Ethical Hacking and Offensive Security (HOD402)

Description

The digital landscape is evolving at an unprecedented rate with unknown threats lurking around every corner. Cybersecurity resilience in the modern world cannot be just an addon - it’s a necessity. Organizations must build cybersecurity resilience, and offensive security professionals like Ethical Hackers and Penetration Testers can help proactively discover unknown threats and address them before cybercriminals do.
Target Audience: This course is designed to prepare learners with the Ethical Hacker skillset. Learners will become proficient in the art of scoping, executing, and reporting on vulnerability assessments, while recommending mitigation strategies. By using an engaging gamified narrative throughout the course, with real-world inspired hands-on practice labs, learners develop essential workforce readiness skills to lay a solid foundation in offensive security.
After completing this course, learners can enter cybersecurity careers, either on the offensive security side as ethical hackers or penetration testers, or on the defensive security side by understanding the mindset and tactics of threat actors, while implementing security controls and monitoring, analyzing, and responding to current security threats.

CLO1: Explain the importance of methodological ethical hacking and penetration testing.
CLO2: Create penetration testing preliminary documents.
CLO3: Perform information gathering and vulnerability scanning activities.
CLO4: Explain how social engineering attacks succeed.
CLO5: Explain how to exploit wired and wireless network vulnerabilities.
CLO6: Explain how to exploit application-based vulnerabilities.
CLO7: Explain how to exploit cloud, mobile, and IoT security vulnerabilities.
CLO8: Explain how to perform post-exploitation activities; Create a penetration testing report; Classify pentesting tools by use case.
CLO9: Evaluate network security alerts; Analyze network intrusion data to identify compromised hosts and vulnerabilities.
CLO10: Apply incident response models to manage network security incidents.

Ongoing assessment:
- 12 Lab: 20%
- 02 Progress Test: 20%
- 01 Project: 30%
Final exam: 30%
Completion Criteria: Every on-going assessment component > 0 & Final Exam Score >=4 & Final Result >=5

Session 1
- Module 1: Introduction to Ethical Hacking and Penetration Testing
- Introduction to the Project
- Lab 1
Session 2
- Project: Group and topic register + Divide class into 3-5 groups + Group select the interesting topic
- Module 2: Planning and Scoping a Penetration Testing Assessment
Session 3
- Lab 2
- Module 3: Information Gathering and Vulnerability Scanning
Session 4
- Lab 3
Session 5
- Groups discuss and work on group topics
- Lab 4
- Lab 5
Session 6
- Module 4: Social Engineering Attacks
Session 7
- Lab 6
Session 8
- Module 5: Exploiting Wired and Wireless Networks
- Lab 7
Session 9
- Groups discuss and work on group topics
- Lab 8
Session 10
- Module 6 (cont.)
Session 11
- Module 6 (cont.)
Session 12
- Lab 8
- Lab 9
Session 13
- Groups discuss and work on group topics
- Module 7: Cloud, Mobile, and IoT Security
Session 14
- Module 8: Performing Post-Exploitation Techniques
- Module 9: Reporting and Communication
Session 15
- Lab 10
- Groups discuss and work on group topics
Session 16
- Module 10: Tools and Code Analysis
- Lab 11
Session 17
- Module 11: Cryptography
Session 18
- Lab 12
- Module 12 Network Protection Systems
Session 19
- Groups discuss and work on group topics
Session 20
- Group Present: Final report the Project
- Course Review

Michael T. Simpson, Kent Backman, James Corley. Hands-On Ethical Hacking and Network Defense, Cengage Learning; 2nd edition (March 17, 2010) (978-1435486096).
Ric Messier, CEH v12 Certified Ethical Hacker Study Guide with 750 Practice Test Questions, Sybex; 1st edition (May 9, 2023) (ISBN: 978-1394186921).
Stuart McClure, Joel Scambray, George Kurtz. Hacking Exposed 7: Network Security Secrets and Solutions, McGraw Hill; 7th edition (August 1, 2012) (ISBN: 978-0071780285).