Ethical Hacking
| Code | Completion | Credits | Range | Language |
|---|---|---|---|---|
| BIK-EHA.21 | Z,ZK | 5 | 14KP+4KC | Czech |
- Garant předmětu:
- Jiří Dostál
- Lecturer:
- Jiří Dostál, Tomáš Kiezler, Martin Kolárik
- Tutor:
- Jiří Dostál, Tomáš Kiezler, Martin Kolárik
- Supervisor:
- Department of Information Security
- Synopsis:
-
The course gives a professional and academic introduction to computer and information security using the ethical hacking approach, which enables improved defence thanks to adopting an attacker mindset when discovering vulnerabilities, hands-on experience with different attacks, facilitates linking theory and practice in significant areas of one's digital literacy, and can therefore be utilized by (future) security professionals, (informed) decision-makers, (savvy) users and developers alike.
- Requirements:
-
Please see slides 08 to 13 of bit.ly/ethhacking.
- Syllabus of lectures:
-
1. INTRODUCTION & PREREQUISITES: Introduction to Computer & Information Security; Introduction to Ethical Hacking & Penetration Testing; Law & Ethics of Offensive Security; Computer Science & Computer Fundamentals; Communication Protocols; Networking Technologies; Web Technologies; Introduction to Kali Linux; Introduction to Linux Command Line; Introduction to Python Programming
2. FOOTPRINTING, INTELLIGENCE GATHERING & THREAT MODELING: Active & Passive Reconnaissance; Physical Security; Social Engineering; Network Analysis; Intrusion Detection, Firewalls & Antiviruses
3. Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 01)
4. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Active & Passive Attacks; Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 02)
5. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Active & Passive Attacks; Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 03)
6. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Active & Passive Attacks; Software, Database, Wireless, Web Application, OS & Mobile Security; Architecture & Security of Popular Operating Systems: Linux, Windows, OS X, Android, iOS, Chrome OS, BSD; Viruses, Worms, Rootkits, Trojans, Backdoors, Bots, Ransomware, Spyware, Adware & Other Malware; Host Attacks, Network Attacks, Spoofing, Denial of Service (Part 04)
7. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Applied Cryptography, Password Cracking; Black Box & White Box Testing; Source Code Auditing, Fuzzing; Digital & Computer Forensics; Steganography
8. VULNERABILITY ANALYSIS, EXPLOITATION, POST EXPLOITATION: Hardware Security, Firmware, Booting; Malware Analysis, C/C++, Assembly; Debugging, Disassembly, Reverse Engineering
9. REPORTING & MEASURES, BUSINESS, MACRO & MICRO-LEVEL CYBERSECURITY: Writing a Penetration Testing Report; Disaster Recovery, Incident Response; Standards (and Their Shortcomings), Regulatory Compliance, Security Policies, Security Management and Security Metrics; History of Computer Security, Milestones and Famous Hacks, Attacks & Malware, Economics of Cybercrime, Cyberwarfare, Critical Infrastructure Security, Privacy & Surveillance
10. APPLICATIONS & GETTING OUT OF YOUR COMFORT ZONE: Cloud Computing Security; Peer-to-Peer Network Security; Programming Languages Security; Embedded Device & Internet of Things Security; Augmented Reality & Virtual Reality Security; Point of Sale Security; E-commerce Payment Systems Security; Cryptocurrencies Security Deep Web & Dark Web; Hacking Satellites; Hacking Cars, Drones, Planes, Trains, ...; Hacking Washing Machines, Fridges, ...; Quantum Computing; Artificial Intelligence; Big Data; Bioengineering & Biohacking; 3D Printing; Game Hacking; GPU malware; (...)
11. COURSE REVIEW & FINAL PROJECT CONSULTATION: research around the infrastructure of an organization and possible attack vectors (background and theory); vulnerability analysis and exploitation (analyses, assessment, documentation, methodology, tools used, program code, raw data); suggested measures (technical as well as regulatory /policies); executive summary, presentation, answers to questions
12. RESERVE: very likely needed because of guest lectures /workshops /trips 'into the field' /holidays /...
Disclaimer: In spite of the fact that we'll try to fit our sessions' continuity with a typical sequence of steps in a penetration test (pentest-standard.org), the content of the course and the order of its sections /teaching blocks might be subject to change based on pace, level of proficiency, and other requirements of the course group.
- Syllabus of tutorials:
-
Lectures are intertwined with exercises /tutorials.
- Study Objective:
-
Upon completion of the course, the students will:
* be introduced to (both theory and practice of) common computer and information security vulnerabilities in their interdisciplinary nature
* be able to perform basic penetration testing tasks (as defined by pentest-standard.org) using software tools and their own program code
* understand the broader context of cybersecurity (macro level), the wide range of related topics for further self-driven education and/or professional /academic specialization, and become savvier ICT users and developers (micro level)
* perceive ethical hacking as a 'problem-discovery' and 'problem-solving' tool (as opposed to 'problem-creating' tool)
- Study materials:
-
1. Kennedy D., O'gorman D., Kearns D. : Metasploit: The Penetration Tester's Guide. No Starch Press, 2011. ISBN 978-1593272883.
2. Weidman G. : Penetration Testing: A Hands-On Introduction to Hacking. No Starch Press, 2014. ISBN 978-1593275648.
3. Messier R. : Learning Kali Linux: Security Testing, Penetration Testing & Ethical Hacking. O0Reilly, 2018. ISBN 978-1492028697.
4. Messier R. : CEH v10 Certified Ethical Hacker Study Guide. Sybex, 2019. ISBN 978-1119533191.
- Note:
- Time-table for winter semester 2023/2024:
- Time-table is not available yet
- Time-table for summer semester 2023/2024:
- Time-table is not available yet
- The course is a part of the following study plans:
-
- Bachelor specialization Information Security, part-time, in Czech, 2021 (PS)
- Bachelor specialization Software Engineering, part-time, in Czech, 2021 (elective course)
- Bachelor specialization Computer Networks and Internet, part-time, in Czech, 2021 (compulsory elective course, elective course)
- Bachelor specialization Computer Systems and Virtualization, part-time, in Czech, 2021 (elective course)
- Bachelor program, unspecified specialization, part-time, in Czech, 2021 (VO)