Teaching

Lancaster University, UK

Module Convenor for:

  • 2021 – current SCC.442 Penetration Testing
  • 2021 – 2025 SCC.306 Internet Applications Engineering

SCC.442 Penetration Testing

In this module students are given a fast-paced introduction to Penetration Testing. Students are provided a collection of vulnerable virtual machines running modern operating systems (e.g., Debian 12, Windows Server 2022 and Window Server 2016) to learn how to exploit vulnerabilities in a lab environment. Assessment consists of a formative group penetration testing challenge and a summative individual penetration testing challenge on a range of custom vulnerable machines developed for this module.

A wide range of vulnerabilities are incorporated into the lab environment, such as local privilege escalation with CVE-2023-28252, various web vulnerabilities by incorporating DVWA and OWASP Juice Shop, permission misconfigurations, pivoting, memory attacks, and others.

Vulnerable machines are automatically constructed using Packer and based on templates modified from Bento. Test suites have been developed to ensure that the generated virtual machines are suitably vulnerable.

SCC.306 Internet Applications Engineering

In this module students were given insight into current work building internet applications that is performed in industry. This was achieved by guest lectures from organisations such as the BBC, Tesco, AWS, and others.

Other roles

  • 2022 – 2025 Year Two Tutor

University of Warwick, UK

Seminar and lab tutor for: