The overall objective of the course Ethical Hacking 7,5 hp is to capture as many flags, as quickly as possible.
A mock corporate network has been rigged in a virtual environment. On various places in this network, flags (jpeg images) are placed. The overall objective is to capture as many flags, as quickly as possible. There are around a dozen flags to be captured. To complete the attack, students are free to use their imagination and tools available on the Internet. In the provided reading material, participants are introduced to specific network and vulnerability scanning tools, platforms for development of exploits, for remote control of computers, for password cracking, and so on. Nonetheless, participants are eventually free to choose methods and tools of their own.
At the start of the course, students obtain VPN credentials to connect to a local area network.
Objective: Capture the Flags
The objective of the mission is to compromise the system as fully as possible. In order to prove that they were able to hack hosts, participants need to collect and submit flags.
Kali Linux is suggested as a penetration testing platform. However, it remains the participants’ choice to decide which tools suit them best.
As time progresses, students will receive hints that facilitate the exploitation of the network. For students who fail to solve a task independently within a reasonable time frame, teachers may hold webinars or offer screen casts.
The virtual network you will interact with is hosted by Google Cloud. The most important difference between this environment and a physical network, for the point of view of this course, is that OSI layer 2 is missing. Thus, ARP spoofing and other techniques based on Layer 2 won't work. As in the case of a real corporate network, things might change in the network independent of the hacker. Notably, systems may be restored to their unhacked state at any time. Therefore, it is important to be able to repeat your hacks; thus, record your methods after successful exploitation.
The Zen of Hacking
Some advice on how to approach the challenges you will face in this course: Hacking is not user-friendly. On the contrary, you will be walking not only unpaved roads, but roads with intentional roadblocks. Exploits typically do not work on the first attempt, and even when they work, they are often unstable. You may experience significant frustration when your hack fails to execute as intended, and more frustration when the cause turns out to be trivial, such as a typo. The process of trial, error, analysis and correction is, however, very often excellent grounds for learning. So take the opportunity to learn. When things don't work, learn about the underlying technology as well as the tools and methods that may help you better understand the problem.
Short Essay on the Ethics of Hacking
The purpose of this assignment is to practice critical thinking regarding consequences and ethical aspects of hacking and cyber security. Essay topics examples includes the ethical ramifications of Stuxnet, the ethics of the exploit marketplace, the crypto wars, etc.
The course material consists of an optional course book, Rafay Baloch’s, Ethical Hacking and Penetration Testing Guide, as well as various reports, web sites, and videos. The course material is there to introduce the topic of Ethical Hacking and to help solving the course assignment. However, in this course we encourage you to take control over your own learning by searching for information also outside of the provided information. Read up on things you find appropriate for solving the assignment or otherwise find interesting. Think of the course material as a “knowledge landscape” in which you can wander around. Also, importantly, do not limit your wanderings to this landscape, the answers to some challenges posed in the course are found elsewhere on the Internet.