The main activity of the course is a project where students independently attack a corporate computer network with the aim of exfiltrating specific information. The network is rigged by the course responsibles in a virtual environment. To carry out the attack, the students are free to use their imagination and tools available on Internet. Tools for network and vulnerability scanning, platforms for exploit development, command and control, passwork creacking, etc. are presented during the course, but students are free to employ methods and tools of their own choice.
EP272U Ethical Hacking 7.5 credits
This course has been discontinued.
Last planned examination: Autumn 2023
Decision to discontinue this course:
No information inserted
Course offerings are missing for current or upcoming semesters.
Headings with content from the Course syllabus EP272U (Autumn 2021–) are denoted with an asterisk ( )
Content and learning outcomes
Course contents
Intended learning outcomes
Ethical hackers are contracted for practical assessment of computer network security. Furthermore, for an effective defense against cyber attacks, a deep understanding of attackers' available range of action is required. After completed course, the student should therefore be able to
- perform reconnaissance, identifying and selecting targets for attack, e.g. by means of network scanning
- identify vulnerabilities in network equipment and applications
- customize exploits for software vulnerabilities
- deploy and execute exploits on vulnerable systems,
- install and use remote access trojans for remote system control
- identify password files and extract passwords
- exfiltrate data
- implement solutions to strengthen the information security of computer networks
- carry out legal and ethical security testing.
Literature and preparations
Specific prerequisites
- Knowledge and skills in basic programming, 6 higher education credits, equivalent completed course DD1310/DD1311/DD1312/DD1314/DD1315/DD1316/DD1318/DD1331/DD100N/ID1018.
- Knowledge in English equivalent to English B/English 6.
Recommended prerequisites
• Communiation networks (for example EP1100 Data communicatin and computer networks)
• Operating systems (for example ID1206 Operating systems)
Equipment
No information inserted
Literature
No information inserted
Examination and completion
If the course is discontinued, students may request to be examined during the following two academic years.
Grading scale
A, B, C, D, E, FX, F
Examination
- INL2 - Assignment, 0.5 credits, grading scale: A, B, C, D, E, FX, F
- PROA - Project, 7.0 credits, grading scale: A, B, C, D, E, FX, F
Based on recommendation from KTH’s coordinator for disabilities, the examiner will decide how to adapt an examination for students with documented disability.
The examiner may apply another examination format when re-examining individual students.
Opportunity to complete the requirements via supplementary examination
No information inserted
Opportunity to raise an approved grade via renewed examination
No information inserted
Examiner
Ethical approach
- All members of a group are responsible for the group's work.
- In any assessment, every student shall honestly disclose any help received and sources used.
- In an oral assessment, every student shall be able to present and answer questions about the entire assignment and solution.
Further information
Course room in Canvas
Registered students find further information about the implementation of the course in the course room in Canvas. A link to the course room can be found under the tab Studies in the Personal menu at the start of the course.
Offered by
Main field of study
Computer Science and Engineering, Electrical Engineering
Education cycle
Second cycle
Add-on studies
No information inserted
Transitional regulations
The earlier written assignment INL1 has been replaced by INL2.
Supplementary information
Contract education.
In this course, the EECS code of honor applies, see:
http://www.kth.se/en/eecs/utbildning/hederskodex.