Ethical Hacking and Offensive Security (HOD401/HOD02)

Ethical Hacking and Offensive Security (HOD402)

(Thâm nhập thử và phòng thủ)

Description

• The digital landscape is evolving at an unprecedented rate with unknown threats lurking around every corner. Cybersecurity resilience in the modern world cannot be just an addon - it’s a necessity. Organizations must build cybersecurity resilience, and offensive security professionals like Ethical Hackers and Penetration Testers can help proactively discover unknown threats and address them before cybercriminals do.
• Target Audience: This course is designed to prepare learners with the Ethical Hacker skillset. Learners will become proficient in the art of scoping, executing, and reporting on vulnerability assessments, while recommending mitigation strategies. By using an engaging gamified narrative throughout the course, with real-world inspired hands-on practice labs, learners develop essential workforce readiness skills to lay a solid foundation in offensive security.
• After completing this course, learners can enter cybersecurity careers, either on the offensive security side as ethical hackers or penetration testers, or on the defensive security side by understanding the mindset and tactics of threat actors, while implementing security controls and monitoring, analyzing, and responding to current security threats.

Main objectives

• CLO1: Explain the importance of methodological ethical hacking and penetration testing.
• CLO2: Create penetration testing preliminary documents.
• CLO3: Perform information gathering and vulnerability scanning activities.
• CLO4: Explain how social engineering attacks succeed.
• CLO5: Explain how to exploit wired and wireless network vulnerabilities.
• CLO6: Explain how to exploit application-based vulnerabilities.
• CLO7: Explain how to exploit cloud, mobile, and IoT security vulnerabilities.
• CLO8: Explain how to perform post-exploitation activities; Create a penetration testing report; Classify pentesting tools by use case.
• CLO9: Evaluate network security alerts; Analyze network intrusion data to identify compromised hosts and vulnerabilities.
• CLO10: Apply incident response models to manage network security incidents.

Assessments

• Ongoing assessment:
  • 12 Lab: 20%
  • 02 Progress Test: 20%
  • 01 Project: 30%
• Final exam: 30%
• Completion Criteria: Every on-going assessment component > 0 & Final Exam Score >=4 & Final Result >=5

Course schedule

• Session 1
  • Module 1: Introduction to Ethical Hacking and Penetration Testing
  • Introduction to the Project
  • Lab 1:
    • 1.1.3 Researching PenTesting Careers
    • 1.2.6 Compare Pentesting Methodologies
    • 1.3.6 Deploy a Pre-Built Kali Linux Virtual Machine (VM)
    • 1.3.7 Lab - Investigate Kali Linux
• Session 2
  • Lab 1 (cont.)
  • Project: Group and topic register + Divide class into 3-5 groups + Group select the interesting topic
  • Module 2: Planning and Scoping a Penetration Testing Assessment
• Session 3
  • Lab 2:
    • 2.1.9 Compliance Requirements and Local Restrictions
    • 2.2.9 Pre-Engagement Scope and Planning
    • 2.2.10 Create a Pentesting Agreement
    • 2.3.3 Personal Code of Conduct
  • Module 3: Information Gathering and Vulnerability Scanning
• Session 4
  • Lab 3:
    • 3.1.4 Using OSINT Tools
    • 3.1.9 DNS Lookups
    • 3.1.12 Employee Intelligence Gathering
    • 3.1.14 Finding Information From SSL certificates
    • 3.1.18 Finding Out About the Organization
    • 3.1.19 Advanced Searches
    • 3.1.20 Shodan Searches
    • 3.2.6 Enumeration with Nmap
    • 3.2.6 Packet Crafting with Scapy
    • 3.2.11 Network Sniffing with Wireshark
    • 3.3.6 Vulnerability Scans with Kali Tools
    • 3.4.3 Investigate Vulnerability Info Sources
• Session 5
  • Groups discuss and work on group topics
  • Lab 4:
    • 4.4.7 Explore the Social Engineering Toolkit
    • 4.4.8 Using the Browser Exploitation Framework (BeEF)
  • Lab 5:
    • 5.1.4 Scanning for SMB Vulerabilities with enum4linux
    • 5.1.16 On-Path Attacks with Ettercap
• Session 6
  • Lab 5 (cont.)
  • Module 4: Social Engineering Attacks
• Session 7
  • Lab 6:
    • 6.1.7 Web Vulnerability Scanning
    • 6.1.8 Using the GVM Vulnerability Scanner
    • 6.4.7 Injection Attacks
    • 6.5.8 Using Password Tools
    • 6.7.8 Cross Site Scripting
    • 6.12.13 Use the OWASP Web Security Testing Guide
• Session 8
  • Module 5: Exploiting Wired and Wireless Networks
  • Lab 7:
    • 7.1 On-Path Attacks with Ettercap
    • 7.2 Scanning for SMB Vulerabilities with enum4linux
• Session 9
  • Groups discuss and work on group topics
  • Module 6: Exploiting Application-Based Vulnerabilities
• Session 10
  • Module 6 (cont.)
• Session 11
  • Module 6 (cont.)
• Session 12
  • Lab 8
    • 8.1 Web Vulnerability Scanning
    • 8.2 Using the GVM Vulnerability Scanner
  • Lab 9:
    • 9.1 Injection Attacks
    • 9.1.9 Explore PenTest Reports
    • 9.2 Using Password Tools
    • 9.2.7 Recommend Remediation Based on Findings
    • 9.3 Cross Site Scripting
• Session 13
  • Groups discuss and work on group topics
  • Module 7: Cloud, Mobile, and IoT Security
• Session 14
  • Module 8: Performing Post-Exploitation Techniques
  • Module 9: Reporting and Communication
• Session 15
  • Module 9 (cont.)
  • Lab 10:
    • 10.1 Explore PenTest Reports
  • Groups discuss and work on group topics
• Session 16
  • Module 10: Tools and Code Analysis
  • Lab 11
    • 10.1.19 Analyze Exploit Code
    • 10.1.20 Analyze Automation Code
    • 10.2 Recommend Remediation Based on Findings
• Session 17
  • Module 11: Cryptography
• Session 18
  • Lab 12:
    • 12.1 Cracking AES (With Weak Keys) with CrypTool 2
    • 12.2 Cracking a Short RSA Key
    • 12.3 Cracking a Short RSA Key_Python 3
    • 12.4 ECB vs. CBC Modes with Python
    • 12.5 Evading IDS, Firewalls, and Honeypots
  • Module 12 Network Protection Systems
• Session 19
  • Groups discuss and work on group topics
• Session 20
  • Group Present: Final report the Project
  • Course Review

Learning materials

• Michael T. Simpson, Kent Backman, James Corley. Hands-On Ethical Hacking and Network Defense, Cengage Learning; 2nd edition (March 17, 2010) (978-1435486096).
• Ric Messier, CEH v12 Certified Ethical Hacker Study Guide with 750 Practice Test Questions, Sybex; 1st edition (May 9, 2023) (ISBN: 978-1394186921).
• Stuart McClure, Joel Scambray, George Kurtz. Hacking Exposed 7: Network Security Secrets and Solutions, McGraw Hill; 7th edition (August 1, 2012) (ISBN: 978-0071780285).

---

Description (2017 version)

• This course is an introduction to the fundamentals of ethical hacking.
• Students will learn how hackers attack computers and networks, and how to protect Windows and Linux systems.
• Legal restrictions and ethical guidelines will be taught and enforced.
• Students will perform many hands-on labs, both attacking and defending, using port scans, footprinting, buffer overflow exploits, SQL injection, privilege escalation, Trojans, and backdoors.

Learning Outcomes

• Determine what an ethical hacker can and cannot do legally, and evaluate credentials and roles of penetration testers.
• Perform reconnaissance on a target network using a variety of scanning and probing techniques.
• Enumerate and classify Microsoft and Linux Operating Systems vulnerabilities.
• Take control of Web Servers and wireless networks, and protect them.
• Evaluate and select cryptography and hashing methods, and perform attacks against them.
• Select and implement security devices, including routers, firewalls, Intrusion Detection Systems, and honeypots

Assessment structure

• Ongoing assessment (OA):
  • 01 Midterm Test (20%)
  • 15 Labs (50%)
• Final examination (FE): 30%
• Completion criteria:
  • Every on-going assessment component > 0;
  • Average Lab Score >= 4;
  • Final Exam Score >=4 & Final Result >=5

Course Schedule

1. Chapter 1. Ethical Hacking Overview
   • 1.1 Introduction to Ethical Hacking
   • 1.2 What You Can Do Legally
   • 1.3 What You Cannot Do Legally
2. Chapter 2. TCP/IP Concepts Review
   • 2.1 Overview of TCP/IP
   • 2.2 IP Addressing
   • 2.3 Overview of Numbering Systems
3. Chapter 3. Network and Computer Attacks
   • 3.1 Malware (Viruses, Macro Viruses, Worms, Trojans, Spyware, Adware)
   • 3.2 Protecting Against Malware Attacks
   • 3.3 Intruder Attacks on Networks and Computers
   • 3.4 Addressing Physical Security
4. Chapter 4. Footprinting and Social Engineering
   • 4.1 Using Web Tools for Footprinting
   • 4.2 Conducting Competitive Intelligence
   • 4.3 Using Domain Name System Zone Transfers
   • 4.4 Introduction to Social Engineering (Shoulder Surfing, Dumpster Diving, Piggybacking, Phishing)
5. Lab-Project 1: HTTP Basic Authentication
6. Lab-Project 2: Creating Infectious Media with the Social Engineering Toolkit
7. Chapter 5. Port Scanning
   • 5.1 Introduction to Port Scanning
   • 5.2 Using Port-Scanning Tools
   • 5.3 Conducting Ping Sweeps
   • 5.4 Understanding Scripting
8. Lab-Project 3: Analyzing a Port Scan
9. Chapter 6. Enumeration
   • 6.1 Introduction to Enumeration
   • 6.2 Enumerating Windows Operating Systems
   • 6.3 Enumerating the NetWare Operating System
   • 6.4 Enumerating the *nix Operating System
10. Lab-Project 4: Windows DoS with IPv6 Router Advertisement Packets
11. Lab-Project 5: C Programming on Linux (Crashing the hello2 Program With a Long Name–Buffer Overflow)
12. Chapter 7. Programming for Security Professionals
    • 7.1 Programming Fundamentals
    • 7.2 Anatomy of a C Program
    • 7.3 Creating a Web Page with HTML
    • 7.4 Understanding Perl
    • 7.5 Components of Object-Oriented Programming
13. Lab-Project 6: TCP Handshake with scapy
14. Lab-Project 7: ARP Spoofing with scapy
15. Review for Midterm Midterm Test
16. Chapter 8. Desktop and Server OS Vulnerabilities
    • 8.1 Windows OS Vulnerabilities (Null Sessions, SQL Server, Buffer Overflows, Passwords and Authentication,…)
    • 8.4 Tools for Identifying Vulnerabilities in Windows
    • 8.5 Best Practices for Hardening Windows Systems
    • 8.6 Linux OS Vulnerabilities
17. Lab-Project 8: Cracking Linux Password Hashes with Hashcat
18. Chapter 9. Embedded Operating Systems: The Hidden Threat
    • 9.1 Introduction to Embedded Operating Systems
    • 9.2 Windows and Other Embedded Operating Systems
    • 9.3 Vulnerabilities of Embedded Oss”
19. Chapter 10. Hacking Web Servers
    • 10.1 Understanding Web Applications
    • 10.2 Understanding Web Application Vulnerabilities
    • 10.3 Tools for Web Attackers and Security Testers
20. Lab-Project 9: PicoCTF
21. Lab-Project 10: Attacking Apache with the OWASP HTTP DoS Tool
22. Chapter 11. Hacking Wireless Networks
    • 11.1 Understanding Wireless Technology
    • 11.2 Understanding Wireless Technology (802.11, additional IEEE 802.11 Projects)
    • 11.3 Understanding Authentication
    • 11.4 Understanding Wardriving
    • 11.5 Understanding Wireless Hacking
23. Lab-Project 11: yesman–Scanner Honeypot with scapy
24. Lab-Project 12: Cracking Windows Passwords with Cain and Abel
25. Chapter 12. Cryptography
    • 12.1 Understanding Cryptography Basics
    • 12.2 Understanding Symmetric and Asymmetric Algorithms
    • 12.3 Components of PKI
    • 12.4 Understanding Cryptography Attacks
26. Chapter 13 Network. Protection Systems
    • 13.1 Understanding Routers
    • 13.2 Understanding Firewalls
    • 13.3 Understanding Intrusion Detection and Prevention Systems
    • 13.3 Understanding Honeypots”
27. Lab-Project 13: Exploiting SQL with Havij and Input Filtering
28. Lab-Project 14: Hijacking HTTPS Sessions with SSLstrip
29. Lab-Project 15: WPA/WPA2 Decryption
30. Course Review

Book

• Michael T. Simpson, Kent Backman, James Corley, Hands-On Ethical Hacking and Network Defense, 2nd ed., Course Technology, Cengage Learning, 2013.
• Sean-Philip Oriyano, Michael Gregg, Hacker Techniques, Tools, and Incident Handling, Jones & Bartlett Learning, 2nd Edition, 2013.
• Sean-Philip Oriyano, CEHv9, Certified Ethical Hacker version 9, Study Guide, Sybex, 2016.
• Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed 7: Network Security Secrets and Solutions, 7th Edition, McGraw-Hill Education, 2012.