowledge by acting as an adversary yourself and constructing a phishing attack.

Læs mere

Network monitoring
Course in english

Monitoring and sniffing networks are fundamental parts of cybersecurity. Probing networks or internet services, searching for vulnerabilities or possible entry points for infiltrating IT assets constitute the backbone of cyber attacks – and on the other hand also for finding vulnerabilities before the attackers. This online educational module presents fundamental methods and theories within network monitoring and sniffing and introduces valuable tools for conducting passive monitoring.

Læs mere

Cross-site Scripting
Course in english

This course presents an online learning module consisting of brief textual based descriptive content and a short quiz introducing the general concept of Cross-Site scripting attacks, but most importantly include a hands-on hacking experience through the AAU virtual cyber platform (HAAUKINS). With this combination of theoretical content and practical experience, we aim to provide learners of the course with a solid understanding of XSS attacks, protection techniques and possible consequences.

 

Læs mere

Cross-site Request Forgery

Modulet består af en grundlæggende introduktion til cross-site request forgery med udgangspunkt i tekst, kode-eksempler og screenshots. Derudover er der to opgaver på den virtuelle træningsplatform. Modulet giver deltagerne en grundlæggende viden om, hvad cross-site request forgery er.

Læs mere

SQL Injection

Manipulative hacking techniques known as SQL Injection, abuses the communication between a web application and a database, to insert, delete, extract or manipulate data without privileges to otherwise do so. SQL Injections are all about placing malicious code in SQL statements, through inputs to web sites such as user registrations and discussion forums.

Læs mere

Wireshark 1
Course in english

Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and try to display the packet data as detailed as possible. It can be used for many different things such as troubleshoot network problems, examine security problems or just learn the network protocols.

In this course you will learn how to use Wireshark on a beginner level.

Læs mere

Wireshark 2 and https
Course in english

This course is Wireshark further explained and you will learn HTTP and HHTPS requests and different decryption methods.

 

Læs mere

Reconnaissance
Course in english

Reconnaissance is a concept that is known for centuries, primarily for military strategical purpose. In IT security it is an important phase, in which an attacker uses for obtaining detailed information about their target. By using specific tools (presented in this course) for this phase of the attack, the attacker can interact with potential open ports, services running, etc on the targets network/systems or attempt to gain information without actively engaging with the network.

Læs mere

Introduction to pentesting
Course in english

Penetration testing is a type of security testing that is used to test the insecurity of an application. It is conducted to find the security risk which might be present in the system. A company hires an external IT-security consultant to do the penetration test of the company’s IT system, they are called pentester. Along this course it will be referred as pentester. They belong in the red team, the red team is the offensive part of IT security.

Læs mere

Log parsing with python
Course in english

Parsing is basically the process of breaking the process down, your log message into smaller chunks of data and placing them into its own specific named fields by following a set of roles. It is easy to search in a log for specific words or numbers and to count it. It gives the opportunity to count words or numbers, specially for HTTP status code analysis. When looked at the log’s status code values at for example: Apache logs, it can be used to count the numbers of different HTTP status (such as: 200, 304, 302 and 404).

Læs mere

Network scanning
Course in english

Scanning of networks is a fundamental part of cybersecurity. Probing networks or internet services, searching for vulnerabilities or possible entry points for infiltrating IT assets, is a backbone of cyber-attacks.

This online educational module presents fundamental methods and theories within network scanning and introduces valuable tools for conducting effective scans of computer networks.

Læs mere

Regulation and Cyber Security 1
Course in english

The purpose of this course is to give you an introduction to the regulation relevant to cybersecurity. In the increasing focus on cybersecurity, a number of questions arise concerning regulation; Firstly,  what are we actually defending ourselves against? What is the understanding of cybercrime, from the Danish Criminal Law perspective?

Second, what is the legitimate response to cybercrime? What is the criminal legislation concerning digital self-defence? What is the purpose of the framework of the EU General Data Protection Regulation (GDPR) in relation to cybersecurity?

Læs mere

Regulation and Cyber Security 2
Course in english

In relation to how the individual can combat cybercrime, we will try to clarify what is permitted as digital self-defence for the systems owner experiencing an attack on their systems. We touch upon the traditional concepts in the Danish Criminal Law about self-defence and elaborate this principle into the digital sphere.

Next, an introduction to the regulation concerning the collection and processing of personal data will be provided.

Læs mere

Linux Command Line & Kali
Course in english

During this course you will be introduced to some of the most important Linux system commands and techniques regarding server access, file system navigation, administration of privileges, network configuration and much more. The course requires NO previous experience with Linux Command Line so if this is your first encounter, do not fear at all – you’ll be guided gently through the entire process.

Læs mere

Fundamentals of Metasplot
Course in english

Welcome to this course about the Fundamentals of Metasploit!
The course contains an elementary introduction to the framework and its use. Furthermore, it presents a challenge, where you will get an opportunity to perform some tasks with Metasploit by yourself. It is part of a series of courses, where “Linux Command Line and Kali” comes first, followed by this course “Fundamentals of Metasplot”. The next course in the series is “Metasploit 2”.

Læs mere

Metasploit and MSFVenom
Course in english

This course will be built on top of the course Fundamentals of Metasploit. It will make you familiar with some of the other modules in the framework and teach you to use the command-line utility called MSFvenom.
It will also let you try your hand at using these tools in two challenges.

Læs mere

APR Spoofing
Course in english

In this short course you will learn about ARP, and how it is vulnerable to spoofing attacks. ARP stands for Address Resolution Protocol, and is used for resolving addresses between layer 2 and layer 3 in the OSI model (i.e. MAC and IP addresses).

Læs mere

Code Analysis
Course in english

The course consists of two parts: First a set of readings about static taint analysis. Since it contains a fair bit of Mathematics, the readings are included as a PDF document. After reading the document, we invite you to solve a Challenge on the Haaukins Training Platform. While it is not directly application of code analysis, it is a way to practically explore one of the Injection attacks that is discussed also in the course material.

Læs mere

Reverse Engineering – Theory
Course in english

Welcome to this Course on Reverse Engineering. It is the first of two courses on Reverse Engineering: This course focuses on the theoretical foundations, but include also a practical challenge for trying it out in practice. It is recommended to do the second course afterwards: It contains no more theory, but give you a chance to get your hands on some reverse engineering challenges.

Læs mere

Reverse Engineering – Practice
Course in english

It is the second of two course on Reverse Engineering: While the first course focused on the theoretical foundations and the Radare2 framework, this course provides you with different challenges, where you can practice your skills in the HAAUKINS Lab.

Læs mere

Vulnerability Scanning
Course in english

This course will complement the previous course on Network Scanning, and we will go a bit deeper into finding vulnerabilities. Once you have identified relevant vulnerabilities, the next step would be to exploit them e.g. in order to gain access to systems or information. To learn about exploitation, we recommend to follow the courses on Metasploit. But for now, we turn towards vulnerability scanning

Læs mere