Course contents *
The main activity of the course is a project where students attack a corporate computer network with the aim of exfiltrating specific information. The network is rigged by the course responsibles in a virtual environment. Tools for network and vulnerability scanning, platforms for exploit development, command and control, password cracking, etc. are presented during the course, but students are free to employ methods and tools of their own choice.
Additionally, students are tasked with the development and testing of a new vulnerability exploit.
Intended learning outcomes *
After completed course, the student should be able to
• perform reconnaissance, identifying and selecting targets for attack, e.g. by means of network scanning,
• identify vulnerabilities in network equipment and applications,
• deploy and execute exploits on vulnerable systems,
• install and use remote access trojans for remote system control,
• identify password files and extract passwords,
• exfiltrate data,
• implement solutions to strengthen the information security of computer networks.
Additionally, students should be able to
• develop and test exploits of software vulnerabilities.
The course is structured around the penetration testing project, where students are tasked with the exfiltration of a number of data files from the exploited network. Additionally, students are expected to develop a new exploit, which subsequently is tested. In addition to these practical projects, seminars are offered on associated topics, including the ethical aspects of hacking.