Advanced Patterns for Cyber Security Architecture (3 ECTS, E. Richter)
Large and complex cyber systems, often spanning from legacy to cloud systems, are difficult to maintain and operate, including all questions on cyber security. Interactions of systems in distributed environments are challenging to design and design flaws may lead to serious issues in cyber security. The lecture discusses reducing complexity, robustness and resilience in building complex cyber environments. The focus will be on methodology, models, classifications, system analysis independent of specific technologies or environments. We will reflect case studies and practical use cases and explore patterns and anti-patterns of cyber security architecture.
Advanced System Security (3 ECTS,
B. Egger)
This course covers the challenges of system security, focusing on Linux environments and C-based programming. Topics include foundational attacks like buffer overflows and advanced exploitation techniques such as Return-Oriented Programming (ROP). Participants will explore modern tools like eBPF for real-time system monitoring and analyze high-stakes issues like supply chain security and kernel vulnerabilities. Case studies, including the Rowhammer attack and recent software supply chain compromises, will illustrate real-world implications. The course combines theoretical insights with hands-on exercises, equipping participants to identify, exploit, and mitigate complex security threats.
Security Management (3 ECTS,
F. Heinzmann)
Security Management is a critical discipline that must be integrated holistically at the highest levels of an organization to ensure its desired impact and effectiveness. This principle applies to all types of businesses, from large multinational corporations to small and medium-sized enterprises (SMEs).
This lecture establishes the foundation for semester 2 of this Master's program by equipping participants with the technical, organizational, and interpersonal skills required to comprehend, design, and implement governance, risk, and compliance processes within a comprehensive security management framework.
Forensic Analysis in Unknown Environments (3 ECTS,
H. Spichiger)
Modern computer systems are generally large, complex, fulfill a wide range of tasks, and change on a regular basis because of frequent updates. This poses a challenge to forensic analyses attempting to reconstruct events related to an incident in such environments. They may be faced with devices they have never seen before, proprietary data structures and undocumented behavior. This course provides participants with a methodological framework for this challenge, presenting approaches, challenges, and risks linked to investigations in unknown environments. In practical exercises, participants will study undocumented systems with the aim to reconstruct activities within these environments.
Performing a Red Team Operation (3 ECTS, M. Bollhalder/F. Wamser)
This lecture will focus on the planning, setup of infrastructure and execution of a red team operation. It addresses setting up your own red team platform (command and control (C2), redirectors, etc.) using open-source tools. Further, it will look at how to evade detection, escalate privileges, and move laterally within a demo lab network.
Advanced Software Protection on Critical Systems (3 ECTS,
T. Blazytko)
Critical systems form the backbone of modern society, driving essential operations in sectors like healthcare, automotive, and defense. Failure or compromise in these systems can lead to devastating consequences—financial, operational, or even human. As such, they are prime targets for attackers aiming to exploit vulnerabilities, tamper with functionality, or undermine system integrity. Safeguarding these systems requires advanced software protection techniques that extend beyond conventional security practices to ensure resilience against such threats.
Software protection involves implementing measures that thwart reverse engineering efforts and shield software from unauthorized use and tampering. While commercial vendors use these techniques to prevent piracy and enforce licensing agreements, malicious actors employ them to obfuscate malware functionality, evading detection and analysis. In critical systems, the stakes are exponentially higher, as the impact of a successful attack could compromise safety, security, or mission-critical objectives. This course bridges the gap between theoretical foundations and practical applications, preparing students to design, analyze, and improve software protection strategies that uphold the integrity and confidentiality of critical systems.
Students will gain hands-on experience in crafting robust protections and analyzing advanced attacks, developing a skill set highly sought after in industries like cybersecurity, defense, automotive, and critical infrastructure.
Advanced Binary Reverse Engineering (3 ECTS,
T. Blazytko)
Modern software reverse engineering requires a cohesive understanding of multiple, complementary methods. It spans a wide range of goals—from vulnerability research and malware analysis to software validation and digital forensics—and must account for diverse platforms, architectures, and protections. This course introduces advanced concepts that bridge traditional static analysis, runtime exploration, and constraint-based reasoning, forming a unified approach to dissecting complex binaries. Students will learn how intermediate representations streamline cross-architecture understanding, how dynamic instrumentation complements static insights, and how symbolic execution and SMT-solving provide deep, systematic guidance. The curriculum also highlights emerging AI-based approaches that, when integrated thoughtfully, can assist in semi-automated analysis workflows.
By connecting these methods, students will gain both a conceptual and practical toolkit. They will learn not only to apply each technique individually but also to orchestrate them effectively, enabling more informed decisions, quicker insights, and a broader perspective on reverse engineering tasks. This holistic understanding positions graduates to handle the complexities of modern binaries with confidence and precision.
Security Operations Technology & Management (3 ECTS, Mark Barwinski)
This course explores Cyber Operations' origins in intelligence agencies and their evolution into modern enterprise security operations centers (SOCs). We will assess critical SOC technology components—including SIEM, EDR, NDR, and SOAR platforms - examining their integration for effective threat monitoring and response. The course evaluates operational considerations including staffing models, workflow optimization, and the application of SOC-CMM and other maturity frameworks alongside MITRE ATT&CK and NIST SP 800-61 to improve detection capabilities and incident handling. Through case studies and projects, students develop skills to design and optimize security operations in complex environments.
