Image for
Home

Penetration testing

  • Class 30
  • Practice 30
  • Independent work 150
Total 210

Course title

Penetration testing

Lecture type

Elective

Course code

22-02-533

Semester

3

ECTS

7

Lecturers and associates

Course overview

This module builds on the knowledge and understanding achieved in the module Ethical Hacking through learning about Cybersecurity testing (PenTest). Modul is focused on acquiring knowledge in the field of penetration testing and verifying security vulnerabilities. Modul will be presented through a simulated enterprise network environment (virtual machines and network) that needs to be attacked, exploited, and evade detection. Students also need to propose to defend strategies to protect the environment from discovered vulnerabilities.

The module aims are to provide students with knowledge and skills to conduct penetration test (PenTest) on real-world environments and write executive and technical reports.

Students will learn about:
• Advanced Windows attacks
• Attacking IOT systems
• Wrig exploits
• Bypassing a filtered network
• Pen-testing operational technology
• Access hidden networks with pivoting and double pivoting
• Privilege escalation
• Evading defence mechanisms
• Attack automation with scripts
• Weaponization
• Writing professional reports.

Trough the labs students will have have a demonstrated knowledge and understanding of the most common tools used by PenTester. The learning outcomes of this module enable students to become specialist in Penetration testing.

Literature

Essential reading:
1. [Anon.] (2020), Penetration Testing, Albuquerque: Ec-Council

Recommended reading:
1. Walker M., 2019, CEH Certified Ethical Hacker All-in-One Exam Guide, 4th Edition, New York: McGraw-Hill Education
2. Stuttard, D. and Pinto, M., (2011). The web application hacker's handbook. Indianapolis: Wiley.
3. Litchfield, D., (2005). The database hacker's handbook. Indianapolis: Wiley.
4. [Anon.] (2021), WSTG - v4.1. Available at: https://owasp.org/www-project-web-security-testing-guide/v41/ (Accessed: 2 May 2021).
5. [Anon.] (2021), OWASP Top Ten Web Application Security Risks. Available at: https://owasp.org/www-project-top-ten/ (Accessed: 2 May 2021).

Download student guide

Minimal learning outcomes

  • Defining the goal and scope of penetration testing.
  • Define steps, duration, and costs in the penetration testing process.
  • Conduct reconnaissance based on open sources.
  • Conduct testing based on social engineering.
  • Conduct network infrastructure testing.
  • Select and conduct system vulnerability testing.
  • Conduct testing of web applications.
  • Select methods for attacks on mobile, WiFi and IoT devices.
  • Write a PenTest report.

Preferred learning outcomes

  • Valorise the goal and scope of penetration testing.
  • Write PenTest proposal.
  • Design reconnaissance based on open sources.
  • Design testing based on social engineering.
  • Design network infrastructure testing.
  • Design system vulnerability testing.
  • Design testing of web applications.
  • Design attacks on mobile, WiFi and IoT devices.
  • Write an Executive report.
Share: Facebook Twitter