Ethical Hacking (DAT505)

This course covers the fundamental concepts of ethical hacking and penetration testing. The course will provide a strong foundation for students pursuing ethical hacking careers. The course covers footprinting and reconnaissance, scanning and enumeration, social engineering, denial of service attacks, and web application attacks. The course also covers cryptography, viruses and worms, and honeypots. Students will use Hack the Box or similar vulnerable machines to test their skills.


Course description for study year 2024-2025

Facts

Course code

DAT505

Version

1

Credits (ECTS)

5

Semester tution start

Autumn

Number of semesters

1

Exam semester

Autumn

Language of instruction

English

Content

Ethical hacking (or penetration testing) is the practice of testing a computer system, network or application to find security vulnerabilities that an attacker could exploit. This course will teach you the basics of ethical hacking and penetration testing. You will learn about footprinting and reconnaissance, scanning and enumeration, social engineering, denial of service attacks, and web application attacks. You will also learn about cryptography, viruses and worms, and honeypots. You will use vulnerable machines (such as Hack the Box) to test your skills. By the end of this course, you will be able to conduct a basic ethical hacking and penetration testing engagement.

Learning outcome

Knowledge

The course will give you a good understanding of the key concepts and vocabulary in Cyber Security, including attack vectors, possible threats, and their purpose.

The students will understand the fundamental principles for defending against cyber attacks and the most critical defense techniques. By the end of this course, students will be able to:

  • Understand the basics of ethical hacking and penetration testing.
  • Using open-source intelligence, hacker forums, and exposed passwords, perform footprinting and reconnaissance.
  • Perform scanning and enumeration using Nmap and Metasploit framework.
  • Perform social engineering using theHarvester to collect victim organization’s emails, find login pages with Recon-Ng, and inject backdoors.
  • Perform denial-of-service attacks with spoofing, smurf, reflection and packet amplification methods.
  • Perform web application attacks using sqlmap, CSRF, and XSS attacks.
  • Understand cryptography

Skills

By the end of this course, students will be able to:

  • Use hacking tools and techniques like Nmap, Metasploit, hping3, social engineering toolkit, Recon-Ng
  • How to design malicious remote access trojans using msfvenom
  • Understand the network packet manipulation techniques to bypass the firewalls
  • How to perform buffer overflows on real-world applications
  • How to evade the antivirus software

Required prerequisite knowledge

None

Recommended prerequisites

To follow this course the student should have basic knowledge in computer systems, databases, networks and programming.

Exam

Form of assessment Weight Duration Marks Aid
Written exam 1/1 3 Hours Letter grades None permitted

Digital exam.

Coursework requirements

Compulsory requirements
4 assignments must be approved for the student to access the exam. The assignments will be carried out individually.

Course teacher(s)

Course coordinator:

Ferhat Özgur Catak

Head of Department:

Tom Ryen

Method of work

2 hours lectures and 2 hours guided lab each week over 13 weeks.

Open for

Datateknologi - master i teknologi/siv.ing. Datateknologi - master i teknologi/siv.ing., deltid

Course assessment

There must be an early dialogue between the course supervisor, the student union representative and the students. The purpose is feedback from the students for changes and adjustments in the course for the current semester.In addition, a digital subject evaluation must be carried out at least every three years. Its purpose is to gather the students experiences with the course.

Literature

Search for literature in Leganto