FEP3370 Advanced Ethical Hacking 8.0 credits

Avancerad etisk hackning

This course is centered around a penetration testing project, where students learn practical skills of offensive cyber security by attacking a computer network deployed for training purposes. A variety of attack techniques and tools are explored, for network and vulnerability scanning, exploit deployment, command and control, password cracking, etc. Additionally, this course includes an element of exploit development and testing. 

Show course information based on the chosen semester and course offering:

Offering and execution

No offering selected

Select the semester and course offering above to get information from the correct course syllabus and course offering.

Course information

Content and learning outcomes

Course contents *

The main activity of the course is a project where students attack a corporate computer network with the aim of exfiltrating specific information. The network is rigged by the course responsibles in a virtual environment. Tools for network and vulnerability scanning, platforms for exploit development, command and control, password cracking, etc. are presented during the course, but students are free to employ methods and tools of their own choice.

Additionally, students are tasked with the development and testing of a new vulnerability exploit. 

Intended learning outcomes *

After completed course, the student should be able to

            •           perform reconnaissance, identifying and selecting targets for attack, e.g. by means of network scanning,

            •           identify vulnerabilities in network equipment and applications,

            •           deploy and execute exploits on vulnerable systems,

            •           install and use remote access trojans for remote system control,

            •           identify password files and extract passwords,

            •           exfiltrate data,

            •           implement solutions to strengthen the information security of computer networks.

Additionally, students should be able to

            •           develop and test exploits of software vulnerabilities.

Course Disposition

The course is structured around the penetration testing project, where students are tasked with the exfiltration of a number of data files from the exploited network. Additionally, students are expected to develop a new exploit, which subsequently is tested. In addition to these practical projects, seminars are offered on associated topics, including the ethical aspects of hacking.

Literature and preparations

Specific prerequisites *

No information inserted

Recommended prerequisites

No information inserted

Equipment

Students are expected to employ their own computer, for instance by deploying a penetration testing distribution as a virtual machine, in order to interact with the training computer network.

Literature

Rafay Baloch’s Ethical Hacking and Penetration Testing Guide, 2014, is recommended, but not required.

Examination and completion

If the course is discontinued, students may request to be examined during the following two academic years.

Grading scale *

P, F

Examination *

  • EXA1 - Examination, 8.0 credits, Grading scale: P, F

Based on recommendation from KTH’s coordinator for disabilities, the examiner will decide how to adapt an examination for students with documented disability.

The examiner may apply another examination format when re-examining individual students.

Other requirements for final grade *

•    Submission of required data files exfiltrated from exploited network

•    Submission and approval of developed exploit and test results

•    Participation in all seminars

•    Submission of weekly progress reports

Opportunity to complete the requirements via supplementary examination

No information inserted

Opportunity to raise an approved grade via renewed examination

No information inserted

Examiner

Pontus Johnson

Ethical approach *

  • All members of a group are responsible for the group's work.
  • In any assessment, every student shall honestly disclose any help received and sources used.
  • In an oral assessment, every student shall be able to present and answer questions about the entire assignment and solution.

Further information

Course web

Further information about the course can be found on the Course web at the link below. Information on the Course web will later be moved to this site.

Course web FEP3370

Offered by

EECS/Network and Systems Engineering

Main field of study *

No information inserted

Education cycle *

Third cycle

Add-on studies

No information inserted

Postgraduate course

Postgraduate courses at EECS/Network and Systems Engineering