Description

  • This course is an introduction to the fundamentals of ethical hacking.
  • Students will learn how hackers attack computers and networks, and how to protect Windows and Linux systems.
  • Legal restrictions and ethical guidelines will be taught and enforced.
  • Students will perform many hands-on labs, both attacking and defending, using port scans, footprinting, buffer overflow exploits, SQL injection, privilege escalation, Trojans, and backdoors.

Learning Outcomes

  • Determine what an ethical hacker can and cannot do legally, and evaluate credentials and roles of penetration testers.
  • Perform reconnaissance on a target network using a variety of scanning and probing techniques.
  • Enumerate and classify Microsoft and Linux Operating Systems vulnerabilities.
  • Take control of Web Servers and wireless networks, and protect them.
  • Evaluate and select cryptography and hashing methods, and perform attacks against them.
  • Select and implement security devices, including routers, firewalls, Intrusion Detection Systems, and honeypots

Assessment structure

  • Ongoing assessment (OA):
    • 01 Midterm Test (20%)
    • 15 Labs (50%)
  • Final examination (FE): 30%
  • Completion criteria:
    • Every on-going assessment component > 0;
    • Average Lab Score >= 4;
    • Final Exam Score >=4 & Final Result >=5

Course Schedule

  1. Chapter 1. Ethical Hacking Overview
    • 1.1 Introduction to Ethical Hacking
    • 1.2 What You Can Do Legally
    • 1.3 What You Cannot Do Legally
  2. Chapter 2. TCP/IP Concepts Review
    • 2.1 Overview of TCP/IP
    • 2.2 IP Addressing
    • 2.3 Overview of Numbering Systems
  3. Chapter 3. Network and Computer Attacks
    • 3.1 Malware (Viruses, Macro Viruses, Worms, Trojans, Spyware, Adware)
    • 3.2 Protecting Against Malware Attacks
    • 3.3 Intruder Attacks on Networks and Computers
    • 3.4 Addressing Physical Security
  4. Chapter 4. Footprinting and Social Engineering
    • 4.1 Using Web Tools for Footprinting
    • 4.2 Conducting Competitive Intelligence
    • 4.3 Using Domain Name System Zone Transfers
    • 4.4 Introduction to Social Engineering (Shoulder Surfing, Dumpster Diving, Piggybacking, Phishing)
  5. Lab-Project 1: HTTP Basic Authentication
  6. Lab-Project 2: Creating Infectious Media with the Social Engineering Toolkit
  7. Chapter 5. Port Scanning
    • 5.1 Introduction to Port Scanning
    • 5.2 Using Port-Scanning Tools
    • 5.3 Conducting Ping Sweeps
    • 5.4 Understanding Scripting
  8. Lab-Project 3: Analyzing a Port Scan
  9. Chapter 6. Enumeration
    • 6.1 Introduction to Enumeration
    • 6.2 Enumerating Windows Operating Systems
    • 6.3 Enumerating the NetWare Operating System
    • 6.4 Enumerating the *nix Operating System
  10. Lab-Project 4: Windows DoS with IPv6 Router Advertisement Packets
  11. Lab-Project 5: C Programming on Linux (Crashing the hello2 Program With a Long Name–Buffer Overflow)
  12. Chapter 7. Programming for Security Professionals
    • 7.1 Programming Fundamentals
    • 7.2 Anatomy of a C Program
    • 7.3 Creating a Web Page with HTML
    • 7.4 Understanding Perl
    • 7.5 Components of Object-Oriented Programming
  13. Lab-Project 6: TCP Handshake with scapy
  14. Lab-Project 7: ARP Spoofing with scapy
  15. Review for Midterm Midterm Test
  16. Chapter 8. Desktop and Server OS Vulnerabilities
    • 8.1 Windows OS Vulnerabilities (Null Sessions, SQL Server, Buffer Overflows, Passwords and Authentication,…)
    • 8.4 Tools for Identifying Vulnerabilities in Windows
    • 8.5 Best Practices for Hardening Windows Systems
    • 8.6 Linux OS Vulnerabilities
  17. Lab-Project 8: Cracking Linux Password Hashes with Hashcat
  18. Chapter 9. Embedded Operating Systems: The Hidden Threat
    • 9.1 Introduction to Embedded Operating Systems
    • 9.2 Windows and Other Embedded Operating Systems
    • 9.3 Vulnerabilities of Embedded Oss”
  19. Chapter 10. Hacking Web Servers
    • 10.1 Understanding Web Applications
    • 10.2 Understanding Web Application Vulnerabilities
    • 10.3 Tools for Web Attackers and Security Testers
  20. Lab-Project 9: PicoCTF
  21. Lab-Project 10: Attacking Apache with the OWASP HTTP DoS Tool
  22. Chapter 11. Hacking Wireless Networks
    • 11.1 Understanding Wireless Technology
    • 11.2 Understanding Wireless Technology (802.11, additional IEEE 802.11 Projects)
    • 11.3 Understanding Authentication
    • 11.4 Understanding Wardriving
    • 11.5 Understanding Wireless Hacking
  23. Lab-Project 11: yesman–Scanner Honeypot with scapy
  24. Lab-Project 12: Cracking Windows Passwords with Cain and Abel
  25. Chapter 12. Cryptography
    • 12.1 Understanding Cryptography Basics
    • 12.2 Understanding Symmetric and Asymmetric Algorithms
    • 12.3 Components of PKI
    • 12.4 Understanding Cryptography Attacks
  26. Chapter 13 Network. Protection Systems
    • 13.1 Understanding Routers
    • 13.2 Understanding Firewalls
    • 13.3 Understanding Intrusion Detection and Prevention Systems
    • 13.3 Understanding Honeypots”
  27. Lab-Project 13: Exploiting SQL with Havij and Input Filtering
  28. Lab-Project 14: Hijacking HTTPS Sessions with SSLstrip
  29. Lab-Project 15: WPA/WPA2 Decryption
  30. Course Review

Book

  • Michael T. Simpson, Kent Backman, James Corley, Hands-On Ethical Hacking and Network Defense, 2nd ed., Course Technology, Cengage Learning, 2013.
  • Sean-Philip Oriyano, Michael Gregg, Hacker Techniques, Tools, and Incident Handling, Jones & Bartlett Learning, 2nd Edition, 2013.
  • Sean-Philip Oriyano, CEHv9, Certified Ethical Hacker version 9, Study Guide, Sybex, 2016.
  • Stuart McClure, Joel Scambray, George Kurtz, Hacking Exposed 7: Network Security Secrets and Solutions, 7th Edition, McGraw-Hill Education, 2012.