Dr. Matthew Bradbury

Matthew Bradbury is a Senior Lecturer conducting research into security, context privacy and trust assessment in resource-constrained and distributed systems.

Teaching

Lancaster University, UK

Module Convenor for:

  • 2021 – current SCC.442 Penetration Testing
  • 2025 – current SCC.253 Applied Security Methods
  • 2025 – current SCC.352 Secure Cyber Physical Systems

Previously Module Convenor for:

  • 2021 – 2025 SCC.306 Internet Applications Engineering

SCC.442 Penetration Testing and SCC.253 Applied Security Methods

In this module students are given a fast-paced introduction to Penetration Testing. Students are provided a collection of vulnerable virtual machines running modern operating systems (e.g., Debian 12, Windows Server 2022 and Window Server 2016) to learn how to exploit vulnerabilities in a lab environment. Assessment consists of a formative group penetration testing challenge and a summative individual penetration testing challenge on a range of custom vulnerable machines developed for this module.

A wide range of vulnerabilities are incorporated into the lab environment, such as local privilege escalation with CVE-2023-28252, various web vulnerabilities by incorporating DVWA and OWASP Juice Shop, permission misconfigurations, pivoting, memory attacks, and others.

Vulnerable machines are automatically constructed using Packer and based on templates modified from Bento. Test suites have been developed to ensure that the generated virtual machines are suitably vulnerable.

SCC.352 Secure Cyber Physical Systems

In this module students were introduced to a wide range of security threats to cyber physical systems (CPS). Half of the module focused on security threats to embedded CPSs, considering how their resource-constraints mean that careful consideration is needed when designing appropriate security techniques and methods.

The other half of the module focused on Industrial Control Systems in a Nuclear setting. Using the IAEA Asherah Nuclear Powerplant Simulator which was designed for teaching cyber security concepts to nuclear practicioners. We instead provided students access to Asherah’s internals, where they could observe OPC UA and Modbus network traffic and also manipulate the values stored in these servers. Students’ gained an understand of how a malicious adversary is capable of causing physical impacts via a digital attack and then needed to implement and evaluate appropriate algorithms to detect such attacks.

SCC.306 Internet Applications Engineering

In this module students were given insight into current work building internet applications that is performed in industry. This was achieved by guest lectures from organisations such as the BBC, Tesco, AWS, and others.

Year Two Tutor

I was the Year Two Tutor between 2022 – 2025. This was a student-facing role which entailed:

  • Supporting students who were struggling with their education,
  • Acting as the academic integrity officer for malpractice cases involving students in year two, and
  • Allocating students to dissertation projects which will be undertaken in their third year of studies.

Allocating students to dissertation projects was a large part of this role. To simplify this task I automated the solicitation of project proposals from other academic staff and using this information a PDF brochure and a website were automatically generated. Students ranked their preferences in the proposed projects and a Integer Linear Programming problem was formulated and solved using PuLP with Gurobi as the backend. Manual checks and adjustments were then performed on the allocation to validate the suitability. The implementation of the website and solver were provided to students as a learning opportunity, this received engagement from a small number of students to add new functionality to the website (a dark mode, a dynamic filter to be able to view the most relevant projects).

University of Warwick, UK

Seminar and lab tutor for: