COMP-4723 Details

COMP 4723 Ethical Hacking

Course description

This course provides the adversarial perspective that is a requirement for any security practitioner. In this class students will be encouraged to get into the mind of an attacker, and includes the following components:

  • Fundamentals of computer security (CIA, etc.)
  • Ethical hacking: what makes it ethical?
  • Networking overview and the steps involved in the hacking process
  • Information gathering: target identification, network discovery
  • Reconnaissance and network scanning, tools and techniques (DNS scanning and enumeration, port scanners, public information databases)
  • Fingerprinting and vulnerability discovery/vulnerability analysis
  • Vulnerability exploitation, gaining a foothold
  • Tools and techniques for exploiting vulnerabilities (known exploits, new exploits, vulnerability databases, CWE/CVE, MITRE, NIST)
  • Metasploit, Kali: open source vulnerability discovery and exploitation
  • Manual exploitation, buffer overflow to RCE, ROPs and gadgets
  • Automated vulnerability discovery, OpenVAS (Greenbone) for defense and low-hanging fruit
  • Kali tools to assist in automating vulnerability discovery and analysis
  • Honing your skills: vulnhub, hackthebox, etc.
  • Network hacking (ARP spoofing, evil DHCP, Wifi spoofing, MAC attacks)
  • Application layer attacks (injection attacks, web vulnerability, file inclusion, request forgery, etc.)
  • Persistence: gaining and maintaining access (reverse shells, malware, RATs, process hiding and injection, etc.)
  • Wireless attacks (cracking wireless networks)
  • Defense and research: firewalls, intrusion detection systems, honeypots

Course learning objectives

This course provides an in-depth understanding of how to effectively protect computers and computer networks, by first learning how to attack computers and computer networks. Students will learn the tools and penetration testing methodologies used by ethical hackers. In addition, the course provides a thorough discussion of what and who an ethical hacker is and how important they are in protecting organizations and governments data from cyber attacks. Students will learn about computer security resources that describe new vulnerabilities and innovative methods to protect networks. Also covered are federal and state computer crime laws, as well as penalties for illegal computer hacking.

Upon completion of this course, students will:

  • Have a firm basis upon which to consider taking the Certified Ethical Hacker (CEH) exam
  • Be able to build a system for ethical hacking/penetration testing, and understand the tools and resources for doing so
  • Know how to perform network discovery, enumeration and fingerprinting of a target
  • Understand the tools and techniques used by ethical and un-ethical hackers for white hat or defense
  • Possess the skills to perform vulnerability analysis of a target, in automated or manual fashion
  • Have a level of understanding to start participating in CTF events for ethical hacking practice
  • Recognize the difference between what is ethical and legal hacking and what is not, and to never perform hacking without permission
  • Know the basics of networking and network security
  • Be able to analyze and triage a vulnerability scan, as well as identify its potential weaknesses
  • Know how and where to stay up to date on the latest in security updates, vulnerabilities and breaches