EN2720 Ethical Hacking 7.5 credits

Etisk hackning

Ethical hackers are contracted for practical assessment of computer network security. Furthermore, for an effective defense against cyber attacks, a deep understanding of attackers' available range of action is required.

  • Education cycle

    Second cycle
  • Main field of study

    Computer Science and Engineering
    Electrical Engineering
  • Grading scale

    A, B, C, D, E, FX, F

Course offerings

Spring 19 for programme students

  • Periods

    Spring 19 P3 (7.5 credits)

  • Application code

    61037

  • Start date

    15/01/2019

  • End date

    15/03/2019

  • Language of instruction

    English

  • Campus

    KTH Campus

  • Tutoring time

    Daytime

  • Form of study

    Normal

  • Number of places *

    10 - 100

    *) The Course date may be cancelled if number of admitted are less than minimum of places. If there are more applicants than number of places selection will be made.

  • Schedule

    Schedule (new window)

  • Course responsible

    Pontus Johnson <pontusj@kth.se>

  • Teacher

    Mathias Ekstedt <mekstedt@kth.se>

    Pontus Johnson <pontusj@kth.se>

Autumn 19 for programme students

Autumn 18 for programme students

Intended learning outcomes

Ethical hackers are contracted for practical assessment of computer network security. Furthermore, for an effective defense against cyber attacks, a deep understanding of attackers' available range of action is required. After completed course, the student should therefore be able to

  • perform reconnaissance, identifying and selecting targets for attack, e.g. by means of network scanning,
  • identify vulnerabilities in network equipment and applications,
  • customize exploits for software vulnerabilities,
  • deploy and execute exploits on vulnerable systems,
  • install and use remote access trojans for remote system control,
  • dentify password files and extract passwords,
  • exfiltrate data,
  • implement solutions to strengthen the information security of computer networks.
  • describe and discuss fundamental ethical dilemmas of information security

Course main content

The main activity of the course is a project where students independently attack a corporate computer network with the aim of exfiltrating specific information. The network is rigged by the course responsibles in a virtual environment. Tools for network and vulnerability scanning, platforms for exploit development, command and control, passwork creacking, etc. are presented during the course, but students are free to employ methods and tools of their own choice.

Eligibility

  • Basic skills in programming (for example DD1315 Programming Techniques and Matlab, D1316 Programming Techniques and C, DD1337 Programming, ID1018 Programming I or equivalent)
  • English B/English 6 (or equivalent)

Recommended prerequisites

  • Communiation networks (for example EP1100 Data communicatin and computer networks)
  • Operating systems (for example ID1206 Operating sysstems)

Literature

Course literature will be posted on the home page of the course at the latest four weeks before the start of the course.

Examination

  • INL1 - Assignment, 0.5, grading scale: A, B, C, D, E, FX, F
  • PROA - Project, 7.0, grading scale: A, B, C, D, E, FX, F

The final grade is equal to the grade of the project.

Requirements for final grade

Each part of the examination must be passed.

Offered by

EECS/Computer Science

Contact

Pontus Johnson

Examiner

Pontus Johnson <pontusj@kth.se>

Version

Course syllabus valid from: Spring 2019.
Examination information valid from: Spring 2019.