Ethical Hacking in Computer Systems and Networks

Major: Cybersecurity
Code of subject: 6.125.04.E.167
Credits: 5.00
Department: Information Security
Lecturer: Associate Professor Piskozub Andrian
Semester: 6 семестр
Mode of study: денна
Learning outcomes: Use the results of independent search, analysis and synthesis of information from various sources to effectively solve specialized problems of professional activity Use modern software and hardware tools and evaluate the effectiveness of the quality of decisions Knowledge of technologies for creating protection systems for computer systems and networks to develop and determine the general principles of building security systems, tasks and source data that must be considered when designing security systems Analyze and evaluate the effectiveness and level of protection of resources of different classes in information and information and telecommunication (automated) systems during testing in accordance with the established information and / or cybersecurity policy Assess the feasibility of potential threats to information processed in information and telecommunications systems and the effectiveness of the use of comprehensive protection in the implementation of threats of different classes Assess the possibility of unauthorized access to elements of information and telecommunications systems
Required prior and related subjects: Security of computer network infrastructure Security of WEB applications
Summary of the subject: Introduction to the penetration testing • Basic terms; • What is hacking and ethical hacking? • What are real hackers do? • Penetration testing methodology: OSTMM, ISSAF, etc; • Penetration testing project management; • Hacking tools overview; • Know the applicable laws; • Dealing with third parties; • Social engineering issues; • Logging; • Reporting; • Scope. Links to other courses; • Ethical hacking workplace: Kali Linux • Targets: Metasploitable 2, etc • Portscanners; • Vulnerability scanners; • Exploitation frameworks. Intelligence Gathering • Open Source Intelligence methods; • Structured analytic techniques overview; • Types of collected information: o Business information (financial, clients, suppliers, partners); o Information about IT-infrastructure; o Employee; • Discovering sources of the information; • How search engines work; • Google advanced search operators; • Google Hacking Database • Discovering IP-addresses; • Tracerouting; • Using Maltego; • Using theHarvester; • DNS zone transfer; • DNS brute-forcing. Vulnerability Analysis • Types of vulnerabilities; • Manual search for vulnerabilities; • Automated search for vulnerabilities; • Vulnerability Analysis tools Exploitation • What is an exploit? • Exploit Databases • Google for penetration testers: www.exploit-db.com • Local and Remoted exploitation • Metasploit Framework overview; • Types of payloads; • Man-in-the-middle attacks • Password attacks: online and offline; • Password hashes; • Art of manual password guessing; • Pass the hash attack Exploitation of Web-applications • Typical structure of Web-application; • Common web-vulnerabilities; • OWASP projects; • OWASP testing guide overview; • Google Hacking. Google Hacking Database (GHDB) • Web security testing tools: - Web-scanners; - Local Proxies; - Fuzzers; - Specialized browsers and browser plugins. Social engineering • Social engineering • The Social engineering Toolkit project overview; Exploitation using client-side attacks • Client side exploits • The browser exploitation framework project overview; Maintaining Access • Maintaining access techniques; • Meterpreter usage
Assessment methods and criteria: Oral and written interview, defense of laboratory work - 30 points Exam (with oral component) -70 points
Recommended books: 1. Hutchens, Justin. Kali Linux Network Scanning Cookbook. Packt Publishing, 2014 2. Kennedy D., O'Gorman J., Kearns D., Aharoni M. - Metasploit. The Penetration Tester’s Guide, No Starch Press, Inc., 2011 3. Robert W. Beggs. Mastering Kali Linux for Advanced Penetration Testing. Packt Publishing, 2014 4. Metasploit.Penetration.Testing.Cookbook.pdf 5. Lee Allen, Tedi Heriyanto, Shakeel Al. Kali Linux-Assuring Security By Penetration Testing. Packt Publishing, 2014. 6. Dafydd Stuttard, Marcus Pinto. The Web Application Hacker's Handbook -Finding and Exploiting Security Flaws . Wiley Publishing, 2011 7. Mati Aharoni. Offensive Security Lab Exercises. Offensive Security, 2007 8. https://www.cisecurity.org/cis-benchmarks/ 9. http://www.pentest-standard.org/index.php/Main_Page