Skip to main content
Till KTH:s startsida Till KTH:s startsida

FEP3370 Advanced Ethical Hacking 8.0 credits

About course offering

For course offering

Autumn 2024 Start 26 Aug 2024 programme students

Target group

No information inserted

Part of programme

No information inserted


P1 (8.0 hp)


26 Aug 2024
27 Oct 2024

Pace of study


Form of study

Normal Daytime

Language of instruction


Course location

KTH Campus

Number of places

Places are not limited

Planned modular schedule


For course offering

Autumn 2024 Start 26 Aug 2024 programme students

Application code



For course offering

Autumn 2024 Start 26 Aug 2024 programme students


Pontus Johnson (


No information inserted

Course coordinator

No information inserted


No information inserted
Headings with content from the Course syllabus FEP3370 (Spring 2023–) are denoted with an asterisk ( )

Content and learning outcomes

Course contents

The main activity of the course is a project where students attack a corporate computer network with the aim of exfiltrating specific information. The network is rigged by the course responsibles in a virtual environment. Tools for network and vulnerability scanning, platforms for exploit development, command and control, password cracking, etc. are presented during the course, but students are free to employ methods and tools of their own choice.

Additionally, students are tasked with the development and testing of a new vulnerability exploit. 

Intended learning outcomes

After completed course, the student should be able to

• establish resources to support offensive security operations,

• perform reconnaissance and discovery to plan operations,

• access credentials, such as account names, passwords and access tokens,

• achieve initial access to networks and systems,

• execute malicious code on remote devices,

• establish command and control capabilities to communicate with compromised systems,

• elevate privileges on systems to gain higher-level permissions,

• persist on networks by maintaining access across interruptions,

• move laterally, pivoting through the computing environment,

• avoid detection by network defenders,

• collect and exfiltrate data from computing environments,

• assess the security of computer systems, applications, and services,

• carry out legal and ethical security testing.

Literature and preparations

Specific prerequisites

No information inserted

Recommended prerequisites

No information inserted


No information inserted


No information inserted

Examination and completion

If the course is discontinued, students may request to be examined during the following two academic years.

Grading scale

P, F


  • EXA1 - Examination, 8.0 credits, grading scale: P, F

Based on recommendation from KTH’s coordinator for disabilities, the examiner will decide how to adapt an examination for students with documented disability.

The examiner may apply another examination format when re-examining individual students.

Other requirements for final grade

•    Submission of required data files exfiltrated from exploited network

•    Submission and approval of developed exploit and test results

•    Participation in all seminars

•    Submission of weekly progress reports

Opportunity to complete the requirements via supplementary examination

No information inserted

Opportunity to raise an approved grade via renewed examination

No information inserted


Ethical approach

  • All members of a group are responsible for the group's work.
  • In any assessment, every student shall honestly disclose any help received and sources used.
  • In an oral assessment, every student shall be able to present and answer questions about the entire assignment and solution.

Further information

Course room in Canvas

Registered students find further information about the implementation of the course in the course room in Canvas. A link to the course room can be found under the tab Studies in the Personal menu at the start of the course.

Offered by

Main field of study

This course does not belong to any Main field of study.

Education cycle

Third cycle

Add-on studies

No information inserted


Pontus Johnson (

Postgraduate course

Postgraduate courses at EECS/Network and Systems Engineering