Semester: 8
ECTS: 7
Lectures: 30
Practice sessions: 30
Independent work: 150
Module Code: 23-122-0220
Semester: 8
ECTS: 7
Lectures: 30
Practice sessions: 30
Independent work: 150
Module Code: 23-122-0220

Module title:


Penetration testing

Lecturers and associates:



Module overview:


This course, building upon the Ethical Hacking course, specializes in Cybersecurity Penetration Testing (PenTest). It aims to deepen students´ understanding of identifying and addressing security vulnerabilities within simulated network environments, including virtual machines and networks. Students engage in practical exercises involving offensive strategies and defensive countermeasures, learning to exploit vulnerabilities while developing evasion and protection techniques.
A central goal is to enable students to conduct real-world penetration tests and articulate their findings through comprehensive reports. Laboratory sessions are key, providing hands-on experience with the latest penetration testing tools and methodologies. The course´s outcomes prepare students to become proficient Penetration Testing specialists, equipped with both theoretical knowledge and practical skills essential in Cybersecurity.
In this module students will learn:
advanced Windows attacks.
use exploits.
bypassing a filtered network.
pen-testing operational technology.
access hidden networks with pivoting and double pivoting.
privilege escalation.
evading defence mechanisms.
writing reports.

Literature:


Required readings:
1. [Anon.] (2024), Penetration Testing, Albuquerque: Ec-Council

Supplementary readings:
1. Walker M., 2019, CEH Certified Ethical Hacker All-in-One Exam Guide, 4th Edition, New York: McGraw-Hill Education
2. Stuttard, D. and Pinto, M., (2011). The web application hacker´s handbook. Indianapolis: Wiley.
3. Litchfield, D., (2005). The database hacker´s handbook. Indianapolis: Wiley.
4. [Anon.] (2021), WSTG - v4.1. Available at: https://owasp.org/www-project-web-security-testing-guide/v41/ (Accessed: 2 May 2021).
5. [Anon.] (2021), OWASP Top Ten Web Application Security Risks. Available at: https://owasp.org/www-project-top-ten/ (Accessed: 2 May 2021).