COURSE

• First edition: March 2024-May 2024

• Detailed program (and lot of additional material) in the course website

• Slides on Microsoft Teams (yes: Microsoft Teams). Enrollment in the team will be automatic. Participants that are not enrolled automatically should contact me by email.

EXAM

1. Delivery of a report.

2. Execution of a demo. 

3. Written exam (open questions, closed book).

4. Oral exam unlikely but possible, at my sole discretion.

The report and demo are specified below and may result in a grade increase in the range of [0,3]. Both should be completed one week before the written exam (or before the second partial exam). In exceptional cases, the demo may be completed a few days later.

Regarding the written exam:

4. • Official calls: 8 questions. If 2 answers are missing or completely wrong, the exam is failed.

   • Partial exams: two partial exams during class time, one in the middle of the semester and one at the end; 5 questions each; if 2 answers in a partial exam are missing or completely wrong, then the entire exam is failed.
     
     The two partial exams will be graded together, at the end of the semester (advantage for students is a division and distribution of the load; please participate only if you are really motivated). 

Report

A textual description of the activities that will be executed in the demo.

No more than 2000 words in Markdown, no more than 8 screenshots, structure and format described in the course web site ("Report Docsify-This" page).

The report must clearly list the sources used for preparing and executing the demo (more on this below).

Demo

Live execution of "some activity" related to the course on the PC of the candidate (usually by executing two or more VMs) and/or on some cloud service.

The activity is at the discretion of the student (if in doubt, ask me before starting). It can be either a small variation of one of the relatively simple lab activities that will be proposed during the course ("Labs" section and "Hacking Lab" section of the course website), or some completely different and possibly more complex activity chosen by the student. Some ideas:

4. • execution of a tutorial of some "attack tool" or of some "defense tool";

   • execution of some attack steps on a vulnerable machine described in a hacking write up found on the web (search the "Vulnerable platforms" page on the course website)

   • execution of some attack steps autonomously defined by the candidate on a vulnerable machine;

The duration should be approximately 20 minutes. It will be shown to me, preferably via a video call, in group sessions with several students organised on request.

The demo is not meant to prove that the candidate has become a hacker or something like that. The demo need not show any "original" material.

The demo is only meant to prove that the candidate is indeed able to "use some real tool in practice".

Showing the execution of a guide found somewhere on the web is perfectly fine, provided the source is cited in the accompanying report. Showing an activity that has been found somewhere but is described as having been developed independently by the candidate is unethical behavior and will have consequences if discovered.

Assessment of Demo and Report

After delivery of the Report and execution of the Demo a grade increase in the range [0,3] will be communicated to the student (hopefully prior to the exam). This increase will be added to the grade of the written part.

The grade increase will be determined based on a combination of: clarity of the report, technical difficulty of the demo, autonomous contribution of the student. The maximum grade increase can be obtained even with little or no autonomous contribution.

Warning

As this is the first edition of the course, I am not entirely sure that the effort required for the exam is proportionate.

The number of slides I have prepared is very close to that of my last 9 CFU courses. Moreover, in "Reti di calcolatori" there were many exercises to do, while in "Computer Networks 2 and Principles of Cybersecurity" there were fewer exercises, one report and one demo.  So I think the effort should be ok. But we will analyse and discuss during the semester.