CTU Students
Students enrolled in the courses of Czech Technical University in Prague
Class modality
This course teaches the fundamentals of cybersecurity through practical, hands-on experience in both attacking and defending. Students will perform penetration tests and learn to counter real attacks, alternating between offensive and defensive classes. Topics covered include reconnaissance, scanning, exploitation, privilege escalation, lateral movement, exfiltration, malware, network security forensics, binary reversing, log analysis, intrusion detection systems, honeypots, and basics of machine learning for security. By the end of the semester, students will be prepared for junior penetration tester roles or to continue as cybersecurity researchers and practitioners.
This course consists of weekly 3-hour blocks which combine both theory and practical exercises. Students can attend the tutorials in person in room KN:E-107 or online via the live stream and Matrix communication platform.
Communication channels
In case you need to contact the teachers, there are two options:
- Send an email to ALL teachers via 13136-bsy [at] fel.cvut.cz (this way, any of them can answer), and always reply to all
- Contact us via class Matrix platform (Credentials are sent upon registration)
Passing requirements
For successful class completion, students must complete a series of assignments (aka Zapocet) and the exam/bonus assignment.
- You have to be registered in KOS to take this class.
- You need 30 points (out of 50) from the assignments to get the Zápočet.
- Surplus over 40 points will improve your final grade after passing the exam/bonus assignment(up to 10 points).
- The bonus assignment is a special assignment given over Christmas that allows you to skip the exam if you have completed it.
- Both bonus assignments and exams include theoretical AND practical tasks
- Extra points can be awarded for:
- Special Award for Services to the School - You can score extra points if you do something notable for the class or the class participants!
Assignments
Several practical assignments are given during the course. Each assignment corresponds to a class and is designed to practice the content covered in the class. Each assignment is in the form of Capture the Flag and should be individually solved by submitting the flag to the course CTFd system. In total, there are 50 points available for the assignments. Students are required to collect at least 30 points to get the assessment (Zápočet). Any surplus of over 40 points can be used to boost the final grade in the exam.
- Each student is assigned a docker container in the class infrastructure at the beginning of the class.
- Docker containers run Linux and contain all the tools needed during the semester to solve all assignments.
- All assignments are to be done in the containers unless stated otherwise.
Starting dates and hard deadline dates are listed in the following table:
| Assignment | Title | Launch Date | Deadline | Points |
|---|---|---|---|---|
| 01 | Hello class infrastructure | 26/09/2025 | 30/10/2025 | 1 |
| 02 | Network reconnaissance with Nmap | 02/10/2025 | 30/10/2025 | 4 |
| 03 | Network packet analysis with tcpdump and Wireshark | 02/10/2025 | 30/10/2025 | 2 |
| 04 | Scanning services and gaining access | 09/10/2025 | 30/10/2025 | 6 |
| 05 | Discovering Intruders in your Server | 16/10/2025 | 30/10/2025 | 5 |
| 06 | Fine-tuning honeypots to avoid detection | 23/10/2025 | 07/01/2026 | 6 |
| 07 | Gaining and maintaining access | 30/10/2025 | 07/01/2026 | 5 |
| 08 | Reverse Engineering | 20/11/2025 | 07/01/2026 | 4 |
| 09 | Automated attacks with a malware client | 27/11/2025 | 07/01/2026 | 6 |
| 10 | Analysis of a malware CC in a PCAP and with ML | 04/12/2025 | 07/01/2026 | 5 |
| 11 | Web Attacks | 18/12/2025 | 07/01/2026 | 6 |
Assignment rules
You can NOT
- Attack others on the Internet from the docker we are giving you.
- Attack the assignment servers or CTFd servers
- Attack other servers and services in the university network (outside of the IP range given to you)
- Share your code or solution with other students
You CAN
- Attack the given docker from the Internet.
- Attack from the local docker network the dockers for other students (inside the local network)
Exam
The exam takes place during the exam period in January/February. It consists of both theoretical and practical taks which are related to the content of the class and assignments. Students are required to collect at least 50 points (out of 100) to pass the exam.
Grading scale
The final grade is computed using the standard CTU grading scale as follows:
Exam score + surplus from assignments + any additional points = Total points
| Total points | Grade |
|---|---|
| < 50 | F |
| 50 - 59 | E |
| 60 - 69 | D |
| 70 - 79 | C |
| 80 - 89 | B |
| 90+ | A |
Bonus assignment
A voluntary bonus assignment will be announced prior to the winter break. Students who successfully complete the bonus assignment can choose not to participate in the final examination.
Participation requires the submission of a short report on one selected assignment (Assignments 2–5). The report must be submitted via the CTFd platform no later than December 11. An example report is available at here, and additional guidance is provided in video.
Further details and the precise conditions for fulfilling the bonus assignment will be communicated later in the semester.