Skip to main content
Before choosing courseFEP3370 Advanced Ethical Hacking 8.0 creditsAdministrate About course

This course is centered around a penetration testing project, where students learn practical skills of offensive cyber security by attacking a computer network deployed for training purposes. A variety of attack techniques and tools are explored, for network and vulnerability scanning, exploit deployment, command and control, password cracking, etc. Additionally, this course includes an element of exploit development and testing. 

Choose semester and course offering

Choose semester and course offering to see information from the correct course syllabus and course offering.

* Retrieved from Course syllabus FEP3370 (Autumn 2019–)

Content and learning outcomes

Course contents

The main activity of the course is a project where students attack a corporate computer network with the aim of exfiltrating specific information. The network is rigged by the course responsibles in a virtual environment. Tools for network and vulnerability scanning, platforms for exploit development, command and control, password cracking, etc. are presented during the course, but students are free to employ methods and tools of their own choice.

Additionally, students are tasked with the development and testing of a new vulnerability exploit. 

Intended learning outcomes

After completed course, the student should be able to

            •           perform reconnaissance, identifying and selecting targets for attack, e.g. by means of network scanning,

            •           identify vulnerabilities in network equipment and applications,

            •           deploy and execute exploits on vulnerable systems,

            •           install and use remote access trojans for remote system control,

            •           identify password files and extract passwords,

            •           exfiltrate data,

            •           implement solutions to strengthen the information security of computer networks.

Additionally, students should be able to

            •           develop and test exploits of software vulnerabilities.

Course Disposition

The course is structured around the penetration testing project, where students are tasked with the exfiltration of a number of data files from the exploited network. Additionally, students are expected to develop a new exploit, which subsequently is tested. In addition to these practical projects, seminars are offered on associated topics, including the ethical aspects of hacking.

Literature and preparations

Specific prerequisites

No information inserted

Recommended prerequisites

No information inserted

Equipment

Students are expected to employ their own computer, for instance by deploying a penetration testing distribution as a virtual machine, in order to interact with the training computer network.

Literature

No information inserted

Examination and completion

If the course is discontinued, students may request to be examined during the following two academic years.

Grading scale

P, F

Examination

  • EXA1 - Examination, 8,0 hp, betygsskala: P, F

Based on recommendation from KTH’s coordinator for disabilities, the examiner will decide how to adapt an examination for students with documented disability.

The examiner may apply another examination format when re-examining individual students.

Other requirements for final grade

•    Submission of required data files exfiltrated from exploited network

•    Submission and approval of developed exploit and test results

•    Participation in all seminars

•    Submission of weekly progress reports

Opportunity to complete the requirements via supplementary examination

No information inserted

Opportunity to raise an approved grade via renewed examination

No information inserted

Examiner

Profile picture Pontus Johnson

Ethical approach

  • All members of a group are responsible for the group's work.
  • In any assessment, every student shall honestly disclose any help received and sources used.
  • In an oral assessment, every student shall be able to present and answer questions about the entire assignment and solution.

Further information

Course web

Further information about the course can be found on the Course web at the link below. Information on the Course web will later be moved to this site.

Course web FEP3370

Offered by

EECS/Network and Systems Engineering

Main field of study

No information inserted

Education cycle

Third cycle

Add-on studies

No information inserted

Postgraduate course

Postgraduate courses at EECS/Network and Systems Engineering