International Teaching | PENETRATION TESTING AND ETHICAL HACKING
International Teaching PENETRATION TESTING AND ETHICAL HACKING
Back
Lessons Timetable
cod. 0622700128
PENETRATION TESTING AND ETHICAL HACKING
| 0622700128 | |
| DEPARTMENT OF INFORMATION AND ELECTRICAL ENGINEERING AND APPLIED MATHEMATICS | |
| EQF7 | |
| COMPUTER ENGINEERING | |
| 2024/2025 |
| YEAR OF COURSE 2 | |
| YEAR OF DIDACTIC SYSTEM 2022 | |
| AUTUMN SEMESTER |
| SSD | CFU | HOURS | ACTIVITY | |
|---|---|---|---|---|
| ING-INF/05 | 4 | 32 | LESSONS | |
| ING-INF/05 | 2 | 16 | LAB |
| Objectives | |
|---|---|
| GENERAL OBJECTIVE THE COURSE PROVIDES METHODOLOGICAL AND TECHNOLOGICAL KNOWLEDGE FOR THE ANALYSIS OF THE VULNERABILITIES OF AN INFRASTRUCTURE THROUGH OFFENSIVE CYBERSECURITY TECHNIQUES. STARTING FROM THE BASIC CONCEPTS OF ETHICAL HACKING AND OFFENSIVE CYBERSECURITY, THE MAIN METHODOLOGIES AND TOOLS FOR CONDUCTING PENETRATION TESTING ON HOSTS AND NETWORK DEVICES BASED ON LINUX AND WINDOWS PLATFORMS WILL BE EXPLORED. KNOWLEDGE AND UNDERSTANDING TERMINOLOGY AND METHODOLOGIES ADOPTED IN THE FIELD OF OFFENSIVE CYBERSECURITY AND THE LIMITS OF ETHICAL HACKING. MAIN PHASES AND TOOLS USED TO CONDUCT PENETRATION TESTING. ANALYSIS AND UNDERSTANDING OF A PENETRATION TESTING EXECUTION REPORT. NOTES ON THE LEGAL ISSUES INHERENT TO ETHICAL HACKING. ABILITY TO APPLY KNOWLEDGE AND UNDERSTANDING DESIGN AND CONDUCT VULNERABILITY ASSESSMENT AND PENETRATION TESTS ON THE NETWORK AND HOSTS. DRAW UP A REPORT AND TECHNICAL DOCUMENTATION RELATING TO THE ANALYSIS ACTIVITIES CARRIED OUT. COLLABORATE IN THE MANAGEMENT OF SECURITY INCIDENTS IN ACCORDANCE WITH COMPANY POLICIES AND THE OPERATIONAL CONTEXT. |
| Prerequisites | |
|---|---|
| THE COURSE REQUIRES HAVING PASSED THE EXAM IN ALGORITHMS AND PROTOCOLS FOR SECURITY. ADDITIONALLY, THE COURSE REQUIRES BASIC KNOWLEDGE OF SYSTEMS BASED ON GNU/LINUX AND WINDOWS. |
| Contents | |
|---|---|
| UNIT 1: ADVANCED NETWORK SECURITY (LECTURE/EXERCISE/LABORATORY HOURS: 10/0/8) 1. (2 HOURS LECTURE): VLAN AND VPN 2. (2 HOURS LABORATORY): CONFIGURING A VPN WITH SSH AND WIREGUARD 3. (4 HOURS LECTURE): IPTABLES AND NETFILTER 4. (2 HOURS LABORATORY): USING IPTABLES 5. (2 HOURS LECTURE): NETWORK TRAFFIC ANALYSIS 6. (2 HOURS LECTURE): INTRODUCTION TO THE GNS3 ENVIRONMENT 7. (4 HOURS LABORATORY): BUILDING A NETWORK INFRASTRUCTURE ON GNS3 KNOWLEDGE AND UNDERSTANDING: MAIN NETWORK DEFENSE TOOLS PROFESSIONAL SIMULATION ENVIRONMENTS APPLIED KNOWLEDGE AND UNDERSTANDING: CONFIGURING A VPN AND FIREWALL, ANALYZING NETWORK TRAFFIC, SIMULATING, AND ANALYZING A NETWORK INFRASTRUCTURE UNIT 2: WINDOWS SYSTEMS BASICS (LECTURE/EXERCISE/LABORATORY HOURS: 8/0/4) 1. (4 HOURS LECTURE): KERNEL AND OS STRUCTURE, FILESYSTEM MANAGEMENT, USER AND PERMISSION MANAGEMENT 2. (4 HOURS LECTURE): SYSTEM ADMINISTRATION, SERVICE MANAGEMENT, NETWORK MANAGEMENT, ACTIVE DIRECTORY 3. (4 HOURS LABORATORY): SYSTEM AND NETWORK ADMINISTRATION, CREATING CUSTOM SERVICES KNOWLEDGE AND UNDERSTANDING: IN-DEPTH KNOWLEDGE OF THE WINDOWS KERNEL AND HOST OPERATING SYSTEM, DETAILED KNOWLEDGE OF KERNEL AND OS MANAGEMENT AND MAINTENANCE APPLIED KNOWLEDGE AND UNDERSTANDING: ABILITY TO ADMINISTER THE WINDOWS KERNEL AND OPERATING SYSTEM FOR PROPER FUNCTIONALITY UNIT 3: WINDOWS PRIVILEGE ESCALATION (LECTURE/EXERCISE/LABORATORY HOURS: 2/0/8) 1. (2 HOURS LECTURE): INITIAL ENUMERATION OF WINDOWS SYSTEMS, USING INHERITED PRIVILEGES FROM USERS AND GROUPS, ATTACKS AGAINST THE WINDOWS OS, KERNEL EXPLOITS AND PERMISSIONS 2. (2 HOURS LABORATORY): UNPATCHED VULNERABILITIES, CREDENTIAL THEFT TECHNIQUES, USER ATTACKS, SERVER SYSTEM MANAGEMENT, USER IMPERSONATION, ACTIVE DIRECTORY ENUMERATION 3. (2 HOURS LABORATORY): MASS EXPLOITATION OF VULNERABLE SERVERS AND GAINING INITIAL ACCESS WITH MINIMAL PRIVILEGES AFTER INITIAL ACCESS. APPLYING SECURITY POLICIES 4. (2 HOURS LABORATORY): GAINING ELEVATED PRIVILEGES ON VULNERABLE SERVERS, ABUSING EXPOSED SERVICES, EXPLOITING MISCONFIGURATIONS AND SYSTEM ADMIN OVERSIGHTS 5. (2 HOURS LABORATORY): ABUSING ACTIVE DIRECTORY (SMB). RECOMMENDED PROCEDURES FOR ADVANCED WINDOWS PROTECTION KNOWLEDGE AND UNDERSTANDING: UNDERSTANDING THE TOPOLOGY OF AN ATTACK ON A WINDOWS-BASED SYSTEM, FROM GAINING MINIMAL PRIVILEGES TO ACHIEVING MAXIMUM PRIVILEGES AND SYSTEM COMPROMISE APPLIED KNOWLEDGE AND UNDERSTANDING: UNDERSTANDING PROTECTION TECHNIQUES, APPLYING BASIC RULES TO SECURE THE OS AND EXPOSED SERVICES UNIT 4: PROJECT WORK (LECTURE/EXERCISE/LABORATORY HOURS: 0/0/8) 1. (8 HOURS LABORATORY): PROJECT WORK (LECTURE/EXERCISE/LABORATORY HOURS: 20/0/28) |
| Teaching Methods | |
|---|---|
| THE COURSE CONSISTS OF FRONTAL LECTURES AND EXERCISES IN THE CLASSROOM AND IN THE LABORATORY. PART OF THE EXERCISE HOURS IS DEVOTED TO THE REALIZATION OF A TEAM PROJECT. |
| Verification of learning | |
|---|---|
| THE EXAM IS COMPOSED BY THE DISCUSSION OF A TEAM PROJECTWORK AND AN ORAL INTERVIEW. THE DISCUSSION OF THE PROJECT WORK AIMS AT EVALUATING THE ABILITY TO ANALYZE A VULNERABLE TECHNOLOGICAL INFRASTRUCTURE. THE DISCUSSION OF THE PROJECT INCLUDES A PRACTICAL DEMONSTRATION OF THE FUNCTIONING OF THE INFRASTRUCTURE CREATED, AND A PROFESSIONAL REPORT THAT LISTS THE VULNERABILITIES AND TECHNIQUES TO BE APPLIED FOR A CORRECT POSTURE RELATING TO SECURITY. THE INTERVIEW EVALUATES THE LEVEL OF THE KNOWLEDGE AND UNDERSTANDING OF THE THEORETICAL TOPICS, TOGETHER WITH THE EXPOSITION ABILITY OF THE CANDIDATE. |
| Texts | |
|---|---|
| THE TEACHING MATERIAL WILL BE AVAILABLE ON THE UNIVERSITY E-LEARNING PLATFORM (HTTP://ELEARNING.UNISA.IT) ACCESSIBLE TO STUDENTS USING THEIR OWN UNIVERSITY CREDENTIALS. SUGGESTED BOOKS ARE: - THE ULTIMATE KALI LINUX BOOK - GLEN D. SINGH - COMPUTER SECURITY PRINCIPLES AND PRACTICE - WILLIAM STALLINGS - HACKING EXPOSED 7 : NETWORK SECURITY SECRETS & SOLUTIONS - GEORGE KURTZ, JOEL SCAMBRAY, STUART MCCLURE |
| More Information | |
|---|---|
| THE COUSE IS HELD IN ITALIAN. |
BETA VERSION Data source ESSE3
