course-details-portlet

IIK3100 - Ethical Hacking and Penetration Testing

About

Examination arrangement

Examination arrangement: Portfolio assessment
Grade: Letter grades

Evaluation Weighting Duration Grade deviation Examination aids
Portfolio assessment 100/100

Course content

The course covers the theory and practical techniques of ethical hacking and penetration testing, which are essential elements in modern cybersecurity. Ethical hacking consists of testing the security of IT systems by trying to find and exploit security vulnerabilities. The course presents the steps of penetration testing including information gathering, network reconnaissance, how to get in touch with services, but also covers specific topics such as web hacking, binary exploitation, social engineering and wireless hacking.

Learning outcome

Students will learn:

  • the theoretical basis for security testing
  • the legal aspects of performing ethical hacking and to judge what is within and outside permitted activities
  • how to perform practical penetration testing using up-to-date tools and techniques
  • how to evaluate the security status of systems and suggest solutions for removing security vulnerabilities
  • how to use publicly available resources for verifying the status of vulnerabilities and for applying patches

In addition, students will have a better understanding how to protect systems against modern cyber attacks.

Learning methods and activities

Lectures and workshops with laboratory exercises, capture the flag style competitions with up-to-date security challenges.

Further on evaluation

Portfolio assessment is the basis for the grade in the course. The portfolio includes practical ethical hacking tasks including one final practical assignment given at the end of the semester. The work on all those tasks composes 100% of the final grade. The results for the practical tasks are given in points and in %-scores. The entire portfolio is assigned a letter grade. If a student has the final grade F/failed, the student must repeat the entire course.

Course materials

The main course material will be given in the form of slides, tutorials, and video presentations. The material will cover the following topics of ethical hacking:

  • general information gathering
  • technical information gathering
  • network reconnaissance
  • get in touch and attacking services such as for instance FTP, DNS, SMTP
  • web hacking basics (finding and accessing hidden content, client side manipulation, brute-forcing, parameter tampering)
  • web hacking client side attacks (Cross Site Scripting, Cross Site Request Forgery)
  • web hacking server side injections (SQL injection, XPath injection, Template injections)
  • web hacking specific vulnerabilities (eg file inclusions, session manipulation, IDOR)
  • basic binary exploitation, understanding the virtual address space, debugging binaries, exploiting stack overflow
  • advanced binary exploitations, return oriented programming, heap exploitations
  • internal network hacking (get access to the internal network, Netbios, SMB attack)
  • social engineering attacks (phishing, spear phishing practice)
  • wireless hacking

More on the course

No

Facts

Version: 1
Credits:  7.5 SP
Study level: Third-year courses, level III

Coursework

Term no.: 1
Teaching semester:  AUTUMN 2023

Language of instruction: English

Location: Gjøvik , Trondheim

Subject area(s)
  • Applied Information and Communication Technology
  • Telematics
  • Information Security
  • Communication Technology
Contact information
Course coordinator: Lecturer(s):

Department with academic responsibility
Department of Information Security and Communication Technology

Examination

Examination arrangement: Portfolio assessment

Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
Autumn ORD Portfolio assessment 100/100

Submission
2023-11-25


10:00

Room Building Number of candidates
  • * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
Examination

For more information regarding registration for examination and examination procedures, see "Innsida - Exams"

More on examinations at NTNU