Logo ČVUT
CZECH TECHNICAL UNIVERSITY IN PRAGUE
STUDY PLANS
2018/2019

Ethical Hacking

Login to KOS for course enrollment Display time-table
Code Completion Credits Range Language
BI-EHA Z,ZK 5 2P+2C
Lecturer:
Jakub Růžička (guarantor), Jiří Dostál, Jan Kuběna
Tutor:
Jakub Růžička (guarantor), Jakub Ács, Simona Buchovecká, Jiří Dostál, Tomáš Dvořáček, Martin Kolárik, Jan Kuběna, Tomáš Stefan
Supervisor:
Department of Information Security
Synopsis:

The course gives a professional and academic introduction to computer and information security using the ethical hacking approach, which enables improved defence thanks to adopting an attacker mindset when discovering vulnerabilities, hands-on experience with different attacks, facilitates linking theory and practice in significant areas of one's digital literacy, and can therefore be utilized by (future) security professionals, (informed) decision-makers, (savvy) users and developers alike.

This course is taught in English.

Requirements:

Please see slides 08 to 13 of bit.ly/ethhacking.

Syllabus of lectures:

1. INTRODUCTION & PREREQUISITES: Introduction to Computer & Information Security; Introduction to Ethical Hacking & Penetration Testing; Law & Ethics of Offensive Security; Computer Science & Computer Fundamentals; Communication Protocols; Networking Technologies; Web Technologies; Introduction to Kali Linux; Introduction to Linux Command Line; Introduction to Python Programming

2. FOOTPRINTING, INTELLIGENCE GATHERING & THREAT MODELING: Active & Passive Reconnaissance; Physical Security; Social Engineering; Network Analysis; Intrusion Detection, Firewalls & Antiviruses

3. Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 01)

4. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Active & Passive Attacks; Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 02)

5. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Active & Passive Attacks; Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 03)

6. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Active & Passive Attacks; Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 04)

7. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Applied Cryptography, Password Cracking; Black Box & White Box Testing; Source Code Auditing, Fuzzing; Digital & Computer Forensics; Steganography

8. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Hardware Security, Firmware, Booting; Malware Analysis, C/C++, Assembly; Debugging, Disassembly, Reverse Engineering

9. REPORTING & MEASURES, BUSINESS, MACRO & MICRO-LEVEL CYBERSECURITY: Writing a Penetration Testing Report; Disaster Recovery, Incident Response; Standards (and Their Shortcomings), Regulatory Compliance, Security Policies, Security Management and Security Metrics; History of Computer Security, Milestones and Famous Hacks, Attacks & Malware, Economics of Cybercrime, Cyberwarfare, Critical Infrastructure Security, Privacy & Surveillance

10. APPLICATIONS & GETTING OUT OF YOUR COMFORT ZONE: Cloud Computing Security; Peer-to-Peer Network Security; Programming Languages Security; Embedded Device & Internet of Things Security; Augmented Reality & Virtual Reality Security; Point of Sale Security; E-commerce Payment Systems Security; Cryptocurrencies Security Deep Web & Dark Web; Hacking Satellites; Hacking Cars, Drones, Planes, Trains, ...; Hacking Washing Machines, Fridges, ...; Quantum Computing; Artificial Intelligence; Big Data; Bioengineering & Biohacking; 3D Printing; Game Hacking; GPU malware; (...)

11. COURSE REVIEW & FINAL PROJECT CONSULTATION: research around the infrastructure of an organization and possible attack vectors (background and theory); vulnerability analysis and exploitation (analyses, assessment, documentation, methodology, tools used, program code, raw data); suggested measures (technical as well as regulatory /policies); executive summary, presentation, answers to questions

12. RESERVE: very likely needed because of guest lectures /workshops /trips 'into the field' /holidays /...

Disclaimer: In spite of the fact that we'll try to fit our sessions' continuity with a typical sequence of steps in a penetration test (pentest-standard.org), the content of the course and the order of its sections /teaching blocks might be subject to change based on pace, level of proficiency, and other requirements of the course group.

Syllabus of tutorials:

Lectures are intertwined with exercises /tutorials.

Study Objective:

Upon completion of the course, the students will:

* be introduced to (both theory and practice of) common computer and information security vulnerabilities in their interdisciplinary nature

* be able to perform basic penetration testing tasks (as defined by pentest-standard.org) using software tools and their own program code

* understand the broader context of cybersecurity (macro level), the wide range of related topics for further self-driven education and/or professional /academic specialization, and become savvier ICT users and developers (micro level)

* perceive ethical hacking as a 'problem-discovery' and 'problem-solving' tool (as opposed to 'problem-creating' tool)

Study materials:

[1] P. Engebretson, The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy, 2nd edition. Amsterdam; Boston: Syngress, 2013.

[2] G. Weidman, Penetration Testing: A Hands-On Introduction to Hacking, 1st edition. San Francisco: No Starch Press, 2014.

[3] D. Regalado et al., Gray Hat Hacking The Ethical Hacker's Handbook, 4th edition. McGraw-Hill Education, 2015.

[4] P. Kim, The Hacker Playbook 2: Practical Guide To Penetration Testing. CreateSpace Independent Publishing Platform, 2015.

[5] T. J. O'Connor, Violent Python: A Cookbook for Hackers, Forensic Analysts, Penetration Testers and Security Engineers, 1st edition. Amsterdam; Boston: Syngress, 2012.

[6] J. Seitz, Black Hat Python: Python Programming for Hackers and Pentesters, 1st edition. San Francisco: No Starch Press, 2014.

[7] J. Seitz, Gray Hat Python: Python Programming for Hackers and Reverse Engineers, 1st edition. San Francisco: No Starch Press, 2009.

[8] D. Kennedy et al., Metasploit: The Penetration Tester's Guide, 1st edition. San Francisco: No Starch Press, 2011.

[9] C. P. Paulino, Nmap 6: Network Exploration and Security Auditing Cookbook. Birmingham, UK: Packt Publishing, 2012.

[10] C. Sanders, Practical Packet Analysis: Using Wireshark to Solve Real-World Network Problems, 2nd edition. San Francisco, CA: No Starch Press, 2011.

[11] T. Heriyanto et al., Kali Linux: Assuring Security By Penetration Testing. Birmingham, UK: Packt Publishing, 2014

Note:
Further information:
bit.ly/ethhacking
Time-table for winter semester 2018/2019:
Time-table is not available yet
Time-table for summer semester 2018/2019:
06:00–08:0008:00–10:0010:00–12:0012:00–14:0014:00–16:0016:00–18:0018:00–20:0020:00–22:0022:00–24:00
Mon
Tue
Fri
Thu
Fri
roomT9:107
Dostál J.
09:15–10:45
(lecture parallel1)
Dejvice
Posluchárna
roomT9:349
Dostál J.
Dvořáček T.

11:00–12:30
(lecture parallel1
parallel nr.101)

Dejvice
NBFIT PC učebna
roomT9:349
Dostál J.
Kolárik M.

12:45–14:15
(lecture parallel1
parallel nr.102)

Dejvice
NBFIT PC učebna
The course is a part of the following study plans:
Data valid to 2019-06-16
For updated information see http://bilakniha.cvut.cz/en/predmet5083506.html