• Course title: Human Centered Security Design
• Number of ECTS: 2
• Course code: MCYSD-2
• Module(s): 1.1 Computer, Software, and System Security I
• Language: EN
• Mandatory: Yes

Provide an overview of the fundamental principles of Human-Computer Interaction and its role in designing secure interactive systems.

Introduce the landscape of user-centered methodologies and methods.

Present the practical steps for applying these methodologies in real-world academic and organizational security-related scenarios.

After successfully finishing the course, students will be able to:

Understand the fundamental principles of Human-Computer Interaction and its role in designing secure interactive systems, including approaches to user-centered design (humanity-centered design, value-sensitive design, etc.).

Recognize the ethical and societal implications of design, including the impact on privacy and security.

Motivate the need for user studies in academic and organizational settings, effectively communicating their importance to management and decision-makers.

Practically apply user-centered design methodologies in their work.

Evaluate security-related interface instances through various user evaluation methods.

Conduct a user-centered design process that is integrated into a project.

According to the study by Stanford and Tessian, nearly 88% of security breaches occur due to human error. At the same time, users are considered an organization’s last line of defence against malicious agents. Both of these points require an understanding of how people in the organization interact with security mechanisms and how to reduce human error to make these mechanisms more usable. The goal of the course is to introduce the concept of user-centred design and explore different approaches and methods to incorporate users’ insights into secure system design.This helps create security measures that users can adopt without conflicting with their daily tasks and work priorities. Students will receive knowledge about the core principles of user-centred design, including ethical and value-based design considerations, as well as the behavioural and cognitive aspects of users that should be taken into account when introducing privacy and security-oriented measures. Students will also practice research processes from UX design and social sciences, such as study planning, user sampling, qualitative and quantitative data collection and analysis, with methods like interviews, questionnaires, prototyping, and user testing.  By the end of the course, students will be capable of collecting and analyzing users’ requirements and implementing them in their everyday work within the organization or while working on security projects with intensive user involvement.

100% presentation

• Course title: Information Security Basics
• Number of ECTS: 4
• Course code: MICS2-3
• Module(s): 1.1 Computer, Software, and System Security I
• Language: EN
• Mandatory: Yes

The objective of this course it to provide an introduction to information security

* explain the role of security protocols in the design of secure systems;* use the standard building blocks for security protocols: nonces, symmetric and asymmetric encryption, hash functions;* compare symmetric vs public key cryptography* classify attacks by attack scenarios and by attack goals* describe weaknesses of historical ciphers: substitution, transposition, WWII ciphers* describe basic modes of operation of block ciphers: ECB, CBC, Counter mode* describe the RSA public-key encryption scheme and the RSA signature scheme

The goal of this course is to provide basic background in Cryptography and IT security and to show what expertise in these areas is available in the laboratory of Algorithms, Cryptography and Security (LACS) and CSC. The topics cover symmetric and public key cryptography and security of protocols

67%: final exam. 

33%: homework.

• Course title: Introduction to Provable Security in Cryptography
• Number of ECTS: 6
• Course code: MICS2-59
• Module(s): 1.1 Computer, Software, and System Security I
• Language: EN
• Mandatory: Yes

The students will learn:

– a selection of advanced security properties being studied in modern public-key encryption

– how to formalize and prove these properties – the techniques used to achieve these properties

– application scenarios which profit from the use of the considered scheme

Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:”Table Normal”; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:””; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin-top:0cm; mso-para-margin-right:0cm; mso-para-margin-bottom:8.0pt; mso-para-margin-left:0cm; line-height:107%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:”Calibri”,sans-serif; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:”Times New Roman”; mso-bidi-theme-font:minor-bidi;} Normal 0 false false false EN-US X-NONE X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:”Table Normal”; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:””; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-pagination:widow-orphan; font-size:10.0pt; font-family:”Times New Roman”,serif;}  The students will learn how to formally define security for cryptographic primitives. They will experience the difficulties in designing primitives that achieve certain properties and learn techniques to tackle those difficulties as well as proof techniques that allow to formally prove security.The following is a preliminary list of topics that can be adapted to better suit the audience:- Derivation of and relations of security properties for public-key encryption: OW-CPA and IND-CPA- Cryptographic assumptions (IF, RSA, DL, CDH, DDH) and idealized computational models (Generic Group Model, Algebraic Group Model)- ElGamal and its IND-CPA security- Hybrid Arguments- Hardcore Predicates and Blum-Goldwasser encryption- IND-CCA security- Zero-knowledge proofs and Naor-Yung encryption- Random Oracle Model and Fujisaki-Okamoto encryption- Hashproof systems and Cramer-Shoup encryption- Indentity-based encryption and the Boneh-Boyen scheme- Updabtable encryption 

Final oral or written exam (depending on the number of participants)

• Course title: AI and Cybersecurity
• Number of ECTS: 5
• Course code: MA_ERAS_CYBERSECU_1-5
• Module(s): 1.2 Cybersecurity Systems, Risks, and Threats
• Language: EN
• Mandatory: Yes

The objective of the course is to make the students familiar with the quality and security threats to AI systems, especially in light of  (European) regulations. The course generally introduces the students to the foundations of security attacks, but enables also the manipulation of the related concepts through experiments (via Jupyter notebooks). The covered topics include: evasion attacks on computer vision, tabular data, NLP models; poisoning attacks; privacy concerns and threats; distribution drifts, presentation attacks on biometric systems, vulnerabilities in AI-based malware detectors, certifiable robustness, detection of generated content, regulation and auditing, etc. The course sessions will feature ex-cathedra presentations from the teaching team and external speakers, focused discussions, hands-on exercises, expert panels, paper reading and presentation by the students.

Students understand the security concerns that AI system raised and the limitations of using AI systems for cybersecurity. Students can experiment on specific security attacks and defenses through the use of established Python libraries. Students can read advanced scientific papers and reproduce previous experiments. Students can have some understanding of the meaning and implications of regulations related to AI systems and their security. 

  – Intro to machine learning security and offensive AI / Basic tool setup- Evasion attacks on computer vision systems, white-box and black-box threat models, transferability- Malware detection using AI and its pitfalls / Introduction to the end of year project- Dense task security with application to healthcare and autonomous driving- Tabular attacks in constrained domains, with application to financial systems- Attacks on NLP model / Escape game- Privacy of AI systems / Detection of generated content- Distribution drifts- Poisoning attacks- Attacks on biometrics systems- Certified robustness- Regulations and auditing  

Combined assessment based on: Presentation 50% .Assessment criteria: clarity of the presentation, quality of answers, depth of investigation, replicability of tooled artefactsActive participation 50% .Assessment criteria:  attendance, completion of in-class exercise, participation in discussions

Student’s Laptop is required for this course

• Course title: Static and dynamic software security analysis
• Number of ECTS: 5
• Course code: MA_ERAS_CYBERSECU_1-11
• Module(s): 1.2 Cybersecurity Systems, Risks, and Threats
• Language: EN
• Mandatory: Yes

Through this course, the student will learn the fundamental theoretical concepts and techniques of static analysis. The student will be able to use this knowledge to implement static analyses to solve concrete security problems. In a second, smaller part of the course, the student will learn how to dynamically analyse programs with fuzzing. 

*The student should be able to critically read publications related to static and dynamic analysis (research paper, etc.) * The student should be able to select an adapted approach to solve a specific static analysis problem * The student should be able to implement static analysis techniques * The student should be able to run a fuzzer. 

Static analyses are used in various situations, from compiler code optimization to security analysis of Android applications. This course provides the concepts and techniques underlying static program analysis. Topics include forward/backward data-flow analysis, inter-procedural analysis, pointer analysis and call graph construction. A particular focus will be given to recent and advanced techniques such as Android bytecode static analysis for security. The course will mix theory and practice. Students will implement simple analyses and complete a course project. In the second part of the course, the student will learn the foundations of dynamic analysis techniques and, in particular, the foundations of fuzzing techniques that are widely used to detect vulnerabilities. 

Combined assessment: – Written exam : 30%- Take-home assignment : 50%- Project : 20%

• Course title: Security Protocols
• Number of ECTS: 4
• Course code: MICS-SECURTRUST-014
• Module(s): 1.3 Design and Analysis Methods in Cybersecurity
• Language: EN
• Mandatory: Yes

The objective of the course is to provide students with an in-depth knowledge of the methods and tools for the specification, design and analysis of security protocols in different domains

     Review of basic cryptography    Protocol specification     Protocol execution model    Adversary Models    Security properties    Secrecy    Authentication    Privacy, Anonymity, Untraceability    Automatic Verification of Security Protocols    Non-Repudiation Protocols    Fair Exchange Protocols Time permitting, one or more of the following topics will be covered.     Distance Bounding    RFID Protocols    Secure Multi-Party Computation Protocols

Evaluation: Final Exam 100%

• Course title: Structural Analysis Techniques and Methods
• Number of ECTS: 4
• Course code: MCYSD-1
• Module(s): 1.3 Design and Analysis Methods in Cybersecurity
• Language: EN
• Mandatory: Yes

The student will acquire basic knowledge of the following subjects:- critical thinking- process of thinking in analysis; – argumentation and fallacies; – cognitive bias in security. Besides, the student will be introduced to:- human factors in security design – social engineering attacks that take advantage of human factors – (phishing, on-line deception, and fake news) – be open-source intelligence methods and sources- intelligence analysis techniques

After having taken this course, students will – avoid bias in reasoning- cope with uncertainty in intelligence analysis- be aware of the human limitations and idiosyncrasies in security – comprehend human factors in security – understand the principle of social engineering attacks- know open-source intelligence tools and methods- familiarize with intelligence analysis techniques

1. Introduction to the course 2. Critical thinking and biases3. Argumentation and fallacies4. Human factors in Cybersecurity, Human error, & situational awareness5. Human Factors and HCI analysis methods6. Human Factors in Cybersecurity: Disinformation (use case)7. Human Factors in Cybersecurity: Phishing (use case)8. Introduction to Intelligence Analysis9. Open-source intelligence10. Threat intelligence and Cybercrime11. Cybercrime, privacy, intelligence, and analysis.

40% assignements + 60% final presentation and questions

• Course title: Principles of Security Engineering
• Number of ECTS: 5
• Course code: MICS2-24
• Module(s): 2.1 Cybersecurity Engineering
• Language: EN
• Mandatory: No

This course aims at teaching students the fundamental principles of engineering secure systems.More specifically the goals are:- to give a broad understanding of how secure systems are designed and evaluated.- to explain key security concepts and mechanisms as well as pitfalls.- to describe how systems are attacked and defended: typical threats, vulnerabilities and counter-measures.- to take a “system-based” approach, i.e. to take account of the whole system rather than just the technical, e.g. crypto algorithms and protocols

* Evaluate security systems and identify their vulnerabilities* Propose countermeasures to vulnerabilities and attacks* Evaluate security requirements

Intro (concepts, principles)Policies and models (access control etc)Information flow (enforceable policies)Socio-technical aspects.Physical security, locks, tamper resistance/evidenceCopyright, DRM, watermarking.Privacy (Jonker)Network security (malware, phishing, botnets…)Security evaluation and testingAdvanced Protocols (PAKE, QKD, ZK, OT, …)Misc topics (API, TCM, attack trees, game theory, ECC, MDD,…)Secure voting systems

The course will be evaluated based on a report (50%) and presentation (50%) at the end of the course

• Course title: Security of Mobiles
• Number of ECTS: 4
• Course code: MCYSD-4
• Module(s): 2.1 Cybersecurity Engineering
• Language: EN
• Mandatory: Yes

This course provides students with an overview of the security aspects in mobiles, with a particular focus on the Android ecosystem. Students will explore state-of-the-art literature on mobile security, examine recent attacks and malicious code, and study both static and dynamic evasion techniques employed by adversaries. The course also delves into defense mechanisms, including reverse engineering, static and dynamic analysis techniques, and the application of AI techniques. 

Through a combination of lectures, case studies, and hands-on projects, students will gain the skills necessary to analyze, detect, and mitigate security threats in mobile devices

50% Written Exam ; 20% Active Participation; 30% Take-home assignment

Written Exam

: Assess students’ comprehensive understanding of the course material, measure their ability to integrate and apply knowledge, and evaluate their skill proficiency. Assessment rules: 2h00 written exam. No computer. Format: questions on the course materials/content. No material allowed. Assessment criteria: Application of knowledge acquired during the course. Critical thinking about open questions.

 

Active Participation : Encourage students’ participation and concentration. Make brainstorming sessions and discussions about latest findings in the literature active.

Take-home assignment:

 

Apply and reinforce course concepts by analyzing practical mobile security challenges. 

 

• Course title: Focused Activities I
• Number of ECTS: 3
• Course code: MCYSD-10
• Module(s): 2.2 Focused Activities I
• Language: EN
• Mandatory: No

The students will have insights on a series of up-to-date subjects related to cybersecurity and cyber defence practices and activities. This may include a revision, or different perspective of topics addressed in some other course, and/or hands-on exercises under the guidance of experts which will complete the student’s preparation. Thus, the student will acquire improved analytical skills, a broader understanding of the multi-faceted nature of cybersecurity, and operational skills.

 

 

When and where requested, students will be assigned to work on texts or subjects that deepen, sometimes, or broaden, some others, topics relevant to building knowledge in cybersecurity. The selection of these texts or subjects will be made available time by time the lectures are delivered, but generally, the student will be asked and reflect on the texts or subjects guided by questions discussed in class. 

100% Presentation of the final project deepening on some of the topics presented during the cours. 

Towards the end of the semester, the student will be asked to develop a small research project, delving deeper into one of the key themes covered in the course. 

This project will be developed in stages: a) abstract and choice of the topic; b) written work; and c) oral presentation with discussion.

 

• Course title: Software Vulnerabilities: Exploitation and Mitigation
• Number of ECTS: 5
• Course code: MICS2-44
• Module(s): 2.3 Computer, Software, and System Security II
• Language: EN
• Mandatory: No

Through this course students will understand software vulnerabilities from memory corruptions to command injections.Both the defensive and offensive aspects will be studied: students will learn how to mitigate, find aNd exploit software vulnerabilities.

* Students should be able to critically read publications related to software vulnerabilities (research paper, etc.)* Students should be able to identify vulnerable code and write robust code preventing vulnerabilities from being introduced in the code.* Students should be able to exploit simple known vulnerabilities.

Our lives and our societies rely on computer programs (software).Every day, we use devices running software written in millions of lines of code because it makes our lives easier.However, the complexity and the size of existing software, added to the fact that humans write most of the software,introduce bugs.Some of these bugs, called vulnerabilities, can be exploited by an attacker to compromise a device or leak information.Have you ever wondered how programmers make their code more robust to avoid introducing vulnerabilities?Have you ever wondered how attackers can find vulnerabilities and exploit them to take control of a remote device onthe Internet or of your smartphone?Have you ever wondered how attacker can dump an entire database containing personal information about millions ofusers?In this course, you will learn both how to defend against vulnerabilities and how to exploit vulnerabilities.This course covers memory corruption vulnerabilities such as buffer or heap overflow, type confusion, or use after free.It also covers more high level vulnerabilities such as SQL injection or confused deputy.The course will mix theory and practice.On the offensive side, you will implement simple programs to exploit vulnerabilities.On the defensive side, you will correct vulnerable programs to prevent exploitation but also learn how to use techniques such as fuzzing to find new vulnerabilities.

Each student will get three grades: one for the assignments (labs), one for a project, and one for the exam(s). The final grade is obtained by using the following weights:50% assignments (labs)20% for a project 30% for exam(s)However, in order to pass, the student needs to get at least 7 out of 20 for the exam(s).If the student gets less than 7 out of 20 for the exam(s), the final grade will be computed as follows:50%(assignment grade /2) + 20%(project grade /2) + 30% exam grade If a student fails, the student can keep his/her grades related to the assignments and projects. Only attending the exam(s) is mandatory. Once the exam(s) is completed, the final grade is obtained by following the same weights as presented above (i.e., 50% assignments (labs), 20% for a project, 30% for exam(s)) Again, getting at least 7 out of 20 for the exam(s) is mandatory.

• Course title: Microkernel Based Systems
• Number of ECTS: 5
• Course code: MICS2-57
• Module(s): 2.3 Computer, Software, and System Security II
• Language: EN
• Mandatory: No

The main framework is a series of lectures with assignmentsin the form of a combination of reading assignments and practical exercisesleveraging a virtualization environment, such as QEMU, and a state-of-the-artmicrokernel-based system (e.g., L4.RE).The course will introduce the C / C++ / Assembly level programming skillsthat are necessary to implement system calls and to interact with devices andthe processor hardware.

• Understand advanced operating system techniques and their role in faultcontainment, vulnerability mitigation and the construction of trusted systemsfrom untrusted components• Construct trustworthy systems with the help of virtualization techniques andtrusted execution environments• Gain practical experience programming at kernel level

This course gives an overview on microkernel construction and on thefundamental design principles for constructing microkernel andmicrohypervisor-based systems. The course covers advanced operatingsystem topics, such as device pass through in virtual machines, trustedexecution, etc., and serves as a deep dive into system-level techniques tosecurity and reliability. It prepares to pursuing research in resilient operatingsystems or a related field (e.g., master projects or PhD theses).• Review of the evolution of Microkernels-/Hypervisors and Microkernel-basedSystems• Foundations of Microkernel-Based Systems• Kernel Mechanisms and Abstractions• Architecting, Constructing and Programming Microkernels• Verification of Microkernel-Based Systems• Resilience Aspects at Application and Microkernel Level• Introduction to Systems Programming in C / C++

Assignments: 40 %, Final Exam 60 %

• Course title: Designing Data Vizualisation
• Number of ECTS: 3
• Course code: MCYSD-5
• Module(s): 2.4 Data Processing and Communication
• Language: EN
• Mandatory: No

– Introduce students to data visualization and related theories and frameworks (e.g., human visual perception).- Discuss real-world case studies that highlight effective and ineffective data visualization practices.- Develop students’ ability to analyze and critique data visualizations using specific evaluation criteria.- Provide hands-on opportunities to iteratively design and refine visual representations of data

By the end of this course, students will be able to:- Identify and apply fundamental principles of effective data visualization, including visual encoding, color theory, and perceptual psychology.- Critique existing visualizations, identifying strengths and weaknesses based on best practices and audience needs.- Design visualizations that effectively communicate complex data insights while maintaining clarity and accessibility.- Tailor visual representations to different audiences and contexts, optimizing for engagement and decision-making.

This course explores the principles and strategies for designing effective data visualizations that communicate insights clearly and efficiently to a targeted audience. Through lectures, discussions, and hands-on exercises, students will develop an understanding of how design choices impact perception, comprehension, and engagement. Emphasizing design thinking, critique, and evaluation, this course will equip students with the skills to assess and improve visual representations of data. While technical implementation will be briefly covered, the primary focus is on conceptualizing and refining visualizations to maximize their impact in decision-making contexts.

100% written exam 

• Course title: Science Communication
• Number of ECTS: 3
• Course code: MCYSD-6
• Module(s): 2.4 Data Processing and Communication
• Language: EN
• Mandatory: Yes

Understand different contexts of science communication and be capable of delivering outstanding presentations in each case

You will learn all aspects of preparing a scientific presentation and preparing yourself for delivering it, and you will understand the communication contexts of of oral and poster conference presentations, project and company pitches, and job interviews.

Please see detailed syllabus in Moodle.

Active Participation 100%Objectives: You will prepare for performances at each meeting.Assessment rules: Evaluation by instructorAssessment criteria: 75% for adherence to instructions and 25% for quality of performance.

• Course title: Algorithms for Numbers and Public-Key Cryptography
• Number of ECTS: 5
• Course code: MICS2-14
• Module(s): 2.5 PROFILE : Information security and analysis – Cryptography
• Language: EN
• Mandatory: No

The objective of this course it to provide an introduction to algorithms for numbers and their use in public-key cryptography.

* describe the basic algorithms for numbers: gcd, CRT, modular exponentiation, primality tests.* list some basic properties of numbers: modular computation, Euler function, generators of multiplicative groups.* explain the RSA algorithm for public-key encryption and signature.* explain basic security proofs for public-key encryption and signature.

* basic basic algorithms for numbers: gcd, CRT, modularexponentiation, primality tests, etc.* the RSA algorithm for public-key encryption and signature.* main security notions for encryption and signature.* basic security proofs for public-key encryption and signature.

The final grade is based on homework only.

• Course title: Symmetric Key Cryptography and Security of Communications
• Number of ECTS: 5
• Course code: MICS2-12
• Module(s): 2.5 PROFILE : Information security and analysis – Cryptography
• Language: EN
• Mandatory: No

Introduction to symmetric cryptography and applied cryptography: the students will learn design and analysis principles for symmetric crypto primitives (ciphers, hash functions, MACs). They will be also introduced to the aspects of practical application of cryptography

* evaluate effects of cryptanalysis, side-channel attacks and traffic analysis on cryptographic primitives* understand hardware and software implementation issues for cryptographic primitives* understand the usage of cryptography on the blockchain* apply differential power analysis (DPA) to smartcard implementations of ciphers

The goal of the first half of this course is to introduce students to symmetric key cryptography, showing how ciphers and hash functions are designed and cryptanalyzed. We will start with some historical examples (M-209, Enigma) and then follow to the present day standards (DES, AES, SHA, GSM-A5, RC4, Bluetooth-E0). In the second half of the course we will discuss broader applied cryptography and network security topics such as crypto-hacking, cryptography on the blockchain and side-channel attacks.

The grade for this class will be an average of the homework assignments given every week. Assignments are to be solved individually. There will be no final exam

• Course title: Cybersecurity Risk Management
• Number of ECTS: 2
• Course code: MCYSD-9
• Module(s): 2.5 PROFILE : Policies, compliance and defence – Cyber Defence and Cyber Policies
• Language: EN
• Mandatory: No

Equip students with practical skills in cybersecurity risk management using NIST and EU frameworks (NIS2, DORA, etc), focusing on real-world case studies, risk assessment, and mitigation strategies

– Apply NIST and EU risk management frameworks to assess cybersecurity risks. – Utilize tools to analysis and monitor cybersecurity risks.- Develop and propose effective risk mitigation strategies.- Defend risk assessments and mitigation plans in a professional setting.

The course covers cybersecurity risk management principles using NIST’s Risk Management Framework and EU equivalents (NIS2, DORA, etc).  Through hands-on use cases, students assess risks, utilize tools to analysis and monitor cybersecurity risks, and propose mitigation strategies. Key topics include risk identification, threat landscapes, applying frameworks in organizational contexts, and effective communication of risk plans. Group projects on real-world scenarios enhance analytical and presentation skills. The course also addresses regulatory compliance and ethical considerations. By engaging with case studies and practical exercises, students prepare to tackle real-world cybersecurity challenges effectively.

50% Individual Case Study Assessment: students independently analyze a cybersecurity risk scenario and propose mitigation strategies. Grades reflect the quality of assessments, mitigations, and presentation effectiveness.

50 % Team Project and Presentation : Teams assess risks for real-world scenarios, develop mitigation plans, and defend their strategies through a group presentation. Assessment criteria: Depth of analysis, effectiveness of proposed mitigations, teamwork, and presentation skills

• Course title: Cybersecurity Tool for Threat Intelligence and Forensics
• Number of ECTS: 5
• Course code: MCYSD-7
• Module(s): 2.5 PROFILE : Policies, compliance and defence – Cyber Defence and Cyber Policies
• Language: EN
• Mandatory: No

Gain proficiency in using open-source platforms and frameworks (such as MISP, AIL, Flowintel, Kunai) for cyber-threat intelligence (CTI) and digital forensics.Develop a solid workflow for threat information sharing, automation, and structured analysis to improve incident response.Understand the forensic process on both Windows and Linux: evidence collection, analysis, and sandboxing or triaging of malware.Learn to plan a cyber-threat intelligence strategy, set intelligence requirements, and incorporate best practices for data sharing and analysis.

Upon successful completion of this course, students will be able to:•Apply MISP for threat data sharing, enrichment, and automation, demonstrating familiarity with MISP’s data model and APIs.•Design and execute a simple CTI plan by identifying intelligence requirements, aligning them with organizational objectives, and leveraging intelligence frameworks.•Implement open-source frameworks (AIL) to crawl, index, and analyze data sources, extracting actionable threat intelligence.•Perform Windows-based forensic investigations, including evidence collection and case management using Flowintel or similar tools.•Investigate Linux malware in a sandboxed environment (Kunai), identifying malicious behavior, indicators of compromise (IoCs), and correlation with threat intelligence feeds.Collaborate with peers to share artifacts, advisories, and best practices in an operational threat intelligence environment.

This course offers a practical and hands-on overview of key open-source tools and frameworks used in threat intelligence and digital forensics. The topics include MISP for threat sharing and automation, cyber-threat intelligence planning and best practices, the AIL framework for information extraction and analytics, as well as forensic analysis on both Windows and Linux platforms using open-source or freely available tools such as Flowintel and Kunai. By the end of the course, students will have developed the skills to collect, analyze, and share threat information effectively, to perform forensic investigations across multiple operating systems, and contribute to open source projects

100% project 

Objectives: Integrate multiple course components into a cohesive threat intelligence or forensic investigation scenario (e.g., analyzing a malware sample, documenting IoCs, feeding them into MISP, presenting findings).

Assessment rules: Individual or small-group project. Must produce a written report and a companion github repository holding materials and scripts produced in the frame of the project.

Assessment criteria:

•Completeness of the investigation steps•Correct usage of relevant tools (MISP, AIL, etc.)•Quality of threat intelligence correlation•Clarity and professionalism of the final report.

• Course title: Cyber Policy
• Number of ECTS: 3
• Course code: MCYSD-8
• Module(s): 2.5 PROFILE : Policies, compliance and defence – Cyber Defence and Cyber Policies
• Language: EN
• Mandatory: No

The main topics covered in the course are: understanding cyber threats; EU Cybersecurity Law (NIS 2 Directive, Cybersecurity Act, Cyber Resilience Act, DORA); Cybersecurity and Data Protection law; Cybersecurity and AI; EU bodies and agencies involved in cybersecurity; cyber defense; the right to cybersecurity.

 

As per the course objectives, by the end of the course it is expected for the students to have a foundational comprehension of the legal framework established to regulate cybersecurity at the national, European and international level. They will have an in-depth understanding of the key legislative instruments that regulate cybersecurity and the different policy considerations that have shaped EU cyber policy.

This course aims to provide an overview of the key legal instruments primarily at EU level, as well as at the international and national (Luxembourgish) level, that regulate cybersecurity

100 % oral exam

 

The objective of the oral exam is to ensure that the students have a solid understanding of the key elements covered in the course, which they can communicate to the examiner in a direct and concise manner with the ability for a nuanced response whereby the student can explain and clarify their thoughts.

The oral exam will enable the students to demonstrate a holistic understanding of the materials covered during the lectures.

Students will be provided with a list of questions to prepare from.

The assessment will be based on the quality and thoroughness of the answers given during the oral exam