Course - Advanced Ethical Hacking - Information Security, Specialization Course - TTM4536
TTM4536 - Advanced Ethical Hacking - Information Security, Specialization Course
About
Examination arrangement
Examination arrangement: Portfolio assessment
Grade: Letter grades
Evaluation | Weighting | Duration | Grade deviation | Examination aids |
---|---|---|---|---|
Portfolio assessment | 100/100 |
Course content
The course covers the main techniques used by computer hackers and penetration testers in order to better defend against intrusions and security violations in live systems, including techniques for web applications, exploit techniques, keyloggers and some audit techniques used in digital forensics.
The course content is related to the following UN Sustainable Development Goals (SDGs):
4 - Quality education, target 4.4 - Increase the number of people who have relevant skills for employment, decent jobs and entrepreneurship,
9 - Industry, innovation and infrastructure, target 9.1 - Develop quality, reliable, sustainable and resilient infrastructure, and
16 - Peace, justice and strong institutions, target 16.4 - Reduce illicit financial and arms flows and combat all forms of organized crime.
Learning outcome
A. Knowledge: Students will learn the underlying principles and techniques associated with the cybersecurity practice known as penetration testing or ethical hacking. They will become familiar with the entire penetration testing process including planning, reconnaissance, scanning, exploitation, post-exploitation and result reporting. Students will also learn how cryptographic techniques are used in practice and what can go wrong if used improperly. B. Skills: For every offensive penetration technique the students will learn the corresponding remedial technique. By this, the students will develop a practical understanding of the current cybersecurity issues and the ways how the errors made by users, administrators, or programmers can lead to exploitable insecurities.
Learning methods and activities
Lectures, seminars, invited lectures, student presentations and laboratory exercises.
Further on evaluation
Portfolio assessment is the basis for the grade in the course. The portfolio consists of practical ethical hacking tasks (assignments, tests, quizzes, and other practical tasks) including one final practical assignment given at the end of the semester. The work on all those tasks composes 100% of the final grade. The results for the practical tasks are given in points and in %-scores. The entire portfolio is assigned a letter grade. If a student has the final grade F/failed, the student must repeat the entire course.
Recommended previous knowledge
TTM4135 Applied Cryptography and Network Security and TTM4138 Wireless Network Security or equivalent. Basic knowledge of computer networks, low-level computer organization, experience using Unix-like operating systems, programming languages such as C, Python or x86 assembler, and familiarity with basic web technologies such as Javascript, PHP and SQL.
Required previous knowledge
The student must have passed at least one of TTM4135 Applied Cryptography and Network Security, TDT4237 Software Security and Data Privacy, TMA4160 Cryptography, IMT4124 Cryptology or equivalent.
Course materials
The main course material will be given in form of slides, manuals, and video presentations with hands-on demonstrations of how to perform attacks. That material will cover a broad range of topics from a) Python programming and using its modules for cryptography, steganography, image manipulation, packet manipulation, packet-sniffing and using some Python IDEs; b) Some hacking tools in Kali Linux; c) Capture The Flag (CTF) sources, tutorials, and writeups; d) Command-line tools for finding web and SQL vulnerabilities and exploits; e) Materials for Darkly, 42 - Web Security Project, f) Web Security Dojo; g) Cross-site Scripting (XSS) attacks; h) Tutorials for OWASP tools: WebGoat, WebWolf, and ZAP; i) Tutorials how to attack physically accessible machines; j) Keyloggers.
Useful but not mandatory course material: 1. "Black Hat Python: Python Programming for Hackers and Pentesters", First Edition, by Justin Seitz, December 14, 2014, 2. "Gray Hat Hacking The Ethical Hacker's Handbook", Fourth Edition, by Daniel Regalado et al., McGraw-Hill Education, January 5, 2015, 3. "The Hacker Playbook: Practical Guide To Penetration Testing", by Peter Kim, January 1, 2014
Credit reductions
Course code | Reduction | From | To |
---|---|---|---|
TTM4535 | 7.5 | AUTUMN 2008 |
No
Version: 1
Credits:
7.5 SP
Study level: Second degree level
Term no.: 1
Teaching semester: AUTUMN 2024
Language of instruction: English
Location: Gjøvik , Trondheim
- Telematics
- Information Security
- Communication Technology
- Technological subjects
Department with academic responsibility
Department of Information Security and Communication Technology
Examination
Examination arrangement: Portfolio assessment
- Term Status code Evaluation Weighting Examination aids Date Time Examination system Room *
-
Autumn
ORD
Portfolio assessment
100/100
Submission
2024-11-19 -
Room Building Number of candidates
- * The location (room) for a written examination is published 3 days before examination date. If more than one room is listed, you will find your room at Studentweb.
For more information regarding registration for examination and examination procedures, see "Innsida - Exams"