Cyber Security - 2025 late autumn
ICB705AS3YE-1 +cy

Learn cyber security. Understand high level management view.

Tie it to grass roots level with some simple hands-on exercises.

Watch this page for updates! The first realization of this course is 2025 autumn. I'm planning this course, and there could be major changes.


Course name and code	Cyber Security - ICB705AS3YE-1 (study guide)
Timing	2025 period 2 late autumn, w43-w50
ECTS Credits	5 credits
Degree programme	LITEM Degree Programme in Business Technologies (master's level)
Classes	One evening a week, online, mandatory participation
Max students	30
Language	English
Remote	Yes
Feedback	First realization. Replaces my "Trust to Blockchain", which has reached 4.9 / 5 excellent feedback.
Services	Moodle: Cyber Security, Zoom, Laksu. Voluntary extra: Tero's list.
First class	2025-10-22 w43 17:40. Zoom video conference, invite link already emailed to participants.

This is a master's level course. You can only enroll if you're studying master's degree (YAMK).

Learning objectives

In this course, you will

Get an overview of cyber security
Use threat modeling to identify and priorize key risks for your own organization
Try some aspects of security with simple hands on exercises

Agenda

Wednesdays 17:40 - 20:30, Zoom video conference. The themes will be updated during the course.

Date	Theme
2025-10-22 w43 Wed	1. Threat modeling
2025-10-29 w44 Wed	2. Overview of current security scene. Fedor: Security in Google Cloud. Tomi: Cybersecurity Today: Evolving Threats, Services, and Business Impact. Kari: Passwordless authentication.
2025-11-05 w45 Wed	3. Cyber lab. Martti: End-user security from a SOC perspective. Henri P: Managing cybersecurity risks in web application development.
2025-11-12 w46 Wed	4. Authentication and hashes. Miika: DevSecOps - Integrating Security into the DevOps Process. Toni: Mirai and DDoS.
2025-11-19 w47 Wed	5. Business continuity. Chenette: Human factors. Nidhi: Draining Bank accounts with lies. Aku: Cloud backup and recovery for business continuity.
2025-11-26 w48 Wed	6. Encryption. Akash. Niko: Cyber Security in SaaS (software as a service) procurements. Paras.
2025-12-03 w49 Wed	7. Security maturity. Elham: Stop Hard-Coding Secrets: Practical API Security in Spring Boot. Tommy: Underlay and Overlay Network Security.
2025-12-10 w50 Wed	8. Recap. Henri: APIs (application programming interfaces).

Use of Feedback from Previous Courses

Feedback from other security courses have been used when creating "Cyber Security" course. This includes feedback from "Tunkeutumistestaus" (Penetration Testing, has reached 5.0/5), "ICT Security Basics - from Trust to Blockchain" (has reached 4.9/5), "Information Security" (has reached 4.8/5) and others. Based on feedback, an attempt is made to: discuss in the class; link theory to practical exercises (that are not highly demanding technically); have homework with both varied reading and applied tasks. Both numeric and free form feedback for these courses is available on https://terokarvinen.com/

Other Infosec Courses

Emphasis of this course, Cyber Security, is to give a bird's eye, management view to information security.

This course gives you grand overview of cyber security and some practice with tools implementing these principles. Even though you're expected to be able to install and configure programs and troubleshoot some errors, this is not my most technical course.

For demanding technical, non-masters level offensive courses, you should consider other courses such as

Homework

Homework is due 24 hours before next class starts. Return a link to Laksu and evaluate two. Link to Laksu is in Moodle.

Homeworks are done with a computer and reported at the same time. If some task does not require performing tests with a computer, it's specied writing in the subtask. Computer tests must be done, not imagined.

Each homework is returned

24 h before start of next lecture
you can publish your homework report in any website you like
return a link to Laksu
cross-evaluate two other homeworks

To save everyone's time, I will remove those from the course who don't return homework.

Github is a convenient place to publish your reports, others are Gitlab and your own homepage. I highly recommend publishing your work. But if you don't dare or want to publish, you can use a pseudonym or alias. Or in the extreme case, put your web page behind a password (e.g. in Wordpress.com, same password for all reports), and share this password with the whole class. I recomend publishing.

All sources must be refered to: this task page, classes, reports from your classmates, classmate presentations, man pages, the article you found...

Returned link must open the report directly. For example, return link to your "h1-helsec.md", not the front page of your website. Web page must directly open in web browser, so it must be HTML. (Github will automatically convert your Markdown to HTML). Other formats are not accepted (no docx, no pdf, no odx, no xlsx...).

AI and large language models (LLM): You can ask AI or LLM a question and use the answer as facts for your own answer, written in your own words. AI must be marked as a reference, with details such as prompt (and for advanced users system prompts, temperature, jailbreaks...). LLMs tend to hallucinate, so you should check answers from more reliable sources. It's not allowed to generate text with AI or similar technologies. For example, it's not allowed to generate essay answers or summaries with AI, LLM or similar technologies as someone will have to read it.

The homeworks are official after they are given in the class. Don't start them before, because they might change. I will of course give homeworks based on what we actually talked about.

h0 Hello

Voluntary.

This exercise is the first, easy step towards version control systems. Even though you're just clicking buttons on the website, it uses world leading tool git in the background. Git even uses a tree of hashes of blocks, just like Bitcoin.

a) Create a web page using Github. Add a heading, some paragraphs and some code style. Return it to Laksu, and cross evaluate two.

Tips

Read this first: Karvinen 2023: Create a Web Page Using Github
Write the page in Markdown. Add headings and paragraphs.
Add some code style.
Browse to the page where you can see your new page normally (headings in bigger text than paragraphs). The correct link to return is shown in your browsers address bar.
Remember to use md suffix, so that the website knows it's Markdown. E.g. "tero.md". If you page file name has multiple words, use kebab case: separate-words-with-dashes.md.
Normally, the cross evaluation has free form feedback: good, bad, ideas for improvement, tips... But for this h0, there is not much to comment and one sentence is enough. If you can see a page with paragraph and heading, it's a five. (For the rest of the course, in feedback for actual homework (h1, h2...), your classmates will surely appreciate longer and insightful feedback).

h1 CyberScience

Science wants to be free! And you can have it on the Internet.

Busy? Just read articles that are the real deal, and skip the mundane. Could someone do me a literature review => review article. Task h1 does not require performing any technical tests on a computer.

a) Science hunt. Find a review article related to the themes in the course. Detail your process to find and choose the article. For advise, see Karvinen 2025: Start Your Research with a Review Article.
- The article should be
  - Review article (fi: katsausartikkeli)
  - Published in a reputable peer-reviewed academic journal, with JUFO rating 1, 2 or 3.
  - Preferably fresh, <2 years
- Some search terms for Google Scholar to get you started (you can also use others). "intitle:review" and
  - threat modeling
  - cloud security
  - penetration testing
  - red teaming
  - social engineering
  - radio equipment directive
  - you can also think about your areas of intrest
    - work
    - hacker hobbies
    - future thesis
b) Review the review. Read the article and create a brief summary around these questions. Use bullet list format.
- What are the key areas being researched?
- What's widely agreed upon?
- What are the open questions?
c) Voluntary bonus: Create an alert that emails you interesting articles. Good for your future thesis. Start with a wide net, then reduce it after a couple of days; and reduce it more after a week. You want to be happy to get email of a new article.
d) Voluntary bonus: Install Linux on a virtual machine. Debian or Kali. (Everyone will do this later on the class.)

Wrong way to save time (meme format): Buys a gym card. [picture of non-athletic person] Does not go to the gym.

So read the article yourself, don't let AI steal your learning.

h2 Scene

Cyber moves fast. Here, you'll start following the scene.

Read/watch/listen and summarize (These subtasks a, b and c do not require tests with a computer. Some bullets per article is enough for your summary, feel free to write more if you like. Add a bullet for your own idea or question.)
- a) Podcast. Listen and summarize one episode of one the following (Note: yes, just one, single episode out of all of these. More is a voluntary bonus task.)
  - Darknet Diaries podcast, or
  - Herrasmieshakkerit podcast (in Finnish, but your summary must be in English), or
  - Covert Access Team podcast, or
  - SANS Stromcast podcast, or
  - Helsec w44 Thu 18:00 livestream, one presentation (or physically there, if you got a ticket)
- b) Blog. Read one article in one of these blogs (Note: yes, just one, single post out of all of these. More is a voluntary bonus task.)
  - Schneier on Security (author of the book "Applied Cryptography"), Atom feed, or
  - Krebs on Security, or
  - Traficom - NCSC News
    - Traficom is the Finnish Transport and Communications Agency
  - Unit42, or
  - Simon Willison (about AI, pick a security focused post)
- c) Science that.
  - Link some theory, model or article you read in h1 CyberScience to a blog post or podcast episode you found here. Can you put a fresh security event in the context of larger understanding?
d) Download Debian. Download Debian 13-Trixie installation image on the computer you'll use in the class.
- Go to Debian.org. On the Other downloads, under heading "Try Debian live before installing", choose "Live Xfce". The direct link for "Live Xfce" ISO image will soon become obsolete as new versions are published.
- (Mac users: The linked image is for regular PC's, also known as amd64. If you have an M1, M2, M3, M4... Mac, it uses arm64 processor architecture, and you need to figure it out yourself. I suggest using UTM.)
e) Voluntary bonus: Install Debian 13-Trixie Linux on a virtual machine. (Everyone will do this later on the class.)
f) Voluntary bonus: Install a feed reader and follow some RSS / Atom feeds. (If time permits, everyone will do a version of this later.)
g) Voluntary bonus: Read more blog posts and listen to podcasts. Link those news into larger theory framework, citing relevan articles.

Tips

Darknet Diaries and other podcasts
- AntennaPod is convenient Android program for listening podcasts. It's available in F-Droid and Google Play. Of course, there are hundreds if not thousands other programs for podcasts, too.
- Pick any episode. Check descriptions, and pick one that's likely to be suitable here. It's often good to pick other than the latest or the one on top of the homepage, so we can look at different episodes.

h3 Cyber lab

You'll take the first steps on your own cyber lab. For us, the lab allows us to safely try the tools used by attackers.

Advanced users build lab environments similar to their targets and test their attack tools in the lab.

Tests required: note that tasks require tests on a computer. For those, you must: write the report while you work; take screenshots; show commands you give and relevant parts of their output; also include problems and their fixes.

I included a password cracking exercise here as you asked, using the actual tool favored by white hat pentesters and criminals alike. We'll have the theory for attacking passwords later, on w49. The approach for try first, learn theory later is similar I have used when teaching IoT and embedded systems, as discussed in (voluntary reading) Karvinen & Karvinen 2018 IoT rapid prototyping laboratory setup.

x) Read/watch/listen and summarize (This subtasks x does not require tests with a computer. Some bullets per article is enough for your summary, feel free to write more if you like. Add a bullet for your own idea or question. Reading emphasized, no extensive essays needed for this subtask.)
- Karvinen 2020: Command Line Basics Revisited
- Karvinen 2022: Cracking Passwords with Hashcat
a) Reserve your presentation title in Moodle (If you did not do it earlier. This subtask does not need reported tests on a computer)
b) Linux. Install Linux on a virtual machine. Use Debian 13-Trixie.
- I recommend VirtualBox, but you can also use other virtualization systems (UTM, virt-manager, VMWare...) if you know them. If you already have a Linux VM, you can create a new one here for the report.
- If you already wrote a proper report, you can just link that.
c) Crack. Crack the hash 6b1628b016dff46e6fa35684be6acc96 . Install hashcat and follow the steps in the article to crack the example hash. Karvinen 2022: Cracking Passwords with Hashcat.
d) Voluntary bonus: John the Ripper. Install and test John the Ripper Jumbo, see Karvinen 2023: Crack File Password With John. (We might do this together later)
e) Voluntary bonus: The other John. Create an encrypted file (other than zip) and crack the hash with John.

Tips:

Present
- You can see your presentation date in the agenda.
- Your presentation should
  - Fit the course - be about cyber security
  - Serve the audience - useful, entertaining, interesting, provoking discussion
  - Use your strenghts - what you do at work, in your hobbies (If you want, also less familiar areas are allowed)
- For longer time slot, email me beforehand.
Install Linux
- VirtualBox installer is available on VirtualBox.org
- Debian 13-Trixie install image. Go to Debian.org. On the Other downloads, under heading "Try Debian live before installing", choose "Live Xfce". The direct link for "Live Xfce" ISO image will soon become obsolete as new versions are published.
Virtualization
- VT-x. Tip to make virtualization much faster.
  - If you have never used virtualization on your computer, you should enable VT-x (aka AMD-X)
  - Boot your computer, press a button like F1 or F12 to enter BIOS/UEFI setup
  - Browse the menus, find VT-x or similar.
  - Enable VT-x
  - Take photos with your cell phone, you can't take screenshots on BIOS/UEFI setup.
- Disable unattended installation in VirtualBox, it usually fails.
- OS type: Debian (64-bit)
  - Or similar
  - 32-bit does not work, and such computers are no longer in use.
- RAM for VM - 2 GB (1 GB is manageable but slow, 4 GB is nice)
- Disk: 40 GB - 60 GB (VirtualBox only uses space on the host system if you actually store files there)
- CPUs: 2+
- Always use good, unique passwords.
  - Never use bad passwords.
  - Always practice doing it right. Never practice doing it wrong.
  - Most professionals use a password manager to store the passwords.
Got stuck?
- Computers have problems. If not, everyone would be a hacker.
- Document everything.
- Google / Duck.
- Try some approaches and document results.
- Write down and screenshot exact error messages. These are great search strings.
- Remind me on the class and we'll look at it together. Technically advanced students usually enjoy troubleshooting together, so it's entertaining and useful to both those who got stuck and those who did not.

h4 Feed me

Follow the scene. We've looked at science earlier, now we turn to blogsphere. Yes, I have Krebs and Schneier here.

How could the criminals know what services your employer is running? Read the tips. And be careful with port scanner!

x) Why would you want to use a feed reader (and RSS/Atom)? Couldn't you just browse to each website? (This task does not require tests with a computer. Find suitable sources yourself if needed.).
y) Supreme court of Finland, case Osuuspankkikeskus port scan KKO:2003:36. Have a brief look, summarize the key thing in a couple of bullets or sentences. It's in Finnish, but Firefox has offline machine translation from Finnish to English. (This task does not require tests with a computer. This task does not require thorough legal analysis of the case.)
a) Install a feed reader. Show that it can read a feed (RSS or Atom). Include a screenshot of this. You can use any feed reader you like, and you can install the feed reader in your host OS if you like.
b) Add the feed for Krebs. This is the one we discussed in the class. https://krebsonsecurity.com/feed/
c) Add a feed for Schneier on Security. Find the blog, and locate the feed.
d) Find and add two more security related feeds. Explain how you found them, and why you chose them.
e) Follow security feeds for a while. What did you learn? What are the benefits and downsides of following feeds with a reader, compared to some other methods of following cyber security scene?
f) Port scan. How can criminals know what services your employer has? Disconnect your computer from the internet while doing the test (after you have installed the required software). Do the test inside your virtual machine.
- Install nmap port scanner
- Disconnect from the internet. Show that 'ping 8.8.8.8' does not work.
- Port scan your own computer. Use "localhost" as the address.
- Install a daemon
- Port scan again
- Analyze and explain the results
- Do not scan random computers.
g) Voluntary bonus, a bit hard: Identify a port scan against Apache on the host being scanned, e.g. in logs. Perform the test against "localhost" address and disconnect the internet while port scanning.
h) Voluntary bonus, a bit hard: Modify nmap scan so that it cannot be detected by the method you found above.