Semester: 3
ECTS: 7
Lectures: 30
Practice sessions: 30
Independent work: 150
Module Code: 24-132-0486
Semester: 3
ECTS: 7
Lectures: 30
Practice sessions: 30
Independent work: 150
Module Code: 24-132-0486

Module title:


Penetration testing


Module overview:


This module builds on the knowledge and understanding achieved in the module Ethical Hacking through learning about Cybersecurity testing (PenTest). Modul is focused on acquiring knowledge in the field of penetration testing and verifying security vulnerabilities. Modul will be presented through a simulated enterprise network environment (virtual machines and network) that needs to be attacked, exploited, and evade detection. Students also need to propose to defend strategies to protect the environment from discovered vulnerabilities.

The module aims are to provide students with knowledge and skills to conduct penetration test (PenTest) on real-world environments and write executive and technical reports.

Students will learn about:
• Advanced Windows attacks
• Attacking IOT systems
• Wrig exploits
• Bypassing a filtered network
• Pen-testing operational technology
• Access hidden networks with pivoting and double pivoting
• Privilege escalation
• Evading defence mechanisms
• Attack automation with scripts
• Weaponization
• Writing professional reports.

Trough the labs students will have have a demonstrated knowledge and understanding of the most common tools used by PenTester. The learning outcomes of this module enable students to become specialist in Penetration testing.


Literature:


Essential reading:
1. [Anon.] (2020), Penetration Testing, Albuquerque: Ec-Council

Recommended reading:
1. Walker M., 2019, CEH Certified Ethical Hacker All-in-One Exam Guide, 4th Edition, New York: McGraw-Hill Education
2. Stuttard, D. and Pinto, M., (2011). The web application hacker's handbook. Indianapolis: Wiley.
3. Litchfield, D., (2005). The database hacker's handbook. Indianapolis: Wiley.
4. [Anon.] (2021), WSTG - v4.1. Available at: https://owasp.org/www-project-web-security-testing-guide/v41/ (Accessed: 2 May 2021).
5. [Anon.] (2021), OWASP Top Ten Web Application Security Risks. Available at: https://owasp.org/www-project-top-ten/ (Accessed: 2 May 2021).