Introduction to Ethical Hacking - 695.643

This course exposes students to the world of ethical computer hacking by discussing foundational concepts, frameworks, approaches and methods for how systems, assets/devices and networks that can be penetration tested (pen-tested) and assessed for vulnerabilities (i.e., exploited). Adversary motives, behaviors, and ideologies, as well as the history of hacking is explained to better be informed of the evolution of this practice. The Offensive Cyber Kill chain stages and steps, hacking phases, OSI model applicability to hacking, comprehensive discussion of Tactics, Techniques and Procedures (TTP’s) and an overview of what Indicators of Compromises (IOC’s) are is discussed. Fundamental protocol manipulation methods & weakness concepts are taught in order to gain a better appreciation of network/system vulnerabilities, how easily they can be exploited, and to reinforce the knowledge basis of applying Defensive Cyber Operations strategies. The class looks at fundamental hacking approaches through practical exposure via hands-on assignments, lab activities, discussions, & quizzes. The course goal is to learn fundamental principles of reconnaissance, collection, scanning, weaponization, delivery, implant, escalation, pivoting, lateral movement, persistence, command and control (C2) and exploitations that penetration testers use to inform ISSO’s, CSSP’s & mission/system owners of their network/asset/system weaknesses. Course topics include; Ideology/Motives/Behaviors, Penetration Testing Foundations, Ethical Hacking concepts, TTP’s & IOC’s understood, Cryptography and PKI, Web Exploitation, Mobile Devices & DNS attacks, Scanning & Reconnaissance, Network Exploitation, Information Gathering & Social Engineering, Wi-Fi Exploitation, Rootkits, OS Security, Buffer Overflows, Race Conditions, TOC/TOU, and Post Exploitation (escalate/pivot).

Course Prerequisite(s)

EN.695.601 Foundations of Information Assurance and one of EN.635.611 Principles of Network Engineering or EN.605.671 Principles of Data Communications Networks. Course Note(s): Homework assignments will include programming.